For the following list, I’ve focused on four cybersecurity journalists who have a knack for locking down scoops and breaking stories. The list is purely subjective, and by no means all inclusive, but as someone who lives on Techmeme, I feel qualified in providing some recommendations based on what I’m seeing.
(Disclaimer: This is NOT a list of the best cybersecurity reporters to blast with your next press release or piece of canned commentary.)
Brian Krebs (@briankrebs) – Krebs on Security is arguably the most influential cybersecurity blog on the web. Best known for breaking the news about the Target breach in 2013, Brian provides an endless supply of news jacking opportunities, thanks to his deep investigative journalism. Instead of reporting on news, Brian creates it himself, even going as far as becoming fluent in Russian in order to read conversations on Eastern European hacker forums.
Apart from Target, Brian Krebs was the first to report on the Mirai Botnet, which actually targeted his blog a month before the massive DDoS at Dyn, as well as the recent breach at Arby’s. While his posts aren’t as frequent as some of the other members of this list, whenever he completes publishes story you can count on other reporters following suit.
Dan Goodin (@dangoodin001) – Serving as the security editor at Ars Technica, Dan Goodin covers cybersecurity for a technical audience, focusing less on the headline grabbing breaches, and more on the specific attacks researchers are seeing in the wild. His articles are often intellectually challenging and may not be for everyone, but for a PR person looking for leads, Dan offers a wealth of exclusives that are quickly picked up by subsequent members of the press. If your client has a perspective to share on emerging threats like ransomware, botnets, or exploits, I highly recommend keeping a close eye on the stories Dan deems newsworthy.
Dustin Volz (@dnvolz) – Over the last few years, cybersecurity and politics have become increasingly intertwined, and following this year’s election, the distinction between security beat writers and reporters covering politics has become increasingly blurry. Dustin Volz walks the line, reporting on the intersection D.C. and cybersecurity, making him the go-to guy for scoops related to the administration and government in general. With a wide network of sources, Dustin is extremely prolific and publishes between two and three articles a day. Similarly to Dan Goodin, Dustin’s articles are written for those in the know, often times hitting on nuanced legislative and regulatory issues that resonate with an extremely influential audience. If your client isn’t scared to comment on topics like the NSA’s talent exodus, or the latest law being proposed in the Senate, then Dustin is your guy.
Joseph Cox (@josephfcox) – Motherboard proves that coverage of cybersecurity can have a sense of humor, while remaining impactful, and Joseph Cox is one of the writers responsible for helping the publication shape its voice. Unlike Brian Krebs, who has been the victim of countless attacks from hackers unhappy with his stories, Joseph has a cordial relationship with members of the hacking community. As a result, he is often tipped off to incidents such as breaches before they are publicly disclosed (and sometimes before they are even discovered), making his stories great fodder for news jacking. Joseph covers everything from hackable teddy bears to email encryption services, and also tracks the latest breaches in his “Another Day Another Hack” column.