Nicole Perlroth ’04 is now an advisor to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).
Jason Henry/The New York Times
Perlroth thinks she did everything she could to draw attention to the issue as a journalist
Award-winning cybersecurity journalist Nicole Perlroth ’04 didn’t start her journalism career writing about cybersecurity or even technology. She started with a tabloid talk – about food.
In 2007, Perlroth was taking a nighttime journalism course at New York University, taught by a New York Post columnist who suggested researching fancy restaurants in New York that had health issues. So Perlroth, who worked in marketing for fashion company Coach during the day, began spending her evenings poring over Department of Health records until she found a restaurant in Chelsea that had a awful report. She spoke to the owner, who told her the inspector came in, got drunk at the bar, passed out, then handed the restaurant a disaster report to justify why he spent several hours there — and everything was on video. This story became Perlroth’s first signature, independent article in the New York Post which ran under the headline “It’s Inspector ‘Snooze’-water.”
She filled her living room with nearly 100 copies, recalls Perlroth. “At that point, I said, ‘OK, I’ve never done anything with journalism, but it’s interesting, it’s intellectually stimulating, and it looks like you can actually make a difference. “”
Perlroth eventually found her niche writing about cybersecurity, which she did for a decade at The New York Times, which positioned her for a new role as an unpaid advisor to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). It is also the subject of his 2021 bestseller This is how they tell me the end of the world: the arms race cyber weaponswho won the FinancialTimes and McKinsey Business Book of the Year Award last year. The book traces the market for cyber weapons and vulnerabilities – flaws in the code. Governments and independent hackers are constantly discovering these vulnerabilities and having to decide what to do with them. Do they store findings for their own future use, sell them to others, or disclose them so they can be corrected?
Perlroth’s reporting spans the globe, from Ukraine to Israel, and she is a central figure in the book, taking the reader with her as she attempts to uncover the dark and secret characters who buy and sell code vulnerabilities. and the tools used to exploit them. .
As she reported on the latest cybersecurity news, Perlroth had expressed concern that governments were storing vulnerabilities – a story that didn’t reach many of her readers. “That became the impetus for the book,” she says. “I have to write this as a non-fiction story where, unfortunately, I even have to be in this reader’s grip.”
In some ways, Perlroth is an unlikely figure to be a star cybersecurity journalist or one of the main characters in a cyberweapons book. She had no technical background and only ended up covering tech companies because she wanted to return to the West Coast. She introduced her publishers to Forbes magazine to move her from New York to the Bay Area to cover venture capital. Then, in 2010, Perlroth received a phone call from The New York Times inviting him to an interview for a job as a cybersecurity journalist.
“I said, ‘You’re kidding me,'” Perlroth recalled. She ultimately got the job because she could explain cybersecurity issues in a way that was accessible and not too technical for a non-technical audience.
A beginning Time The assignment that made a strong impression on Perlroth involved the 2012 China hack of the newspaper’s servers. Perlroth joined the team from security firm Mandiant that was investigating the breach and witnessed firsthand how Cyber espionage looked like a 9 to 5 job for Chinese hackers. Originally, Perlroth and investigators thought the hackers might be trying to find a way to shut down the newspaper’s printing press or sabotage its operations, but later concluded it was a espionage incident, aimed at uncovering the sources of a series of stories about corruption. and the Chinese Communist Party.
Perlroth published a lengthy article detailing the breach in January 2013. It changed its view of what it meant to cover cybersecurity and the extent of the problem it faced. “Nobody talks about it,” she said.
While her non-technical background has proven to be an advantage, it also has its downsides, she readily admits. In particular, while writing his book, Perlroth constantly worried about how it would be received.
“I checked this book to death, but I knew there would be technical descriptors that would drive people crazy,” Perlroth says. It happened, but those critics – a small number of people on the ground – weren’t the people she was trying to reach.
Writing the book also forced her to reflect and suggest possible solutions. The final chapters include sweeping proposals to reform the way the US government handles computer vulnerabilities and builds cyber capabilities.
As for Perlroth’s new role, it was an idea she got from another Princeton alum, Kiersten Todt ’94, who is chief of staff to CISA director Jen Easterly. She asked Perlroth if she might be interested in helping CISA step up its cybersecurity efforts.
At CISA, Perlroth hopes to help establish a program for private sector cybersecurity experts to spend time in government and develop other avenues to recruit technical minds to work for government. She is also starting to think about working with cybersecurity start-ups.
Perlroth ultimately decided to quit journalism, as she believes she has done everything possible to bring attention to the issue as a journalist. She adds, “I think I could have more impact behind the scenes.”