Research at the Speed of News: Lessons Learned Building & Managing a Cybersecurity Research Publication Process

Presented at Diana Initiative 2019, Aug. 9, 2019, 3 p.m. (60 minutes).

Ever watched a news anchor present the latest vulnerability or fast-moving malware and wondered how that story went from research to headline? Who came up with the soundbites? Who tech reviewed the research before it hit the news? Why aren’t there more details and POC code? And why isn’t the original researcher on TV doing the talking? The behind the scenes reality is probably more complicated than you think and includes peer researcher reviews, responsible disclosure activity, legal edits (and wrangling), and keeping the PR and marketing machines tuned to technical truth. I learned all of this first-hand when tasked with building out a new research publication process for one of the world’s largest security companies. After analyzing the problem, we developed an original, interconnected, “gear-based” framework for coordinating the process quickly using a collaborative, community approach. In this talk, I’ll explain the many moving parts of research publication and detail the framework that I developed with my colleagues to ensure the research word got out as quickly, effectively, and responsibly as possible. I’ll share what worked – and what didn’t – and deliver practical advice on how to set up the process, deal with fast (latest malware) and slow (annual security report) research cycles, manage researcher expectations, handle issues with plagiarism, work with legal reviewers, and determine the best channels for amplifying the message and keeping the research publication gears turning smoothly.


Presenters:

  • Diana Kelley - Cybersecurity Field CTO at Microsoft
    Diana is the Cybersecurity Field CTO for Microsoft and a cybersecurity architect, executive advisor and author. At Microsoft she leverages her 25+ years of cyber-risk and security experience to provide advice and guidance to CSOs, CIOs and CISOs at some of the world’s largest companies and is a contributor to the Microsoft Security Intelligence Report (SIR). In addition to her work at Microsoft, she serves on the ACM Ethics & Plagiarism Committee, is an Industry Mentor at CyberSecurity Factory, and guest lecturer at Boston College’s Master of Science in Cybersecurity program. Diana is CTO and Director of the non-profit Sightline Security, a member of the RSA US Program Committee for 2018 and 2019, was an IEEE “Rock Star of Risk” in 2016, keynotes frequently at major conferences, and co-authored the book Cryptographic Libraries for Developers. She worked at IBM where she built and managed the IBM Security Research publication process.

Links:

Similar Presentations: