20 Cybersecurity Reporters To Follow On Twitter

Twitter is an essential resource for PR pros whose job requires them to stay up-to-date and engaged with reporters across different sectors. For us, one of those is cybersecurity. With data breaches happening frequently, data privacy making news, and the presidential election looming, security is the hottest of hot topics.

How can PR specialists stay abreast of security news to create opportunities for client companies? Start by following these 20 cybersecurity reporters. This is in no particular order and is by no means a complete list, but it’s a good resource for anyone looking to learn more about cybersecurity.

Great Twitter Follows For Cybersecurity Geeks

(TechCrunch) Zack Whittaker | @zackwhittaker

Formerly of ZDNet, Zack is the security editor at TechCrunch. He’s a known name in security and gives great insight into many of the ongoing and current issues in the space. One of his more notable recent stories read was his piece last year on shutting down a massive child abuse website.

(ZDNet) Catalin Cimpanu | @campuscodi

Catalin is ZDNet’s cybersecurity reporter. Previously a news editor at Bleeping Computer, he’s been covering the security space for a while and is a go-to source for any breaking stories. As a highly active tweeter, he’s a great resource for large-scale stories as well as narrow technical aspects of the sector.

(Bloomberg) William Turton | @WilliamTurton

William joined Bloomberg as a cybersecurity reporter last summer. He’s a must-follow for anyone looking to learn more about security, big tech and security implications related towards the top trending stories globally.

(Politico) Eric Geller | @ericgeller

Eric Geller is a security reporter at Politico. He covers security issues related to the White House, government policy and election security, along with breaking news. He’s extremely active on twitter, acting as a great source for general political news and the occasional meme.

(Motherboard/Vice) Lorenzo Franceschi-Bicchierai | @lorenzofb

Lorenzo is a go-to source for any and all happenings in cybersecurity. He’s been a writer for Motherboard Vice for almost five years and previously had a two-year tenure at Mashable. Along with security, Lorenzo also covers tech general tech industry matters.

(Motherboard/Vice) Joseph Cox | @josephfcox

Joseph is a security writer at Motherboard Vice, covering things like hacking and cyber crime. His stories comprise a range of topics impacting security such as hacking, data protection and breaking news.

(CNET) Laura Hautala | @lhautala

Laura covers cybersecurity and privacy with a consumer focus at CNET. She does great work in viewing common security issues through the lens of the customer, and framing them towards customers, often covering topics on the internet and database security.

(Cyberscoop) Shannon Vavra | @shanvav

Formerly of Axios, Shannon has been covering security at Cyberscoop for almost a year now, specifically focusing on the NSA, cyber command and cyberwarfare. Her feed is made up of terrific security stories and some politics news.

(Dark Reading) Kelly Jackson Higgins | @kjhiggins

Kelly is the executive editor at Dark Reading, a top cybersecurity trade publication. Although she doesn’t tweet too often, her stories and contributions to Dark Reading are essential to be current on happenings in the security space.

(Forbes) Davey Winder | @happygeek

Davey is a top contributor to Forbes’ cybersecurity section. His stories detail aspects of the threat landscape and cover data breaches with some frequency. He also contributes to SC Mag and InfoSecurity Mag.

(MIT Tech Review) Patrick Howell O’Neill | @HowellONeill

Patrick joined MIT Tech Review to cover security in July of last year. His coverage touches on the regular topics of hacking, along with a political perspective on tech issues.

(NYT) Sheera Frenkel | @sheeraf

Sheera is a cybersecurity reporter at NYT and covers trending topics like the upcoming election, Big Tech and large data breaches. She previously spent time at Buzzfeed covering the Middle East and cybersecurity.

(NYT) Nicole Perlroth | @nicoleperlroth

Nicole has been with NYT for over eight years covering the security space. She investigates trends in security, sometimes with a focus on national security and significant crimes in the US and abroad.

(WIRED) Andy Greenberg | @a_greenberg

At WIRED Andy is a dedicated cybersecurity writer. Previously at Forbes, he takes an investigative bent and has won multiple awards over his 14 years of reporting. He also has a book called SANDWORM: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers.

(WIRED) Lily Hay Newman | @lilyhnewman

Lily is another of WIRED’s top security writers covering digital privacy, information security and hacking. Over the four years she’s been with the publication, Lily has covered breaking news and ongoing stories about many of the issues that plague technology. Although not the most active on twitter, she’s an essential follow for the latest happenings in security.

(Washington Post) Ellen Nakashima | @nakashimae

Ellen has been with the Washington Post since 1995 and covers national security. Her longevity and knowledge of security issues, especially on elections, makes her an unbelievable resource for knowledge and perspective on issues related to government affairs.

(Washington Post) Joseph Marks | @Joseph_Marks_

Joseph writes the Cybersecurity 202, a daily newsletter for the Washington Post that covers all major news security professionals should know.This is the first newsletter I check out every morning to make sure I’m up-to-date and it’s an invaluable resource.

(Axios) Scott Rosenberg | @scottros

At Axios, Scott is the main reporter for cybersecurity. He also covers a wide array of topics related to technology and government affairs. Scott publishes the Axios Codebook on a weekly basis, which is an essential read.

(CNBC) Kate Fazzini | @KateFazzini

Kate is the lead cybersecurity reporter at CNBC. Previously at WSJ, she often participates in CNBC broadcast segments as the network’s go-to cybersecurity expert and is a must-follow to better understand top stories within the greater security space.

(Politico) Tim Starks | @timstarks

At Politico, Tim serves as a dedicated cybersecurity reporter. Along with his usual reporting, he publishes POLITICO’s Morning Cybersecurity newsletter covering the latest news in cybersecurity policy and politics.

Top Cybersecurity Trends For PR In 2020

2019 was a landmark year for those who work in cybersecurity PR, and not in a good way. Many organizations fell victim to breaches, hacks and leaks — at an average cost per incident of nearly $4 billion.

From Capital One and Facebook, to the AMCA, Georgia Tech and more — each shows that no sector is off-limits to attack by bad actors. A varied threat landscape has driven extensive cybersec media coverage. And while data breaches, ransomware and malware attacks are among the “normal” cybersec vulnerabilities, 2020 brings additional issues that will warrant increased exposure. They include attacks by foreign actors, insider threats, the growing cybersecurity skills shortage, AI-enabled attacks and the consequences of business’ migration to cloud infrastructures. 

Each is relevant fodder for PR teams looking to take advantage of their clients’ expertise as thought leaders. Reactively, pros will have to look for a way to position execs (CISOs, CIOs, CROs, research teams) to talk about how these trends compound a much larger issue — that most organizations aren’t equipped to mitigate cyberattacks from multiple avenues at once. And regardless of how well prepared a company may be to deal with an incident, breaches and attacks will happen – so advance PR prep is also in order.

What should PR pros anticipate within cybersecurity landscape in the next year? Here are the top trends — based on client conversations, journalist insight and industry expertise — that’ll give teams the edge, along with a warning for cybersec communicators.

Cyber attacks on industries outside of “tech” will see more exposure

Today, every company is a technology company. Major retailers’ e-commerce platforms are booming. Financial services companies are getting into cryptocurrencies and have invested heavily in mobile experiences. The healthcare and insurance industries — notorious for being slower to adapt to emerging tech — are in the throes of digital transformation initiatives involving cloud migration and AI. Everything is connected, which means every industry is vulnerable in some way. In 2020, cybersecurity PR pros should be well versed in how the threat landscape can affect many different business sectors at once and at any given time. By staying up-to-date on multiple verticals outside of pure ‘tech’ – especially those most frequently targeted by cyber attacks like healthcare, financial services, government, and energy — PR teams can ensure they’re prepared to take advantage of newsjacking opportunities in the event of a hack, keep their clients apprised of the latest news and generally be more effective at meeting industry trends and client needs.

Following new publications and key reporters in important verticals on Twitter, setting the right Google alerts and generally being vigilant through research each day will help PR pros advance client thought leadership. 

IoT’s vulnerability will take center stage

The internet of things has been a tech obsession for the better part of the last ten years. However, as IoT capabilities and connectivity have evolved, so have the vulnerabilities that put consumers at risk. 2019 alone has seen a spike in reports that show how easy it is to hack smart speakers. Coverage highlighted vulnerability and negligent security practices surrounding Amazon’s Ring cameras — where hackers gained entry and terrorized users through their own devices — and saw the FBI warning people that smart TVs can be compromised and used by bad actors to listen and watch them without their knowledge.

Especially in the wake of the incredible Ring coverage from the likes of Motherboard, Gizmodo, The Verge and others, cybersecurity PR teams should brace themselves for IoT debate to rage on in 2020. As the possibilities of the connected world expand, companies should be monitoring consumer data and implementing internal security protocols to protect customers, like 2FA out of the box (rather than blaming users).

For PR teams, these events have a silver lining and open up new opportunities for positioning cybersecurity execs as experts. Pros should have commentary in place for proactive/reactive outreach opportunities speaking on the larger impact of these events on consumer trust. Finally, they can use the trend as a fresh reason to offer best practices for consumers to protect themselves as threats proliferate.

Cybersec workforce shortage grows

Despite a constantly changing tech landscape and increased connectivity between people and devices, the cybersecurity space is notably short on qualified talent. Demand for talent isn’t showing any signs of slowing — the Bureau of Labor Statistics projected a 32% rise in available positions for infosec analysts between 2018 and 2028. Fifty-three percent of IT pros, however, have said they lack the security knowledge to safeguard the organizations they work for. If this trend continues and the need for skilled cybersec experts keeps surpassing their availability, industries around the globe could potentially see greater losses in revenue and consumer trust. The talent shortage could also be a significant contributing factor for a greater frequency in breaches, hacks and leaks in 2020.

The cybersecurity talent gap isn’t going to close overnight, so PR teams should take advantage of the attention the issue commands. Proactive and reactive commentary strategies, as well as bylines positioning cybersec clients’ expertise on how to solve the problem in the long term will further thought leadership. Additionally, highlighting ways businesses can circumvent a lack of talent internally (like investing in AI and contracting with third-party cybersecurity vendors) or how they should evolve their own hiring practices (better training and sourcing, for example) will make for strong story angles to address the issue in the new year.

Attribution announcements must be clear and credible

When an attack happens, security providers and others often clamor to publicly identify the attack and its source. There’s a natural incentive for us to make such announcements to show leadership and expertise. But there’s a risk of misinformation that may grow in 2020. In the event of an attack by foreign state actors, our government often doesn’t want to identify the culprits, even when it knows who they are. It often leaves that to cybersec companies in order to guard the intelligence sources or methods used to track down bad actors.
The problem is that as foreign-government-backed attacks proliferate, security companies or hack victims may by tempted to blame foreign actors even when they’re not involved. Foreign hackers themselves may even claim credit where it’s not due. This situation is more likely following the U.S. airstrike on Iran, amid widespread speculation that Iran could retaliate through cyber attacks. It’s important for communicators to make any attribution claims or assessment in a rigorous way, based on quality information. The last thing we need is a credibility crisis in cybesec communications.