Archives for October 2015

Nightmare on K Street, or, Interning Is Scary

ghost-clipart-Ghost-Clip-Art-7It’s Halloween and thoughts turn to… an internship?  Makes sense to me.  Both are scary, but if you get over your shivers, they can be a lot of fun and give you what you need for the future: experience.

Internships provide that wonderful yet terrifying life experience in between student and working adult when you’re both really sure of yourself and not so sure at the same time.  I’m sharing that experience right now with some other awesome, yet spooked interns.  We can agree that given the season, ghosts and ghouls have nothing on being a public relations intern.  Here’s what we think can bring double trouble boil and bubble to interning in PR.


A comment I get constantly after telling someone that part of my work in PR involves social media is, “So you pretty much just tweet all day?”  What they don’t understand is the brand building and reputation managing that goes along with the social media aspect of PR.   At my first internship, I was given a two-hour long presentation showing all that could go wrong with companies using social media.  I was shown a tweet about scoring a case of beer and, ‘#gettngslizzerd’ that showed up on the American Red Cross twitter account.  It was a simple mistake of an employee not switching back to a personal account.  The Red Cross handled the faux pas well with a little humor and all was forgiven, but the story stuck with me.

Of course, as an intern, I’m not given free range over any social media accounts, but there is a nagging fear that I will somehow get accounts confused and send out a post that should not be connected with SDI. While it can be easy for people to blame the intern and damage control isn’t too difficult by posting a follow up to explain the blunder, you never want to be the one to cause that chain of events in the first place.  It can be unnerving when the beginning of your adult career can be tarnished with a rogue click of a button labeled, ‘Tweet’ or ‘Post’.  Thankfully, that has never even come close to happening to me.  I get all the posts I write okay-ed before I put them up and haven’t accidentally left myself logged onto the SDI account.  If anything, my fear has helped me be more particular and pay more attention to the work I’m sending out, which is never a bad thing!


New internships are ALWAYS scary, no matter how much experience you’ve had. But more often than not, it’s just that newness that makes them intimidating. I think what may have been the “scariest” part of this particular internship for me was coming in blind. By that, I mean that I had never met anyone at SDI, seen the office, or gotten a feel for the environment. In fact, I sent my resume, interviewed and accepted my internship all over the phone from England this summer. My past internships, for the most part, have been near my school (The University of Georgia) so I’ve been able to talk with others who have gone through the position and visit the office for interviews before taking the job. So, navigating the DC internship process was intimidating on its own. And to add to that, though I had visited DC multiple times, I had never experienced “real” life in the city. I knew it would be a challenge to start a new year in a new city with a new internship, all experiences I really haven’t had before. And it’s been a challenge. But, it’s also been one of the best semesters of my college experience and I wouldn’t trade it for anything. SDI has helped me become better at PR and at navigating the professional world in ways I never could have learned without this internship. I can’t believe it’s been two and a half months since I came into SDI “blind,” because now it’s like home here in DC.


As I was winding down my second year at Penn State, I found myself asking reflecting on, “When was the last time I did something for the first time?”  I had always been an explorer; but it dawned on me that I was half way through my four years of college, and I really craved some challenging new experiences in order to stretch beyond my comfort zone.  I decided it was time to take a sabbatical from the college life that I loved, to spend my junior year away from campus in order to experience new things, grow and expand my perspective.  Life can get pretty boring if you stay within the limits of your comfort zone, so I decided there was no time like the present to get a jump start on my career working at Susan Davis International.  Here are the scariest aspects that I’ve experienced so far with my internship and D.C. experience:


  1. You are forced to learn how to become independent. Although moving to college and starting a life away from home required independence, it is nothing like traveling to a new city alone and throwing yourself into a workplace with full-time professionals.  You don’t get to have your best friend as your roommate helping to keep you from missing class, or even as a buddy to walk to work together.  From day one you are forced to pave the way, and be fully accountable for yourself.
  2. Time Management.  Time management is crucial to your college career, and it was always something I felt I could handle.  In fact, I find it easier to manage my time when I have more on my plate.  Not in D.C.!  Public relations is definitely not just a 9-6 office job.  There are endless amounts of work and something can always be improved.  Also, it’s difficult to step away from the work in order to study for the three classes I am taking as well.  In addition, I need enough time to visit my friends in and explore the city, because all work and no play could make Julie a dull girl!
  3. Networking. Dressing up in a suit and going to a fancy restaurant to make small talk with professional and successful alumni is definitely not something I had on my top priority lists before coming to D.C.  Although these functions were intimidating, I can now answer the question, “Why did you choose public relations?” like a pro, and I have even started to work on my “elevator speech.”
  4. The people.  One thing is for sure, every person in D.C. is on a mission.  Whether they are asking for change, power walking to work, or even shopping, everyone is usually always serious!  There are some friendly people that you may meet in your travels, but for the most part, they do not make up the majority.  On our first day, we were instructed to stay out of several sections of the city, and that we always have to be careful when walking alone especially at night.  The people I work with, however, have been amazing, and I am learning something new every day.  This really is a life changing experience, and I have been really fortunate!

Despite our pre-internship jitters and concerns as we plunged headfirst into the PR world, our experiences have made us all more capable interns.  By facing our fear and doing what scares us, we have been able to navigate through the challenges thrown our way and find ourselves better prepared for whatever lurks ahead!


Maddie Packard, SDI

Maddie is a senior at St. Norbert College studying Media Communications and Business

October 29, 2015

Exploring the Cybersphere: October

This week in our blog, we offer a snapshot of cybersecurity, privacy and data security news of interest to the executive suite.  Periodically, we’ll recap insights from the growing cadre of voices in this space as well as lend our own views on the issues that impact executive governance of cyber risk and response.

Many takeaways this month from articles that further our understanding of cybersecurity concerns and issues starting with:

You can never get your fill of Chinese.

Obama should hold Xi accountable on cyber security
The Hill
National Security Advisor Susan Rice said Monday that “cyberespionage for economic gain by China is putting enormous strain on U.S.-China relations and needs to stop.” So often, the focus of cybersecurity and intelligence experts is on military and government security, and rightfully so.

Will the US-China Cybersecurity Pact Work?
Voice of America
The new cybersecurity agreement signed by U. S. President Barack Obama and his Chinese counterpart Xi Jinping last week marks a significant first step for both governments to join forces in clamping down on commercial espionage in the cyberspace, analysts say. But many remain skeptical if concrete actions will follow.

Top spy says skeptical about U.S.-China agreement
The top U.S. intelligence official said he was skeptical that a new U.S.-China cyber agreement would slow a growing torrent of cyber attacks on U.S. computer networks, adding that his approach will be to “trust but verify.”

To hack, or not to hack?
Has President Barack Obama secured relief from Chinese hacking? That is the question on the minds of many following the announcement by the American leader and his counterpart, Chinese President Xi Jinping, on September 25, 2015. On balance, the agreement is a step in the right direction.

US, China Have Dueling Definitions of Cybersecurity
Voice of America
One of the most-anticipated outcomes of the president of China’s recent state visit to the United States was an agreement between the two countries on beefing up cybersecurity and putting a halt to economic espionage. But analysts question whether the deal actually can deliver.

Security Firm: Chinese Hacking on US Companies Persists
ABC News
Chinese hacking attempts on American corporate intellectual property have occurred with regularity over the past three weeks, suggesting that China almost immediately began violating its newly minted cyberagreement with the United States, according to a newly published analysis by a cybersecurity company with close ties to the U.S. government.

That legislative fix is coming right up.

Lawmakers push to protect trade secrets from Chinese hackers
The Hill
Lawmakers are pushing for legislation that would give companies the right to take legal action in federal court against cyber thieves who steal trade secrets, citing the threat of light-fingered Chinese competitors.

Congressional action on cybersecurity would send strong message to China
The Hill
Pope Francis’ visit to America garnered wall-to-wall media coverage but the second most popular news story has the greater consequence for businesses, consumers and our national security.

Major tech group comes out against cyber bill
The Hill
A prominent tech trade group representing major players in Silicon Valley, telecom and e-commerce has come out against a cybersecurity bill that is set to soon hit the Senate floor.

Opinion: Advice for Congress, the weakest link in cybersecurity
Christian Science Monitor
As soon as Congress realizes that good security and privacy practices are paramount to cultivating a thriving tech economy, it can begin working with Silicon Valley to forge a more prosperous digital future.

Cyber bill to sail in Senate
The Hill
The Senate is on the cusp of passing its biggest cybersecurity bill to date, following years of debate and countless revisions to the contentious legislation.

Here’s the “thing.”

4 loT Cybersecurity Issues You Never Thought About
Dark Reading
Call it a physical and cybersecurity challenge. Innovators and industry experts in Boston Tuesday for the IoT Security 2015 conference brainstormed about some of the Internet of Thing’s most daunting security challenges — authentication, patching, smart grids, and smart homes – and how to address them.

The Unintended Attack Surface Of The Internet Of Things
Dark Reading
Researchers at Vectra Threat Labs recently performed a detailed analysis of vulnerabilities found in a common Belkin wireless repeater. And while a consumer WiFi product may seem like an odd choice for intensive threat research, vulnerabilities in consumer and Internet of Things gear can end up having a much larger impact on enterprise security than you might think.

As the Internet of Things Grows Exponentially, National Cyber Security Awareness Month Focuses on Securing our Connected Devices and Networks
Market Watch
National Cyber Security Awareness Month (NCSAM), the pre-eminent cybersecurity awareness campaign co-founded and led by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS), enters its fourth week by focusing on the Internet of Things (IoT) and properly securing our rapidly expanding universe of connected devices.

Take our advice.

NYIT Cybersecurity Conference: Know Your Adversary, Increase Resiliency
PR Newswire
Experts from industry, government, and academia gathered at NYIT’s annual cybersecurity conference last week sounded an alarm. “Think like your adversaries,” warned Gregory Conti, Ph.D., director, Army Cyber Institute, U.S. Military Academy. Salvatore Stolfo, Ph.D., professor of Computer Sciences at Columbia, escalated that by urging attendees, “Be the adversary!”

Blog: U.S. Defense Department Agrees to Educate Small Businesses on Cybersecurity
The U.S. Defense Department’s Office of Small Business Programs (OSBP) has explored some options, such as online training videos, to integrate cybersecurity into its existing efforts, but as of July had not yet identified and disseminated cybersecurity resources in its outreach and education efforts to defense small businesses, according to a recent report by the U.S. Government Accountability Office (GAO).

Krebs: Most Firms Fail to Take Simple Cybersecurity Measures
Forward Thinking
Talking to a group of CIOs and other IT executives, the author of the Krebs on Security website and the book Spam Nation said there is a big “PR gap” between the perception and reality of cybercrime. “The light at the end of the tunnel isn’t a way out,” he said. “It’s an oncoming train.”

How Small Businesses Can Create a Culture of Cyber Security
ACA International
Threats of cyber-attacks and data breaches are on the rise,  especially for small businesses. According to the National Small Business Administration 2013 Small Business Technology Survey, 44 percent of small businesses report they experienced a cyber-attack, and the average cost is about $9,000 per incident.

SBA Unveils Small Business Cybersecurity Tools
Business News Daily
In honor of October’s designation as National Cybersecurity Awareness Month, the U.S. Small Business Administration (SBA) has unveiled a new Web page dedicated to promoting cybersecurity for small businesses.

Four things you should be doing to protect yourself from cyberattack
It is easy to get lost in a sea of information when looking at cybersecurity issues. And hearing about hacks and cyberattacks as they happen is a surefire way to feel helpless and totally disempowered.



By Tom Davis, SDI Cyber Risk Practice

SDI #CyberTuesday offers insights and commentary on cyber risk management by SDI’s trusted cybersecurity, privacy and data security experts, skilled practitioners whose decades of experience working for governments and corporations around the world distinguish them as strategists and crisis managers.

You can view previous blog posts on cyber risk management here.

October 27, 2015

LUNGevity Crushes Cancer One Step At A Time

LUNGevityWhat does taking a deep breath mean to you?  It could offer you a chance to relax, gain some peace of mind, fill your lungs with fresh air, and be thankful for all of life’s blessings.  There’s a place you can do that while supporting a tremendous organization dedicated to helping individuals with lung cancer reach for a breath, and for hope.

Breathe Deep DC, LUNGevity’s annual community walk on the National Mall, is set for November 1st.  Anyone can participate and can register right up to the day of the walk.  Pets are welcome too.  They even get their own “Fur a Cure” shirt!

The event was originally developed by lung cancer survivor and Bethesda father of two, Jerry Sorkin, when he realized that there were no DC events that brought together lung cancer survivors and raised awareness of the disease.  Now, thousands of people affected by lung cancer from all walks of life come together with friends, family, volunteers, and advocates all with one common goal: to improve survivorship, quality of life, and to ultimately make lung cancer a manageable disease.

LUNGevity has spent every year of Breathe Deep DC focusing on raising awareness of lung cancer and celebrating the great progress that has been made against the disease.  But there is still a great deal of work to be done – and by participating in walks and donating, people across the nation can help LUNGevity create a world where no one dies of lung cancer.

LUNGevity is the largest national lung cancer-focused nonprofit, and it has changed the lives of the lung cancer community through research, education, and support.  Breathe Deep DC is one of LUNGevity’s signature events with counterpart walks in other cities across the nation.

Last year, LUNGevity launched a new website that features a Lung Cancer 101 section, event advertisements, links to blogs, expert resources, and offers opportunities for people to connect and share their own stories.  The site empowers and inspires people to stand up and make a difference.

Listen to a few voices from LUNGevity supporters:

“LUNGevity is about survivors, hope and networking. The people with this organization have changed my crazy life forever.  I found a network of lung cancer survivors who have given me so much inspiration to get out and advocate for lung cancer.” – Beth S.

“Everything that LUNGevity does is to lift us up and inspire us as survivors.  They do their jobs so well.” – Jessica S.

“Together we are so much stronger than just one of us alone.” – Gail L.

SDI has been proud to support LUNGevity’s walks nationwide and its passion to eradicate this disease while bringing hope to generations of individuals living with lung cancer.  Every breath is a gift.  SDI is honored to witness firsthand how LUNGevity is changing the national lung cancer conversation, one step at a time.


By Julie St. John Haupin, SDI

October 21, 2015

Be Afraid, Be Very Afraid

cyber tuesday logo smaller“Even a man who is pure at heart/And says his prayers by night/May become a wolf when the wolf-bane blooms/And the moon is full and bright.”

The Wolf Man

When the days grow shorter and the darkness of night tightens its grip on the northern hemisphere there comes a quickening in the pulse of daily events. Even the most jaded among us will feel a distant urging, a sense there is much to do and time is running short.  We connect with a more ancient time, a time when our ancestors would gather their supplies and hasten their preparation for the coming of winter. In the language of the poet it is a time when life comes sharply opposite death. That is a perfect metaphor for Halloween, All Hallow’s Eve, the night when pagans believed that the boundaries between the worlds of the living and the dead overlapped and the deceased would come back to life and trouble our sense of security.

It seems a bit odd, but we like being scared. Our hearts beat faster, a chill goes down our spine, we get goosebumps. For many of us, we also get a surge of strength and energy, the classic adrenaline rush. The thrill of an adrenaline rush can be intoxicating, and that’s part of what draws us to risk taking, to driving fast, scaling heights, riding roller coasters, watching horror films, and allowing ourselves to roam the dark recesses of our minds and be scared on Halloween.

The Wolf is at the Door

What does cybersecurity have to do with being scared? I think you know, but let’s look at what others are saying. Take Joseph Weiss…“Cybersecurity Expert: Be Afraid, America. Be Very Afraid.”  Mr. Weiss points out thatNation-states such as Iran, China, Russia, and North Korea have the knowledge and capabilities to damage our critical infrastructures with cyber-attacks. Additionally, vulnerabilities are being identified on what seems like a weekly basis and cyber exploits for most industrial control systems are now freely available on the Web. That puts potential weapons of mass destruction into the reach of small-scale attackers.” He posits that in the face of these threats “our nation is woefully unprepared to defend itself.”

Invasion of the Data Snatchers

If that doesn’t provide a chill, there’s this. In 1938, Orson Welles carried out one of the great hoaxes in American history when he broadcast “War of the Worlds,” a dramatization of a Martian invasion of earth. What seems funny now caused a nationwide panic, as people jammed highways trying to flee the invasion and police offices were flooded with calls for help. Today we have the invasion of the data snatchers, as hackers manipulate data in a way that threatens national security.  Here’s The Hill reporting on data manipulation, “Intrusions that undercut data integrity have the potential to be a powerful arm of propaganda and false information by foreign governments…” and quoting FireEye’s Jordan Berry, “For instance, if some hot flash reports are coming from an event and a nation-state has in-between access from on-the-ground reporters to people who are receiving that information, and they want to change the perception, they can change those reports before they reach their final destination,” Berry said.

At this point you may be forgiven for reaching for the wolfsbane and tying on the garlic necklace. If you feel the need for divine intervention, I offer you this Scottish prayer.

From ghoulies and ghosties
And long-leggedy beasties
And things that go bump in the night,
Good Lord, deliver us!

A Nightmare on Elm Street…and other places

You Apple users could have gotten this from Siri, or Google. But, then, you should know this from Wired…“Siri may be your personal assistant. But your voice is not the only one she listens to. As a group of French researchers have discovered, Siri also helpfully obeys the orders of any hacker who talks to her—even, in some cases, one who’s silently transmitting those commands via radio from as far as 16 feet away.”

Now that’s spooky.


By Tom Davis, SDI Cyber Risk Practice

SDI #CyberTuesday offers insights and commentary on cyber risk management by SDI’s trusted cybersecurity, privacy and data security experts, skilled practitioners whose decades of experience working for governments and corporations around the world distinguish them as strategists and crisis managers.

You can view previous blog posts on cyber risk management here.

October 20, 2015

Here’s Our Assurance About Cyber Insurance

cyber tuesday logo smallerAs the cyber threat to businesses around the world has grown, so has interest in insuring against losses related to cyber crime. An increasing number of insurance providers have begun offering cyber threat products, and the expectation is that the market will grow dramatically. Financier states that between 2012 and 2014, the size of the mark almost trebled, with estimated gross written premiums rising from $850 million to approximately $2.4 billion – and 2015 could see the market hit $4 billion.

We’ve argued previously that insurance has significant value, and going through the process of purchasing coverage can offer buyers insight about the risks they face and the steps that should be taken in their cybersecurity program to meet minimum qualifying criteria. But, all along there’s been an accompanying recognition that the insurance industry has lacked the actuarial data that would enable really meaningful analysis and facilitate the evolution of the market. Now, thanks to an unending series of high profile attacks, we’re beginning to get the data, and as the insurance industry responds, the word that comes to mind is, “Yikes!”

Reuters just reported that “A rash of hacking attacks on U.S. companies over the past two years has prompted insurers to massively increase cyber premiums for some companies, leaving firms that are perceived to be a high risk scrambling for cover. On top of rate hikes, insurers are raising deductibles and in some cases limiting the amount of coverage to $100 million, leaving many potentially exposed to big losses from hacks that can cost more than twice that.” Reuters further reports that cyber insurance rates for retailers went up 32 percent in the first half of 2015, and that deductibles are rising rapidly while limits are being capped.

We can expect even more churn in the insurance market as attacks continue and exposure data is refined. Putting the $4 billion projected 2015 insurance market in context requires keeping in mind that a 2014 study, “Net Losses: Estimating the Global Cost of Cybercrime,” conducted by software security firm McAfee for the Center for Strategic and International Studies, estimated that cybercrime costs the global economy $445 billion a year. Eventually the insurance market will become more efficient and effective. Standards will evolve and should improve defenses and have a salutary effect on losses, and good insurers will play the role of risk engineers.  In the meantime, what’s that word again? Yikes!


By Tom Davis, SDI Cyber Risk Practice

SDI #CyberTuesday offers insights and commentary on cyber risk management by SDI’s trusted cybersecurity, privacy and data security experts, skilled practitioners whose decades of experience working for governments and corporations around the world distinguish them as strategists and crisis managers.

You can view previous blog posts on cyber risk management here.

October 13, 2015



What’s PII Got to do with Digital Identity, Satellite Citizenship and Estonia?

cyber tuesday logo smaller

“It’s like hearing your bodyguard was robbed outside your front door.”  That wonderfully graphic description captures the reality of learning that hackers stole personal information belonging to about 15 million T-Mobile wireless customers and potential customers in the U.S., including Social Security numbers, home addresses, birthdates and other personal information from credit reporting agency Experian.

Reports indicate the data stolen includes Social Security numbers, home addresses, birthdates and other personal information. Obviously the loss of the personally identifiable information, or PII, will tarnish T-Mobile’s relationship with current and prospective customers, and some analysts are questioning whether T-Mobile had looked into how Experian would protect the data it was given. But there is a widespread presumption that some players in our complex financial system are extremely capable of protecting their data. The bigger issue here may stem from what the hack does to challenge that assumption, and what it tells us about the ability of a leading credit reporting agency to protect the data it collects.

Avivah Litan, vice president of technology advisory firm, Gartner, was quoted in American Banker as saying the breach would really hurt Experian, and would have implications for the role of credit bureaus in banks’ underwriting.  “The No. 1 fraud issue for banks and other companies is new-account opening and identity verification. More identities have been compromised than haven’t. I’m on the phone every day with clients about identity proofing, because credit bureau data is what you use for identity proofing.”

The Experian breach is lending traction to the belief that it is unwise to use personally identifiable information to verify customers anymore.”PII data has become completely unreliable,” Litan said. “People are still using it because there’s nothing else easy to use around, but they’re weaning off of it.”

Think about it. We can’t trust personally identifiable information to identify a person. That’s positively Orwellian.  But if true, what might we use? Look no further than Estonia to see the future. (That’s right, Estonia).


By Tom Davis, SDI Cyber Risk Practice

SDI #CyberTuesday offers insights and commentary on cyber risk management by SDI’s trusted cybersecurity, privacy and data security experts, skilled practitioners whose decades of experience working for governments and corporations around the world distinguish them as strategists and crisis managers.

You can view previous blog posts on cyber risk management here.

October 6, 2015