Without research, there are no blog entries - and I hate putting out
"fluff pieces" (ie a line or two of text with a link to something
somebody else wrote) to make up the numbers. I prefer to create the
content myself, because not only do we have control over the material
and the subsequent activities that take place as a result, it
immediately makes the content unique, readable and more interesting
than many of the other blogs out there.
However.
Without blog entries, there is no research - or, at least (to the general public, who only see the research security companies do nowadays via an endless deluge of RSS feeds) - there is no research. With nothing published, interest wanes. A few days go by, and the number of people subscribed starts to dip slightly. You get a little twitchy, and wonder why it's so quiet.
Is it quiet? Or is it just that you've been looking in the wrong places the last couple of days?
You wonder if / when the next interesting thing to write about is going to come along. You invest more time in research, but of course that means less seconds in front of the PC hammering out the next blog entry. When the majority of your online existence is devoted to providing the public at large, curious passers-by, people in the industry , journalists and (every so often) law enforcement with a window into the world of making things a little more secure for everybody, that can create a few problems.
Research feeds the writing, and vice-versa (which too few people appreciate) because many more discoveries in the research come to light only after an initial article has been posted. Could be from a tip-off, a disgruntled victim - perhaps someone from law enforcement who can't really write about their own findings on a blog somewhere but are quite happy for you to beat the drum on their behalf.
Both writing and research eat into the time available for either activity. Writing across two different blogs takes an enormous amount of time, especially as they promote two different types of research. Actually, no - that's not right. They're more like different facets of the same research, with one tending to look at the files and the other looking at the creators of those same files. In tandem, they can be a particularly potent weapon against those looking to hijack your PCs, steal your credit cards and all those other wonderful things kids like to do these days when their parents aren't looking.
In that sense, the pressure to provide a never-ending stream of content for two different sites is also a huge benefit, because when the more "traditional" type of analysis dries up on Spywareguide - and of course, it does from time to time (like when all the bad guys are too busy eating their Christmas dinner to bother with virus writing) - you can still usually find a collection of low level talent script kiddies or wannabe hackers and have fun at their expense over here. Similarly, when there are no bad guys practically begging to be outed on Vital, you can still usually come up with some interesting infections for further analysis on Spywareguide with the aid of the research teams we have scattered across the globe.
As far as I'm aware, this gives us an edge over a lot of security companies out there who only tend to have one solitary blog, usually only geared towards pure research. When the tech stuff dries up, those blogs tend to go silent for a while, and blog silence for me is not a good thing. I want content, and I want that content daily. I become hooked on those sites, and I'm disappointed when they fall off the radar for a while. Yes, it's childish and yes, it's impatient - but that's how it works. Off the top of my head, the only company I can think of that has one blog but can easily (and quite happily!) write about non-security subjects is the Sunbelt Blog, and more power to them. I mean, look at this and tell me you expect to see something like that on a security site. You probably didn't but wow, there it is, and isn't it great?
Supply / Demand. It's what blogging is all about.
Now if we could just work out the oil Supply / Demand issues we'd be onto a winner....
However.
Without blog entries, there is no research - or, at least (to the general public, who only see the research security companies do nowadays via an endless deluge of RSS feeds) - there is no research. With nothing published, interest wanes. A few days go by, and the number of people subscribed starts to dip slightly. You get a little twitchy, and wonder why it's so quiet.
Is it quiet? Or is it just that you've been looking in the wrong places the last couple of days?
You wonder if / when the next interesting thing to write about is going to come along. You invest more time in research, but of course that means less seconds in front of the PC hammering out the next blog entry. When the majority of your online existence is devoted to providing the public at large, curious passers-by, people in the industry , journalists and (every so often) law enforcement with a window into the world of making things a little more secure for everybody, that can create a few problems.
Research feeds the writing, and vice-versa (which too few people appreciate) because many more discoveries in the research come to light only after an initial article has been posted. Could be from a tip-off, a disgruntled victim - perhaps someone from law enforcement who can't really write about their own findings on a blog somewhere but are quite happy for you to beat the drum on their behalf.
Both writing and research eat into the time available for either activity. Writing across two different blogs takes an enormous amount of time, especially as they promote two different types of research. Actually, no - that's not right. They're more like different facets of the same research, with one tending to look at the files and the other looking at the creators of those same files. In tandem, they can be a particularly potent weapon against those looking to hijack your PCs, steal your credit cards and all those other wonderful things kids like to do these days when their parents aren't looking.
In that sense, the pressure to provide a never-ending stream of content for two different sites is also a huge benefit, because when the more "traditional" type of analysis dries up on Spywareguide - and of course, it does from time to time (like when all the bad guys are too busy eating their Christmas dinner to bother with virus writing) - you can still usually find a collection of low level talent script kiddies or wannabe hackers and have fun at their expense over here. Similarly, when there are no bad guys practically begging to be outed on Vital, you can still usually come up with some interesting infections for further analysis on Spywareguide with the aid of the research teams we have scattered across the globe.
As far as I'm aware, this gives us an edge over a lot of security companies out there who only tend to have one solitary blog, usually only geared towards pure research. When the tech stuff dries up, those blogs tend to go silent for a while, and blog silence for me is not a good thing. I want content, and I want that content daily. I become hooked on those sites, and I'm disappointed when they fall off the radar for a while. Yes, it's childish and yes, it's impatient - but that's how it works. Off the top of my head, the only company I can think of that has one blog but can easily (and quite happily!) write about non-security subjects is the Sunbelt Blog, and more power to them. I mean, look at this and tell me you expect to see something like that on a security site. You probably didn't but wow, there it is, and isn't it great?
Supply / Demand. It's what blogging is all about.
Now if we could just work out the oil Supply / Demand issues we'd be onto a winner....
Leave a comment