Podcast: Cybersecurity PR Tips with Zoe McFarland
For the first ever episode of the Wildfire PR podcast, I sat down with Zoe McFarland, who leads on cybersecurity PR at Wildfire.
In this episode, we dive into practical PR tips for cybersecurity brands and platforms—covering how to maximise campaign impact, navigate a crowded news agenda, and crucially, how to effectively target and influence CISOs.
Zoe shares insights from her experience working directly with cyber clients, along with some of her top tips for PR pros at cyber brands.
Interview highlights
Introduction
Alex: Hello and welcome to the first ever Wildfire PR podcast, where we’ll be talking about all things tech. I’m Alex Warren, and today I’m joined by Zoe McFarland, who specialises in cybersecurity PR and works on our cyber accounts.
Today we’re going to be talking about how cybersecurity companies can maximise the value of their PR, how you can target CISOs and influence cyber buyers, and some of the lessons Zoe has learned throughout her career.
What makes an effective cybersecurity PR campaign?
Alex: What makes an effective cybersecurity campaign?
Zoe: It is similar to the B2B tech world, but in cyber in particular, what works best is a “so what”. What actually matters right now? How is something going to impact the business of someone in the cyber industry?
It also needs to be relevant to the news agenda. From media learnings, it needs to be something that someone can read in their spare time and understand easily. It should not be complex and technical, even though the world itself is.
It needs to have that human interest and real-world tangibility. Otherwise, it is going to be very hard to land.
Alex: I assume that also includes a fair bit of newsjacking, given how many cyber stories are breaking at any one time?
Zoe: It does vary. On one side, it is very noisy. For cyber brands to enter all of those conversations is not necessarily going to work well if they do not have something meaningful to add. But we do need to be on top of the news agenda.
How important are customer case studies in cybersecurity PR?
Alex: I assume customers are probably quite important as well?
Zoe: Customers are great, but in cyber they are gold dust. There is often fear and anxiety about sharing something that may reflect badly, and there is also a competitive element around what sits under the hood.
However, the focus should be on business impact—what is affecting them in real terms—rather than going deep into technical detail. It does not need to be that in-depth or technical.
How can PR teams get cybersecurity customers to speak to media?
Alex: From a PR agency perspective, how do you help get customers talking, and what would you recommend to comms teams to overcome that challenge?
Zoe: Customer stories are gold dust, and we know it is not easy. It is about having strong relationships and being clear that there is a process and control around how their story is used.
It can also be staged. You might start with a quote in an award entry that is not public. Then move to a speaking slot at an owned event, where there may not even be media present, but they can get comfortable telling their story.
There is also the option of controlled environments, such as roundtables or Chatham House rules, where everyone knows the talking points. Some clients include multiple customers in one session so it feels less intense than a one-to-one interview.
It is about preparation and stage management—customers want to feel ready.
Read our full advice on how to get cybersecurity customers involved in PR here.
What do CISOs want from cybersecurity PR and thought leadership?
Alex: What is a CISO looking for from PR?
Zoe: They want practitioners to share what broke, what worked, and what they would do differently. That kind of practical insight is what resonates.
Read our full advice on what CISOs want from PR here.
Why do cybersecurity product launches fail — and what can PR teams do differently?
Alex: Product launches can sometimes go incredibly well, and sometimes they can be tricky. Why do they not always land with the media?
Zoe: This is where strong collaboration between agencies and in-house teams is important, and where agencies need to be brought in earlier.
We need to speak to product marketing and ask: why does this matter to the market? What is it solving? What impact will it have? What benefits will it bring?
If there has been any form of beta testing, even anonymised results—such as improved productivity—can help bring that to life and add a more human, business-focused angle.
Alex: So it is about talking solutions rather than the product itself?
Zoe: Exactly. And it can also be tailored to different audiences and media. It does not have to be one central press release.
You can create different versions of the story depending on the audience—whether that is trade media, specific industries, or channel partners—and make sure it speaks directly to their priorities.
Alex: Press releases can sometimes hold companies back—would you agree?
Zoe: They should not be the only asset. If agencies are brought in earlier, that content can be developed into different formats—Q&As, interviews, podcasts, or thought leadership—so the story is communicated in a more engaging and relevant way.
How do you get journalists to attend cybersecurity events and conferences?
Alex: Events are a big part of B2B PR. Why do journalists sometimes not show up, and how can we address that?
Zoe: It comes back to the “so what”. What are they going to get access to that they would not get on a Zoom call?
Journalists are under pressure. Teams are leaner than ever, both in trade and national media. So if we are asking them to attend in person, we need to show clearly what they will gain.
That means setting out the agenda, who they will hear from, and what access they will have.
Practical challenges also play a role. Location can be a barrier, and freelancers may not attend if they are not certain they will be commissioned to write something from it.
Read our full advice on how to get journalists to attend cyber events here.
What makes a strong cybersecurity PR spokesperson?
Alex: What makes a good spokesperson, and what makes someone a journalist will come back to?
Zoe: We need to make sure spokespeople have clear topics they own and clear messages to deliver, so they are confident in what they are saying and what they are an expert in.
From a journalist’s perspective, they want someone they can return to for a specific area of expertise. Not just “cybersecurity” broadly, but something more defined—whether that is malware, threat research, or a particular industry.
They also need to be well prepared, show up on time, and deliver clear, concise and genuine comments.
It is important that they bring their own perspective, rather than repeating something they have read elsewhere. And where possible, they should include data or anonymised customer examples to support what they are saying.
Where should cybersecurity comms leads focus to drive real impact?
Alex: If you were in-house at a cyber brand with limited time and budget, where would you focus first?
Zoe: Step back and think about what you truly want to achieve and what success looks like. Focus on building a programme rather than reacting to individual moments like product launches or events.
Think about what you can own, what differentiates you, and where you can lead in thought leadership.
Even one customer who is willing to speak can be very valuable if used well. It is also important to invest time in building and training your spokesperson bench, so they are clear on what they can talk about and what is interesting.
The focus should always be on stories, business impact, and what is changing—not product-led or sales-led messaging.
