For Mia Damiano, storytelling in the world of cybersecurity is critical. While the information is the most important part, the way we communicate it really matters.
For example, not everyone is an engineer is interested in the deep dive technology of the latest data breach or vulnerability. If you just talk about the threats with no context regarding the impact, not all the people who should care are going to care.
Mia tells all in her own words:
About Mia Damiano
Mia Damiano is one of the senior leaders in Merritt Group’s Security Practice, where she acts as the day-to-day lead for clients ranging from startups to publicly traded multinationals. Over the course of her career, Mia has supported security companies and federal IT clients, securing coverage in publications like CNBC and The Wall Street Journal among others. In her current role, Mia provides counsel and strategy for clients and leads integrated communications campaigns that drive results. She also holds a position on the Women in Technology communications board.
Merritt Group is a nationally recognized strategic communications agency that provides marketing, public relations and digital strategy and services to organizations ranging from venture-funded startups to global Fortune 500 companies. Merritt Group applies focuses on four market areas: technology, energy, healthcare and government. Founded in 1996, Merritt Group has offices in Washington, D.C., and San Francisco, CA.
About Matt Stephenson
Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Security Technology team at Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcast and host of ThreatVector.
Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line.
Can’t get enough of InSecurity? You can find us at ThreatVector InSecurity Podcasts, iTunes/Apple Podcasts and GooglePlay as well as Spotify, Stitcher, SoundCloud, I Heart Radio, and wherever you get your podcasts!
MATT: Welcome back to Insecurity…. and now for something you may not think is relevant, but I promise you that it is. I am here with the marvelous Mia Damiano of the Merritt Group.
MIA: Thank you for having me.
MATT: That's a lot of alliteration, but we'll get past that, I'm sure.
MIA: Everyone loves alliteration.
MATT: Let's get this out in the open first. I don't want to out you, but I'm going to. You are in PR?
MIA: I am.
MATT: Black Hat began its life as a hacker show. Some would say, "It is become a bit corporate." Some would say, "Your industry has something to do with that." I think that's a good thing. I think most of us think that's a good thing.
MIA: Yeah, I would agree. I think that the people that are complaining about it are the people that wanted to stay in the dark, and they want to be part of that French society and that culture, but realistically we're talking about real issues. I think if those real issues are ever going to get addressed and the situation in the country of our poor security's ever going to get fixed, it has to be mainstream. It has to be something that your mom can talk about, your mom knows what's going on in the news.
MIA: Without PR people to bubble that story up and make it mainstream, we're going to be stuck in the dark. We're going to be stuck where we were 10 years ago. I don't want to maximize the role that we play, but I think combined with the security professionals and what they're bringing to the table and us getting that voice out there, we have a real value to provide.
MATT: Well, is it fair to say when WannaCry broke a few years ago, that actually made the front page of the USA Today?
MIA: Yeah and that was a game changer.
MATT: Right and it's nothing to disparage USA Today, but it's written at a third grade reading level. And that's your job, is to take this type of geek speak and turn it into something that people can understand, who aren't in this industry every day.
MIA: Yeah, I mean, it's a very technical story. Not everybody is a security expert and I think you have to take the people that can speak to the media, speak to the mainstream press, speak to you know the everyday Joe, your grandma, your mom, your aunt, and your uncle. That's our role. It's taking what those security researchers are putting together and broadcasting it in a way that's understandable.
MIA: I think the big key there is storytelling. We talked about the report we just put together where we just talked about how storytelling is so critical. There's marketing message here, marketing messaging here and that's not what resonates. What resonates is the real stories, the real people, narratives, you know? You want to read a story.
MATT: Well you mentioned the report. Let's talk about that or at least the process behind it.
MATT: When you do the research, you've created something that is a deep dive and it's got real value. How do you get that from the brains of the researchers, the development team, whoever, into the hands of a Forbes? A Wall Street Journal? I mean we all love the Tech Press, but a lot of people who are making decisions don't read The Verge.
MIA: Yeah, I mean it's conversations like these, first off, having real conversations about what matters, but I also think it's finding a common thread, finding what makes those stories resonate with those bigger audiences. When you talk about WannaCry, the reason it made front page news was because there was a real impact that people understood. When you're just talking about technical vulnerabilities and zero day threats, but there's no impact, it just doesn't stick. I think like the Forbes, the Wall Street Journals, you know, the New York Times of the world, they need to have some sort of impact. They need to have a narrative. They need to have some sort of common thread that makes them care.
MATT: In your experience, is there any nontechnical press that you think is doing a sneaky good job of getting those stories out there? Somebody that in your head you're like, "You know who gets this and can tell it well is, blank."
MIA: Yeah, I mean it goes both ways. There are the people that are putting out the newsletters, which I find very valuable, like the Wall Street Journal Pro newsletter, the Axios newsletters, the Washington Post newsletters. They're taking a lot of what's going on there and digesting it in a very easy to read format, which is great. People's attention spans are just so, so, so, so small at this point and I think taking what's going on and making it digestible is key, but every mainstream outlet we work with, realistically, they're putting more of an emphasis on cybersecurity.
MIA: I wouldn't really single out one or the other. I think they're all really making a concerted effort and I think it shows. I think when you look at the daily news headlines, when you have conversations with people outside the industry and they know what's going on, that's how you know the message is staying.
MATT: For people that are looking for more fascinating insights from the marvelous Mia Damiano, where can they find you? What are you up to?
MIA: You can find me at Merritt Group, obviously. You can visit our website, at merrittgrp.com. You can reach out to me on LinkedIn. Those are kind of the two main modes, but I'm also at the show. I will be at the parties tonight, bopping around, and I love meeting new people.
MATT: She actually does. She goes to real things, but is also available on these things. I can tell you that as a LinkedIn buddy. I'm at threatvector.cylance.com. On Twitter, we are @cylanceinc and @BlackBerry. I am Matt Stephenson. You can find me @packmatt73. All the weird stuff in Vegas, stick around.