Ever watched a news anchor present the latest vulnerability or fast-moving malware and wondered how that story went from research to headline? Who came up with the soundbites? Who tech reviewed the research before it hit the news? Why aren’t there more details and POC code? And why isn’t the original researcher on TV doing the talking? The behind the scenes reality is probably more complicated than you think and includes peer researcher reviews, responsible disclosure activity, legal edits (and wrangling), and keeping the PR and marketing machines tuned to technical truth. I learned all of this first-hand when tasked with building out a new research publication process for one of the world’s largest security companies. After analyzing the problem, we developed an original, interconnected, “gear-based” framework for coordinating the process quickly using a collaborative, community approach. In this talk, I’ll explain the many moving parts of research publication and detail the framework that I developed with my colleagues to ensure the research word got out as quickly, effectively, and responsibly as possible. I’ll share what worked – and what didn’t – and deliver practical advice on how to set up the process, deal with fast (latest malware) and slow (annual security report) research cycles, manage researcher expectations, handle issues with plagiarism, work with legal reviewers, and determine the best channels for amplifying the message and keeping the research publication gears turning smoothly.