Journalist Q&A: Davey Winder – Part 2

In the second instalment of our three-part series, we ask veteran infosec freelancer Davey Winder how he deals with information overload, and what makes a great cybersecurity story.

Click here to read part one of the series.


Where do you get your inspiration from?

I’m fortunate to have ended up writing primarily about cybersecurity as inspiration comes both from the dynamism of the threat landscape itself and the innovation of those whose job it is to protect us from the exploits that evolve at such an alarming pace. Seriously, if I couldn’t find inspiration within this sector then it would be time to put down my pen and go do something else methinks. That said, it’s also a truism that pending deadlines can’t be beat when it comes to getting inspired; especially when you have regular weekly and monthly slots to fill.


How do you curate content for your various outlets?

While inspiration is not limited to the apocryphal 10% in my case, there is certainly plenty of truth in suggesting much of my time is spent perspiring in the form of research. Curating content involves a multi-stage process for me, and not all of it is digital either. I confess to using a system of good old-fashioned foolscap folders labelled pending and live for each publication I work with, as well as email folders and lists using ‘Pocket’ for saving web-based content as I find it. The research often starts with my email and tip offs from industry insiders, embargoed research reports and press releases. Those that catch my eye are filed into their respective publication folder first thing in the morning, to be followed by a round of online research which involves saving related data from security research blogs, academic papers, news reports etc into those Pocket lists. Once I’ve got my head around the shape of the news story or feature that’s forming in my head, the writing process proper can begin…


How do you deal with information overload? What makes you stop and read one email compared to the one you may have just deleted?

Good question, and I’m not sure I have the answer beyond instinct built upon three decades of doing it. There are some delete triggers, of course, such as emails proposing something identical to a story I’ve just had published and which often start ‘I see you have written about X, would you like to talk to my client to also discuss X?’ Then there are the breaking stories, especially in the cyber sector, where fifty or more emails will arrive all offering comment and insight into a newly discovered breach. They tend to be marked as read in bulk, and if I’m actually commissioned to cover that story I will then search my inbox and contact the people with the least generic and most interesting angles. Sometimes the best stories come out of the blue, and I’ll always read an email that has an intriguing but informative subject line that stands out from the templated stuff surrounding it.


What makes a good cyber security story? Are we becoming too desensitized to cyberattacks and breaches?

Another good question that I might struggle to provide a definitive answer for. It kind of depends on the publication for me, as a freelance who works with a variety of clients including trade press, consumer and vendor. So, I write a monthly column about cyber in the NHS and so am always looking for health-related security angles and the ones that usually work the best are the ones with a real human angle to them. But I also write for trade publications, read by security professionals, and a good story for these will likely be those which delve into the technology behind the breach, or the technology behind the hype. I have one client which provides software for managed service providers, so in that case a good story is one that allows me to give mitigation and best practise advice to MSPs. There is, of course, a danger that every breach is ‘just another headline’ but as long as those of us who write about such things remember that there are always real people impacted by those breaches (be they staff or customers) and can get the human cost across then they will remain valid and, hopefully, interesting.

Join us next time for the third and final part, where we’ll be looking at the importance of building journalist relationships, and what makes a good media spokesperson.

Journalist Q&A: Davey Winder – Part 3

Cyber Beat podcast episode 5 – Recruiting in cyber security PR