Last updated at Sun, 20 Aug 2017 16:21:36 GMT

My friend Miss @VioletBlue has shared some wisdom on connecting with the press at Black Hat in this guest post below. Enjoy!

So, you're going to Black Hat 2015…  As Mr. Trey Ford succinctly described in the Black Hat Attendee Guide Part 1, you're going to Infosec Zombieland.

Infosec Zombieland is a unique apocalyptic landscape, besides which requiring comfortable shoes and a strong liver, hosts a range of undead creatures to interact with. You'll soon encounter the overwhelmed Booth Zombie, the dreaded Undead Recruiter, flocks of chattering PR Zombies, and the subject of this guide: Press and Media Zombies.

Major media outlets will infest Black Hat USA 2015 like never before. It's safe to say that no matter where you are at Black Hat, you'll always be near a reporter, blogger or journalist covering the conference, much of the time.

This means you'll need to behave accordingly — loose lips and all — and also that you should plan for how you'll proceed when one of my fellow zombies (I mean, colleagues) comes at you looking for brains.

Many readers will just decide that talking to the media is a no-go, and that's fine. Even if this is you, it's good to know the rules when it comes to you, the press and Black Hat, and photos and video.

Black Hat's PR and Communications Senior Manager Meredith Corley tells us that its rules about photos and video are pretty tight. “In general, our rule is that you must have the express permission of any subject you are hoping to film or photograph. No zooming in on laptops.”

In addition, we're told that anyone taking video must have a sticker visible on their badge signifying that they're been approved for video, and that they agree to Black Hat's video policies, like the ones about subject consent and shoulder surfing.

But what if you want to pitch a story?

Black Hat's Ms. Corley tells us, “Black Hat journalists and analysts are very busy leading up to and during the show. For PR folks hoping to secure meetings with media onsite, I would highly encourage them to make sure their stories are around truly fresh/new tools or services, or even better, about exciting research coming out of their company.”

She advises, “Remember, a pitch should not only include the highlights of the news (brevity is always appreciated), but even more important – details on WHY the news matters. What is the big impact?”

The Black Hat PR Manager also pointed out that you don't have to be interviewed in public if you don't want to. “There will be two Media Centers for Black Hat USA 2015. Attendees are welcome to conduct their media interviews in the Media Registration and Interview Center (Reef A/B).”

Mandalay Bay = Dead Island

Talking to reporters is one thing, but talking to security reporters is another beast entirely.

Information security reporting is pretty new in the grand scheme of things. At this time, a sector that still barely “gets” the internet is reporting on (and interpreting) technical issues, security subcultures, and is unaware of infosec history. That's changing, but very slowly.

For some of the bigger outlets sending media to cover Black Hat, their writers are near-to-clueless about things you consider basic in your day-to-day tasks. If you're tired of trendy security topics, pithy oversimplifications, and security rockstar worship, you risk blowing several gaskets in a short amount of time.

That means talking with reporters at Black Hat can be equal parts exciting, an amazing opportunity, a tedious chore in educating media, and an opsec risk that can be astonishing (or devastating).

Keep in mind that the digital operational security practices of many standard-grade reporters, bloggers (and media in general) is in its infancy, so the rules around other people's opsec applies. I mean it when I say that the shoulder-surfing opportunities n some infosec conference press rooms are… scary.

If you ask a member of the media to adhere to your communication rules and they won't, or don't, or don't understand why they should, drop them like a live grenade, and run. That opportunity, no matter what it is, isn't worth it — and trust me, there will always been another opportunity. Their story will come and go, but damage to you can be forever.

Some of us are cutthroat. Know that unless you're being interviewed by a patsy who regurgitates press releases, you will be socially engineered under the pressure of a rolling camera or recorded audio.

I have a lot of criticisms, and I've seen some members of the press treat hackers very badly over the years.

For that reason, I offer the following worst-case warnings when any hacker talks to the press:

  • Reporters are often careless with hacker anonymity
  • Some will publish your DMs and IMs without permission
  • Indie researchers (hackers!) face an entrenched assumption of criminality
  • Companies are perceived as more credible than you
  • Most of the time, you are part of a preplanned storyboard
  • No member of the media is your friend, and there is no such thing as “off the record”

That said, Black Hat understand the needs of its attendees. If you have a topic that's sensitive in nature, or embargoed, or just want privacy when you talk to a member of the press, Ms. Corley elaborated saying, “depending on the nature of the need,” they'll be happy to help you find a private space for the meeting to take place.

“In addition to the Media Registration and interview Center (Reef A/B), we have a private room for quiet filming that is available on a first-come first-served basis, and can help make recommendations about other spots throughout the conference center.” Black Hat's Senior PR Manager added, “Any inquiries can be forwarded by email to The team will also be in Reef A/B to help in-person during the show.”

Have fun! And don't forget to double-tap the recruiters.

About the author of this guest post:
Violet Blue (@violetblue) is a reporter for Engadget and ZDNet; her forthcoming book
The Smart Girl's Guide to Privacy (No Starch Press) becomes available August 25th.

Continue on to Part 5 of this series: Meaningful Introductions

...Or go back and read Part 3: Networking at Black Hat like a boss

Want more? You can catch all the entries in the Black Hat Attendee's Guide series right here.