He’s H4cked Off: Q&A with Stuart Sumner, Senior Reporter at Computing

By Rose Ross (@Rose_at_O) and Olivia Shannon (@Olivia_at_O)

EDITOR’S NOTE: Stuart Sumner is now Editor of Computing. Find him on LinkedIn. (Updated July 2012)

Q.  Tell us a bit about yourself:

Journalist, writer, comedian, musician, poet, super-sleuth and lover.  Also prone to exaggeration and lies.

Q. Tell us a little bit about the titles you write for and their interest in data security:

I write for Computing, often but not exclusively on security.  It’s an area that gets more interesting the more you delve into it (a bit like Wales).  Since I started focusing on security last year, the magazine is becoming better known as an authority in the sector.  In the past I’ve written for Time Out and various titles published by IPC Media.  Actually, working for the latter publisher, I once found myself writing an article under the title “Rachel Stevens’ top make-up tips”.  God help anyone who actually followed my advice there.

Q. What’s hot in IT security this year?

Security itself is hot this year, carrying on from its increased visibility last year.  Cyber crime isn’t going away, and with hacktivism entering the fray it seems there’s a greater need than ever to lock down corporate data and processes.  Although every day seems to bring stories of yet more organisations failing to do just that.  If Stuxnet makes a return, perhaps in an attack on the utilities sector as some are predicting, then that will probably turn out to be the biggest security story of the year.  If not, then it will be some large corporation suffering a large data breach as a result of incomplete security protocols.  It all comes down to human behaviour; we take the path of least resistance and that usually results in something sloppy somewhere just waiting to be exploited.  And cyber criminals tend not to miss easy pickings.

Q. How many security events do you attend each year?

Not as many as I’d like, given deadlines and other commitments.  In addition to covering news, writing analyses, features and blogs, I also manage both the video and opinions sections of the website and magazine.  In previous jobs I’ve always fantasised about working a three day week, at Computing I’d like it extended to six so I have time for everything.  I’d also quite like a four day weekend, which would give us a ten day week.  Perhaps decimalisation is just what the calendar has been crying out for?  I’ll start a petition…

Q. Which one are you most looking forward to?

I really enjoyed the McAfee Focus event last year in Las Vegas.  It’s always great to meet the people at the coalface, people who aren’t interested in giving you the standard marketing line, but just love what they do.  Every vendor has them, the trick is getting to them.  I’m planning to visit Kaspersky in Moscow shortly where I hope to have similar experiences.  If nothing else, writing about security enables you to see the world!

Q. What types of stories or companies are likely to attract your attention this year?

Like most other people I’m interested to see what (if anything) happens in the Intel – McAfee partnership.  I’ve heard some pretty strong opinions recently about the viability of embedded security, and I’d love to see a product range released so we can finally have a focus for all the hot air.  Besides that, there will no doubt be plenty of high profile hacking incidents.  Hopefully some high profile arrests and law enforcement success too.  I was hacked myself recently, and hold no love for cyber criminals.

Q. How many interviews do you do per week?

It varies between one and five or more depending on workload.  In any given week I’m attempting to do about 60 things, 15 of which are actually achievable.

Q. What’s the best way to pitch a story to you? Email? Phone? Twitter? By mail?

Generally I prefer written approaches, although I admit I don’t have time to read all of them.  I feel for the life of the PR these days. I have so little time to listen to / read pitches (and I know I’m not unusual in that regard) that I have no idea how they get their stories read.  I’ve taken to switching my desk phone to silent when I’m especially busy, which is 90% of the time.  Much as I’d like to be more patient (a life-goal I will never achieve), it doesn’t help when I get a phone pitch which opens with the words “You probably won’t be interested in this but…” and then goes on for five minutes without getting to the point.  The first rule of pitching: Believe in your own material!

Q. Who is worth listening to?

Besides Computing staff? I read Krebs on Security by Brian Krebs regularly.  Besides that, most of the major vendors have regularly updated threat reports which are worth reading.

Q. What’s your favourite blog?

There’s a new one by up and coming security writer Stuart Sumner at Computing called H4cked Off that I’d recommend (okay, I’ll stop now).  As above, Krebs is well worth a read, and Bruce Schneier (Schneier on Security).  Also Graeme Stewart from Sophos writes about security in the public sector inhis blog, which I’d recommend.

Q. What is your favourite piece of technology?

My favourite piece of technology is the iPad I don’t yet own.  Amazingly, no one’s bought me one yet.  It’s my birthday this week, but I’m pretty sure my wife’s getting me a watch.  Maybe next year.  If we’re talking about technology I do own, then I’m going to be boring and say my laptop, because I can write the early story for the website while supervising my eldest son’s breakfast.  Although given that the machine’s underside heats up to a temperature that could melt Titanium, the “lap” part is purely figurative.

Q. What do you think is the most important development in IT security to date?

So much to choose from, I’m blinded by choice!  I’m going to say anything which improves the essential crapness (yes it’s a valid word) of usernames and passwords as a verification technique.  Two-factor authentication is essential as more services move online.  I was making an online bank transfer last night, and was extremely happy to be using a card-reader and one-time PIN alongside other requirements before I was allowed to proceed.  It failed the first time, probably due to a typo on my part, but worked the second – and the delay was well worth the added feeling of security.  Of course then you’ve still got to worry about man-in-the-middle attacks and a million other little security holes, but the key is not to be the soft target.  My Hotmail was hacked recently, which in turn led to a cascade of personal security failure as I also lost my Gmail, Facebook and LinkedIn accounts.  Thank God my online banking is more secure.

Q. What is the best piece of advice for companies pitching stories?

The best advice to get the story picked up is to make sure it’s really a story in the eyes of the person you’re pitching to.  I sometimes get the feeling the person pitching to me is just running down a list of names to call (probably because the person is just running down a list of names to call), without a thought to their audience.  I rarely want a vendor story; I want the end-user’s perspective.  Once I was pitched a story about the demographics of air passengers, and the PR was very persistent about it.  That doesn’t make me want to listen to anything else they have to pitch.

Q. What was the best press trip you’ve ever been on? Worst? Why?

There aren’t that many to choose between, so I’m going to say the McAfee Focus trip to Las Vegas.  I only managed to grab 20 minutes to myself, where I went for a stroll down the strip in eighty degree heat in October (for some reason I’ve switched to Fahrenheit because it was in the US).  But the rest of the time I was talking to fascinating and enthusiastic people about security.  I was also offered an entire photo-album of “companionable ladies” before I even got to my hotel, which I thought summed the place up perfectly.  I enjoyed regaling my wife with that one.  Fortunately she found it equally funny, although she’s had me GPS chipped since (do I need to point out I’m joking?).

Q.  What’s your favourite restaurant?

There’s a little Greek place in Clapham North near where I used to live called Sapphos.  I used to go their all the time.  There’s no menu, the owner brings you what he feels you might like, it’s all incredible, and you won’t need to eat for a week afterwards.  Not for vegetarians, or people who dislike surprises.

Q. Are you a social media lover? Which ones are you on? FB? LinkedIn? Twitter?

I’m not sure how you’d eke out a career in journalism today without being all over social media.  I have accounts on all of those, although I use Twitter far more than anything else (@StuartSumner).  As I said, I was hacked recently, and my Facebook account is still suspended.

Q. Tell us something no-one knows about you. Do you have any unusual or unexpected hobbies/interests? Do you have a claim to fame?

I can combine all three questions with one answer: I write comedy in my spare time, with varying degrees of success.  Two series of my radio sitcom Space Hacks were produced and broadcast by the BBC in the last few years, and are often repeated.  I’ve also contributed material to various other radio and TV shows, including “Not Going Out”, for which I have my very own (now out of date) IMDb page.  I’m currently working with a production company on a TV sitcom, and we’re meeting a broadcaster next week, so fingers crossed.

Copyright ©Launchpad Europe 2011. All rights reserved. You may copy and distribute this material as long as  you credit the author where possible; the copies are distributed only for non-commercial purposes and at no charge; and you include this copyright notice and link to Countdown2Infosecurity.com, the original source of the work.

If you have any questions, please contact Launchpad Europe, info@launchpad-europe.com.