That’s a pretty far flung suggestion, but after my conversation with a “grey hacker” (that’s someone that works on the good side and also a little on the bad side) I’m not sure it’s so far-fetched. The truth is, I love talking to hackers. I think it’s becoming a bit of “thing” of mine, all because I’m trying to get my clients and their “hacker mates” to write a short story book made up of fictional hacker tales – based on the semi-truth. So in my quest to get this book written, I’m interviewing lots of hackers to get their thrilling tales from the underground. Well you could knock me over with a feather with what I’m currently hearing – it’s the most exciting venture I’ve undertaken in a long while.

Only last week my grey hacker friend was telling me about a bloke he met down the pub who has a rather interesting way of boosting his yearly income to pay for his wife’s new car or their expensive annual holiday. He manipulates share prices in what could be dubbed rather brilliant.

This is how it goes. He’s a very proficient IT consultant, called into major organisations to sort out all sorts of IT security issues from fire-fighting to unravelling an IT project that’s gone wrong and needs sorting out. He always chooses one year contracts, which gives him plenty of time to get familiar with the company and the company to get familiar with him. As an IT programmer, he has to get the back-door passwords or admin passwords which basically give him access to everything. He doesn’t use these for anything sinister at all for at least the year. He does a great job for the company and gets paid a fair price. Just before the company goes public with their profit announcements, he goes in through the back door and changes the figures. Of course no-one notices and the figures are very poor and surprises everyone – so of course the price drops. He buys a lot of stock but not so much that people notice he’s bought them, maybe just $50-$75k. Once the accountants have noticed that something has gone awry with the balance sheets, they re-issue the profit announcement and tell the world there was a terrible internal mistake and the price shoots up and he makes a very healthy profit.

That’s clever, obviously hugely illegal, immoral and very wrong – but you have to admire the guy and he’s never been caught because he doesn’t brag about it, isn’t greedy and leaves no trace behind him. I’m not saying this has happened in the case of Tesco’s – because when you read between the lines they look like they’ve just been pretty rubbish at “creative accounting” – but then my more paranoid brain says to me just imagine if there was a hacker that had screwed with their figures and now they’re having to make wonderful excuses to cover their tracks!

You see this book really is messing with my head – but I can’t wait to get all my contributions in from the hackers so you can read it and have your imagination run riot too!

Picture 2

It’s something we’ve been meaning to do for a very long time. Get the country’s top CISOs in a room, over a fabulous lunch and get them to share their pain together and learn from each other’s experiences.  So last Wednesday at Gordon Ramsey’s private dining room at the Savoy we had 13 CISOs from many of the world’s largest companies seated around the most beautiful dining room table, with the most scrumptious food on earth – all being incredibly candid about how they see life through each other’s eyes and it wasn’t a pretty picture – these guys sure are the unsung hero!

The first of these lunches was kindly sponsored by Imperva and Amichai Shulman their CTO brilliantly set the scene explaining how Imperva see’s the threat landscape today. Amichai spoke about APTs and said they are no longer about advanced persistent threats because because they certainly aren’t advanced, more a case of automatic and persistent, pushing continuously at every organisation no longer how big or small.  Therefore, APTs should be renamed “automatic persistent threats”.

Most agreed that their roles have changed so it’s less about security and more about assessing risk and putting it in language that the board understands so that they get the funding for more investment. There are so many assets in a company that you could spend a lifetime prioritising them, but it is a certainty you’ll never protect everything 100%.    Heading up security is now about working out what you can afford to protect and then making this area to prioritise – the rest just has to wait.  What I found most interesting is that the CISOs agreed that a vast amount of data is dead after very few days, literally it loses its value after maybe a week to ten days then you just need to file it away safely or delete it.

It was very insightful listening to the CISOs share the same pain when it came to their end-users (and they sure do have a lot of pain) as it always comes down to the fact that if they were more clued in and aware of scams and the importance of protecting the data they work with, life would be a whole lot easier in the security department (or should that be the risk department!).

The most important take away from the lunch was that they really appreciated being together as they do mostly suffer from the same problems and it’s good to talk! By collectively sharing their problems and experiences, just maybe together as a close unit, they could come up with the solutions and answers to make their environments more secure.  Phew! Am I pleased I’m the one that just has to organise these events as I wouldn’t want the CISOs responsibility.

Roll on November for our next CISO lunch club – can’t wait to hear what take away’s we’ll get from that one which is being sponsored by Voltage.

And if you would like to join the lunch club or sponsor it just let me know!

quality v quantity blog

Carpet bomb emails are something the PR industry is unfortunately, renowned for. It is hard to strike a balance – you want to get your clients’ news out there in the most efficient way possible, so email tends to be the answer. But when you have a lot of clients in the same space, that can add up to a lot of emails.

Our clients sometimes want to comment on the same things and some even have offerings that overlap.  This is often a good thing, because it means that we can give journalists richer content on the same topic. One client might have one opinion on a certain topic whilst another might have another view – so we can still pitch both to the press, creating a nice story for the journalist plus coverage for 2 or more clients at once. It also means that we have communicate and coordinate as a whole agency as to what news we’re sending out to whom and more importantly, when we’re sending it out. By default, it encourages teamwork.

We were delighted to receive the following note from a journalist we work quite closely with:

“Incidentally, you guys are brilliant. One of the most aggressive PR agencies I deal with when it comes to sending out e-mails but there is useful stuff in it so I don’t mind at all. Probably the best PR outfit I deal with, to be honest.”

So there you have it – you can have both high quality AND quantity – as long as you’re keeping content relevant to your audience.



high five


There are no hard and fast rules when it comes to PR, especially on the agency side. While there are certain principles and formulas we can apply to our work to get the best results, the reality is – no two clients are the same! It’s what keeps working in an agency interesting, exciting and yes, sometimes challenging.  PR is made up of all sorts of clients from the super-responsive, enthusiastic ones that have SO much going on that sometimes it’s almost TOO much, to those that expect the world but lack the resources to provide the content needed to generate headlines.


And we like a challenge, it’s what keeps things fresh.


For all clients, regardless of the amount of time and resources they can contribute, we work as a team.  We have the contacts, ideas, creativity and industry knowledge to get clients into the media building their brand and reputation. We get to know the company inside out and this initial effort is incredibly valuable to the client-agency relationship and pays dividends in Tier 1 coverage.


We jump on breaking news and keep up to date with trends, because our clients don’t always have the time to watch for breaking news stories that they can contribute to and provide insight. Luckily, we’re in a fast moving industry with news that is breaking almost hourly and this is where our rapid media response works for the busier client who wants masses of quality coverage but doesn’t always have the time to dedicate to it.


In fact, leveraging a PR agency in this way makes real sense, especially if it is a niche agency.  Who better to know what’s going on and what the competition is up to, than the team that is reading the very media and tracking the stories that the client wants to be in on a continuous basis.


But our dream clients are those that do get involved. For the simple reason that they know their businesses better than anyone else.  The press, especially the type of specialist press that we deal with, can see straight through PR “fluff”.  By fluff I mean the tenuous pitches void of real information spun in such a way that journalists would more likely give up their first born child than print a word about this type of client. We pride ourselves on not doing this as journalists don’t like seeing it.  We know this.  So it is important that we get the cold, hard facts, based on solid research and offer quality spokespeople to the press.   That is why Eskenzi has been ranked the 2nd most rated tech agency by the journalist community in the UK and the fourth most rated agency across all sectors according to research conducted by PR week with 4000 journalists.


When it comes down to it, clients who put the most in will get the most out; but that isn’t to say if you don’t have a huge amount of resources that you shouldn’t bother.  A good PR agency will figure out the best way to work as team with you, and while results may vary, you will see them.



Every day is different

There are no two days the same in PR. One day you can be wrapping chocolate eggs in client branded foil for Easter (yes, I have done that), the next you can be planning a press trip to South Korea and questioning whether any journalists will be brave enough to attend, given the current political situation.

Yes, no two days are ever the same, and that makes PR brilliant.

I couldn’t imagine anything worse than sitting day, after day, after day, doing the exact same thing.

PR is exciting, upbeat and ever-changing.

News hound

In PR you have to be a news hound so you are always up to date on what’s happening in the world. Being up to date on the latest news means you never run out of conversation at a dinner party and you never get caught off guard when someone says: “Have you heard about Gauss? Do you think it has some interconnections with Stuxnet, Duqu & Flame?”. You can provide an impressive, informed answer that will make you look like a genius.

You can spot a ‘spin-story’

You can always spot a PR story. If a newspaper headline one day reads ‘Research from Pedigree Chum proves dogs that eat turkey live ten years longer’, you can almost guarantee Pedigree Chum is launching a new turkey dog food product. You work in PR; you follow some of the same tactics, so of course you know the business well enough to spot a ‘spin-story’.

Fun, fun, fun

PR is really fun. We get to do cool things like launch products, organise events, create news headlines and get our clients on TV. I can’t think of any other job which is as fun as PR, okay well maybe being a performer in Cirque du Soleil but unfortunately I am not acrobatic, hyper mobile, and the fact that I’m slightly terrified of heights might be a problem.


Let’s be honest, it’s what we’re famous for. However, these relationship building lunches are a very important part of our job. We need to build relationships with important journalists for our clients and sometimes a telephone briefing simply won’t cut it. A nice lunch in town means your client and the journalist can have a good, in-depth conversation without distraction.

In my eyes, PR is without a doubt one of the best industries to work in, one day is never the same as the next and you are constantly learning new things.

My only advice to anyone considering a career in the industry would be to go for it.


The Internet connects computers around the globe, but these devices have changed massively over the years.  It started with huge systems that would fill a room, before moving onto personal computers (desktops and laptops) and then to Smartphones and tablets. Now, nearly everything is connected to the net and this is called the Internet of Things.

Sadly, as well as providing us with great information and ease of completing tasks – such as our weekly shopping – the internet also has those interested in criminal activity and, like it or not, you will be a target of this activity if you have not already been compromised and just don’t know it yet.

I have bad news, and then really bad news.  The bad news is that we are in a situation whereby there are a growing number of attackers; and the really bad news is that they are increasingly getting access to an even larger amount of targets to compromise.  The 2014 Consumer Electronic Show (CES) was both exciting and horrifying, as gadget after gadget had some Internet enabled feature. Most of these are produced from companies that do not understand the fight and ongoing battle of Internet security.

As it stands at the moment, you may tend to the security of maybe a few computers, your Smartphone (and all those application updates), and maybe a tablet; but with the Internet of Things, you will have to add your car, all of the home automation involving lights, home security, appliances, and even wearable devices used for fitness and diet!  Even if these units ship to you with no vulnerabilities, these talented bad guys will find a way to compromise the systems.

Never before will you have so much of your personal information, information on your lifestyle and everything you do in a 24-hr period, available on the Internet.  If the attackers are targeting you, they now have a multitude of access vectors to explore.  If they are just using you as a resource to target another, your home devices could easily be a part of a nation state sponsored denial of service attack on some targeted country.

The problem is that most people will never update these Internet of Things devices and herein lies the real issue.  Security is a process, and this is where the process breaks.  Securing a system is about constantly being able to adapt to the changing threat environment and we have a hard enough time updating all the applications on our personal computers and Smartphones. Now add 30 more devices from 10 different vendors and you see the problem!

Consumers don’t know how to ask for these security features, so the vendors are not going to prioritize them.  Security standards will be put in place, but they move too slowly when compared to the innovation taking place in the threat environment.  If I sound concerned, I am, and I am not alone.  So what is the answer?  How is this all going to play out?

I don’t think any of the consumer electronic vendors will have the incentive to invest in a secure software development practice. So if devices are not secure, WE will have to secure them and this will involve a birth of services for the home, much like home security services but for the Internet systems.  It is a huge opportunity for service providers to step in and deliver enterprise level security expertise for the home and individuals of that home.

When dealing with the security of the Internet of Things, we are talking about the security of the Internet at large.  There are a lot of new devices coming online that will bring with them new vulnerabilities that will need remediation.  As a consume, your must understand the total cost of ownership here and a device that gets compromised is a device that will require your attention and the ability to update. So, first and foremost, understand how your vendors will be delivering updates to these systems and preferably in an automated fashion.   You do your part and hope that everyone else does theirs, because an insecure system on the Internet is everyone’s problem.

With the Internet of Things being hailed as the next big thing, this will be an exciting time for Eskenzi PR. So many more devices being connected to the internet means more vulnerabilities and attack vectors for our 20 security clients to comment on. Which, in turn, means more coverage!


Join IT Security Guru’s first webinar on: “If there are so many vulnerabilities, why isn’t the world on fire?”  Presented by editor Dan Raywood with guests including some of information security’s biggest names – Lewis Henderson, Conrad Constantine, and Cris Thomas.  Join us at 3pm on Wednesday 30th July for a lively debate on the state of security when it comes to insecure applications and platforms, and help you realise both how to manage vulnerabilities and fix what our speakers deem to be the most critical flaws first.

Click here to register now for the webinar.

celebration toast with champagne


We are hosting our first round table lunch following on from the IT security Analyst & CISO Forum events.  Joining us at the lunch will be 10+ CISOs, all drawn from the FTSE 500 as well as government departments and charities, together with representatives from the sponsoring vendor company and IT Security Guru, who will discuss information security pain points under the Chatham House Rule.  We will then go on to discuss other current concerns of the CISOs and share intelligence on how they are dealing with them. The first roundtable lunch takes place on Wednesday 17th September 2014, 12:00 – 14:00, at Gordon Ramsey’s Savoy Grill in a private dining room at The Savoy, Strand, London WC2R 0EU and is sponsored by Imperva.  Because Amichai Shulman their CTO is flying over from Israel to present at the lunch we already have far more CISOs than anticipated, which is a nice way to start.

Each lunch will reflect the theme that’s chosen by the sponsoring company and will give you a great opportunity to get the topics you want to talk about discussed amongst the UK’s top security practitioners.

Drop us a line if you’d like more information on sponsoring this event as a vendor or attending as a CISO, we can begin organising it today!

Contact Gemma Harris – gemma@eskenzipr.com  – Tel: 0207 183 2842

We’re delighted to announce that the IT security guru is now available to produce product reviews which are written by the UK’s leading reviewer Dave Mitchell.  Dave has the largest IT security testing lab in the UK and is well respected for the reviews he’s been doing for a few decades for SC magazine, Network Computing, Computing Security and IT Pro.

IT security guru will be charging just £999 for each review which will be heavily promoted throughout the Guru website and published in the Guru newsletter which goes to 3000 IT security professionals. Plus you will also have the rights to distribute the review as a pdf.

The review will based on a score card around:

  • Value
  • Performance
  • Features
  • Ease of Use
  • Support
  • And an overall score

He will also have an editor’s choice recommended by the Guru for:

  • Enterprise
  • SMB
  • Mid Range
  • Best in Class.

He will need a minimum of a month to review the product and we would need to decide when you want to have it published. We’ll support it with graphs and make it look nice for the review.

You can see our first review which was carried out by Dave Mitchell for AppRiver here.

If you are interested in a review in the www.itsecurityguru.org please contact Yvonne at Yvonne@eskenzipr.com or 0207 1832 832.



This will be the third year we’ve suffered the ridiculous 120 degree heat in Vegas to visit Black Hat.  However, it’s not too much of a sacrifice as it’s such a cool show –  how could we possibly not be there?  It gives us a great chance to meet up with all of our clients and to find out what’s really happening in the IT security industry.

If you’ve got a stand there here are some suggestions how to make it work for you:

  • Stand-out from the crowd by having huge lettering on your stand that tells the visitor exactly what you do.  Why does no one ever do that?
  • Have some fun give-aways that will have a long shelf life that people will remember you by.  Only give them away once you’ve gauged whether the person will make a great customer!
  • Don’t swipe people for the sake of it – have a conversation and only take their details if they are going to be a solid lead.
  • Don’t get so pissed the night before that you can’t function the two days that you need to!
  • Use it as an opportunity to network and speak to your competitors, partners and as many potential customers as possible.
  • Do attend as many parties as you can – networking is what it’s all about – and don’t get too pissed!!! I know it’s tempting but in the heat and standing up for 10 hours it isn’t a great feeling!
  • Make sure that everyone on your stand is alert, smart and active – everyone that walks past is a potential lead.
  • This isn’t a show made up of students wasting your time – they may look it but they aren’t – milk every lead.
  • Hand out literature, give-aways and a smile at every opportunity.
  • Most of all enjoy and come home with lots of prospects.

We’ll be there so if you see us say hi!


Get every new post delivered to your Inbox.