CyberInsights at 💯📢
CyberInsights #100 - The journey of a 100 newsletters begins with a, well, an idea to simplify cybersecurity news and provide actionable inputs.
The journey of a 100 newsletters 📰
How CyberInsights transmogrified into a simple newsletter that offers just the right bit of information among all the noise.
Once upon a time, not so long long ago, newspapers carried the news. They would report things as they were. Buried somewhere in the middle were some opinion pieces written by the people who curated the news (editors) - the Editorials.
Then came the Internet. News rapidly changed. You could no longer tell what was news and what was an editorial.
Add to that, a fast moving, ever changing topic like cybersecurity and the poor little reader was completely lost. People broke news on Twitter and provided an editorial along with it. Incidents were reported & mis-reported, analysed & mis-analysed. The reader did not know what to read. More importantly, the reader did not know what to do after reading the news.
Then there was COVID-19. The big anomaly. The big reset. People started working from home. VPN service providers had their day in the sun. Everyone rushed to get more laptops to people and more VPN connections to connect to their office.
The adoption of SaaS services increased. Companies that never worked from home — ‘in our line of business, it is impossible to work from home’ — had a large foot in their mouth when they had to suddenly get everyone to work from home or risk losing huge chunks of revenue and even larger chunk of clients to competitors.
Cybersecurity went BIG, because everyone was working from home. It became easier for rumours and fake news to spread. The rise of cybersecurity meant the rise of available news on cybersecurity.
With that colourful background, we decided to launch CyberInsights. The thought process was simple. We read the news. We analyse what it says and choose the top 2 items in the week. Our focus was simple.
Is it affecting us now? 🕰️
Will it matter 1 year from now? 🗓️
Thus started ‘CyberInsights’.
This was our very first newsletter:
We had a section called ‘CISO Check’. This section would provide actionable to the CISO based on the news. It had questions for the CISO to ask herself and explore answers. Something like this:
CISO check: This vulnerability was rated ‘High’ and not ‘Critical’. Does your organisation patch only the critical ones?
CISO check: Does your planned cloud security service integrate with your existing architecture? Are you going to be stuck with a point solution that partially reduces your risk and addresses only a subset of the problem?
The initial days were a little patchy. We analysed the news and provided a link to the article we read in the title. Most people thought we had just underlined the title. :)
We slowly added a quote of the week. We stopped doing that sometime in the journey — in hindsight for no reason at all…
The first 36 editions were titled “CyberInsights Weekly #n” - with the edition number being the only difference in title. It led to people not knowing what was in the newsletter.
At this point we took a break for a year.
We were not sure if the newsletter was making sense - nor were we sure if we were adding value to people. The engagement was poor. We did not know if people really read the newsletters, or if they liked the content. We were sending out messages in the dark. Apart from the occasional ‘like’, we were not sure what was happening. We were not sure if we wanted to continue the newsletter at all.
Then, offline, at conferences and meetings, we started getting subtle messages from subscribers - ‘haven’t seen your newsletter in a while’ they said. ‘I looked forward to the Wednesday Morning (Indian Standard Time) newsletter’.
So, off we went to the press again.
The year off made us realise some of the missing things. Edition 37 was in the new avatar:
We made the edition more readable. It was a bit longer than the previous ones, but it was clearer. It was a little more fun to read. It had some relevant images.
Around the same time, we also started a subsection called ‘LongReads’. This was meant to do a deep dive into some topics of interest. The first one is here:
It was the time of Log4J and it felt apt to write about creating and maintaining a software bill of material.
We then went on to write 4 more LongReads. The amount of work it takes to create a LongReads prevented us from writing more of them.
Now, we have a great reader base as well as regular readers who make use of the ‘Take Action” part of the newsletter every week.
So, what next?
This is something that we have been contemplating for a bit.
The key challenge we face is that we are doing this pro-bono - in addition to our day jobs. We are barely able to meet the weekly cadence of news. While we would love to write more LongReads, they require more commitment of time. We are exploring the following:
Should we make LongReads a paid newsletter? If so, what should be the cadence?
Should we add more authors? Guest posts? How does one go about it?
Should we think about increasing the frequency to twice a week? If so, will we be chasing the news cycle and not focusing on the two questions we ask ourselves?
So, for the near future, we will continue with our current weekly newsletter, but also think about the above questions. Please feel free to give your suggestions.
Here’s to another 100 editions of CyberInsights!!