QandA with the British Hack of Infosecurity Hacks: Davey Winder

Following the announcement of the shortlist for BT’s Information Security Journalist of the Year Awards, we are delighted to catch up with one of those shortlisted: Freelance journalist, Davey Winder. Not only was Davey shortlisted, but has actually won it twice previously.

 

Q.  Tell us a bit about you:

DW: I’ve been a writer (journalist/author/blogger) for twenty years now, jumping straight onto the good ship freelance without ever having worked in-house along the way. Probably as nobody would have me as I’m NSFW material – very heavily tattooed and way too independently minded to deal with office politics. Along the way I have had more than 20 books published, written/produced and presented for TV and radio. I’m one of those poacher turned gamekeeper types as I was an old-school hacker (think Amiga cracked game intros and early online network exploration rather than stealing your identity and the contents of your bank balance) before I was a security journalist – which I like to think gives me something of a unique insight into the stuff I’m writing about.

Q. You’ve been shortlisted for Information Security Journalist Awards again? That is quite a compliment – tell us about your previous wins : )

DW: I was fortunate enough to win the first ever BT Information Security Journalist of the Year award back in 2006, something I really wasn’t expecting at all. In fact, I only turned up at the awards bash for the posh free dinner. I assumed that all those people writing for the security industry trade publications or the mainstream press would walk all over Mr consumer-oriented me writing for the likes of PC Pro and PC Plus magazines back then. However, it seems that the judges appreciated my ability to write for the common man, to get across a fairly technical subject in a way that the bloke on the street could understand. I shall reveal my secret now: I am the common man, the bloke on the street, and can write no other way!

In 2007 I was shortlisted for the overall award again, also much to my surprise, but lost out to the much more deserving Paul Marks from the New Scientist with his fascinating portfolio of security stories looked at from a science perspective.

Come 2008 I was shortlisted yet again, and this time was totally bowled over to win the thing twice in three years for my portfolio of work in PC Pro magazine. I also won the ‘best news story’ category that year, not for my expose of security holes in the online Visa processing system for Indian citizens wanting to visit the UK as I had thought might win, but for my story about the first Trojan to be discovered on a SatNav device instead.

Q. Tell us a little bit about the titles you write for and their interest in data security:

DW: I have been a Contributing Editor of PC Pro magazine since the very first issue (I am working on issue 196 at the moment, which shows how long that has been) and writing a column about the Internet for them all that time. This evolved into being specifically about online security matters some years back, and I also produce IT security features for them. PC Pro remains the biggest selling monthly IT magazine in the UK, and its belief in my 3 page monthly security column is somewhat vindicated by the awards it has won. I have also been Contributing Editor of IT Pro, a sister online-only publication to PC Pro covering the enterprise beat, since the first edition.

Funnily enough I write about security there as well, both features and a blog.

Elsewhere, currently I produce a monthly security column for Microsoft which specifically covers issues within the National Health Service; and since first winning the Information Security Journalist of the Year award back in 2006 I have started writing for industry publications such as SearchSecurity and Infosecurity magazines.

The truth is that, these days, just about every publication has an interest in information security – and that includes everyone from the tabloid media through to thought leader periodicals.

Q. What’s hot in IT security this year?

DW: The malware spread, as always. But now it’s more a matter of just how much money is being poured into malware development and who by. The whole Zeus thing (probably the most successful bank robber in history) and the Stuxnet attack (state sponsored malware targeting nuclear power plants, who’d have thunked it?) are evidence of that.

Cloud security is hot, but I’m not sure it should be anything but lukewarm to be honest. After all, data should be secured wherever it is, and the cloud is not really anything new other than in naming terms…

Q. How many security events do you attend each year?

DW: Physically, maybe half a dozen at most.

Virtually, too many to count.

Q. Which one are you most looking forward to?

DW: Right now it would probably be either RSA Europe or the Westminster eForum on building a safer cyberspace. Mainly as I’m attending both in person, during the same week, which is a rare thing indeed. The fact that it’s the same week as the Information Security Awards dinner and so I have an excuse to be in London is, of course, purely coincidental

🙂

Q. What types of stories or companies are likely to attract your attention this year?

DW: Anything with some actual content. I’ve developed a mental filter for stories which are actually nothing but marketing with some current affairs trousers on.

Q. How many interviews do you do per week?

DW: Depends what you mean by interview? If ’email someone for some follow up comment on a story or for a feature I’m writing’ then probably anything up to a dozen per week. If you mean ‘shaking hands and wearing a suit while smiling at a stranger’ then I probably do a dozen in a decade!

Q. What’s the best way to pitch a story to you? Email? Phone? Twitter? By mail?

DW: Email. Always email. I’m actually phone-a-phobic. Yes, I invented that word and probably the syndrome it describes, but ever since I discovered email and the Internet back in the late eighties I have been slowly developing a hatred for telephone conversations. They take too long, require me to be polite when I don’t want to and rarely lead to anything particularly productive. In fact, I no longer have a telephone number of any sort on my business card, just my email and web.

Twitter is also OK, as I check that almost as often as my email.

However, a pitch in 140 characters is going to be pretty crappy…

Q. Who is worth listening to?

DW: Anyone with something to say. Which usually means not the director of marketing EMEA that the PR wants you to listen to but the researcher who actually found the zero-day that company X is blabbing on about instead.

Q. What’s your favourite blog?

DW: My own, of course (www.happygeek.com) or less egocentrically and more seriously, I always read what Graham Cluley at Sophos (http://www.sophos.com/blogs/gc/) and Rik Ferguson at Trend Micro (http://countermeasures.trendmicro.eu/) have to say as they share my love of plain speaking and non-patronizing writing.

Q. What is your favourite piece of technology?

DW: Currently, the new Amazon Kindle 3. It does one thing and does it really well, despite the tech specs making it sound pants.

Q. What do you think is the most important development in IT security to date?

DW: Wow. That’s a big question. The answer, I would have to say, is awareness. Security is not a technology, it is a process. Once users are educated about the risks they face, then data security becomes doable!

Q. What is the best piece of advice for companies pitching stories?

DW: Give me something relevant, concise and current. If you can make it exclusive I will even have your babies.

Q. What was the best press trip you’ve ever been on? Worst? Why?

DW: Best? Probably the launch of a communications satellite many years ago. Why? A handful of journalists from across Europe (literally) were flown on a DC10 alongside a handful of directors and government bigwigs (the plane was chartered, nobody else on board) to stay in a Disneyland hotel in Florida. We got VIP access to NASA, watched the launch from alongside the people who built the satellite and the rocket taking it up there, and got to talk to some of the biggest nerds on the planet. Perfect!

Worst? A mobile phone launch in Portofino which should have been idyllic but ended up being a nightmarish vision of late flights, late buses, hurried dinners and being rushed from one conference room to another. With no time to rest, the press conference itself was awash with wasted journos unable to ask a sensible question between them.

Q.  What’s your favourite restaurant?

DW: Easy. Le Gavroche, closely followed by The Fat Duck.

Q. Are you a social media lover? Which ones are you on? FB? LinkedIn? Twitter?

DW: Oh yes. The answer is all of the above 🙂

Q. Tell us something no-one knows about you?

DW: I turned down the opportunity to have a speaking role in the movie ‘Hackers’ in favour of attending a computer gaming conference instead!

Q. Do you have any unusual or unexpected hobbies/interests?

DW: I collect retro gaming hardware and tattoos with equal voracity. I’m a huge Rugby Union fan (go Leicester Tigers) and enjoy mixed martial arts.

Q. Do you have a claim to fame?

DW: I appeared as an extra in the Judge Dredd movie…