Inside the Media Mind of Joel Witts: Expert Insights
Christine Blake: Welcome to Inside the Media Minds. We are your co-hosts, Christine Blake
Madison Farabaugh: and Madison Farabaugh.
Christine Blake: This show features in-depth interviews with tech reporters who share everything from their biggest pet peeves to their favorite stories. From our studio here at W2 Communications, let's go Inside the Media Minds.
Hi, everyone. On today's episode of Inside the Media Minds, Madison and I are talking to Joel Witts, who is the director of content and a co-founder at Expert Insights. Expert Insights is a rapidly growing media company focused on covering cybersecurity solutions. Joel himself is an experienced journalist and editor with over eight years of experience covering the cybersecurity space, so this was a great podcast interview. We're able to really dig into some topics he is covering. He went over his background, Expert Insights, and his focus areas.
One part I found particularly interesting was when we asked how companies can separate themselves from other cybersecurity vendors and cut through that noise. When it comes to AI messaging, he really talked about the importance of proving how the AI solutions are working and not just talking about them from a marketing perspective. Madison, what did you find to be the most interesting?
Madison Farabaugh: Yeah, I think related to the topic of cutting through the noise, I think Joel gave some great tips for PR professionals who might be pitching him their clients and just really focusing on how the company or the company's expertise might be helping CISOs and security practitioners with their everyday work, and how whether it's their solution or their insights, etc., how that is helping them improve their workloads or improve how they approach security. So, the very practical everyday perspective is something that they really look for in their pitches.
Christine Blake: Yeah, definitely. Joel mentioned he'll be at Black Hat this year. He mentioned getting to conferences and finding a big benefit of interviewing different experts at events. So we hope that everyone enjoys this episode. Hey everyone, it is Christine,
Madison Farabaugh: and Madison.
Christine Blake: Yeah, and thank you so much for joining us on today's podcast. We have Joel Witts, who is the director of content and co-founder at Expert Insights today. Thanks for joining us, Joel. Happy to talk to you.
Joel Witts: Thanks so much for having me.
Christine Blake: Of course. So, we'd love to just start out with a quick overview of your background and how you came to Expert Insights, and kind of your story there. Let us go into that first.
Joel Witts: Yeah, of course. Again, thank you very much for having me on the podcast. I was looking back over some previous episodes, and you know, some really incredible journalists and company founders that have been on there, so thank you very much for having me.
My background is in journalism, so studied journalism at a university here in the UK, Cardiff University. I have done a little bit of work in local journalism here in the UK, and I've just always enjoyed writing, and I've always been kind of fascinated by the media industry in general. So, when I graduated, I met Craig MacAlpine, who's the CEO here at Expert Insights, and he had previously run an email security business and wanted to set up a new review website for cybersecurity solutions in general. He kind of saw that there was a lot of noise in the cybersecurity space, and wanted to kind of build a platform that could cut through that noise and help, particularly sort of smaller businesses and mid-sized companies, to find the right cybersecurity solutions. So I joined Expert Insights as a co-founder, and over the past eight years, we've really built out the Expert Insights platform, and we have sort of taken a very expert-led and kind of product-led approach to that, so yeah, we kind of sit between kind of user review websites like maybe G2 or Capterra, and the kind of big analyst companies like Gartner, we kind of see ourselves as sort of in between that space.
And, over the years, we've also really broadened out just from the product side to also into news and product analysis, and we do a lot of interviews and podcasts, and now we're launching newsletters, so it's been a really exciting journey, and we've been very lucky to build a really engaged audience. So our readers are cybersecurity professionals, CISOs, security engineers, analysts, IT managers. It's a broad range, but you know, they're all making cybersecurity decisions, they're all kind of, you know, in that, in the, that is their day to day, and we, and we try and make sure that everything we do is kind of relevant to that. So I think it's, we kind of sit in a unique place, but it's a really exciting company to be part of.
Christine Blake: Yeah, great overview. Thank you for sharing that.
Joel Witts: Yeah, absolutely. I think we kind of, we started off with a very much a kind of geeky product-led perspective, you know. We wanted to get into the technical details and the niches of the different products, and you know, I think we still do to a large extent, actually, but we've also broadened out, so, like I say, we're now covering industry news and perspectives, and I think the interviews are a really important part of what we do, but that ethos has kind of stuck with us of being product focused. And I think it really comes from the perspective of wanting to focus on what really matters to people day to day.
So, what are the stories that really resonate to CISOs or to IT managers that would be relevant for their day-to-day experience in their role, and a lot of the time there's some really exciting big picture stories that are happening in cyber. But for an IT manager who needs to get an email security product that works and stops phishing, they want that level of kind of more, more granular detail, and in the reporting we've kind of tried to take that ethos as well, and that if a story is relevant to an IT manager's day-to-day job, if it's going to actually help to help them to improve their business's security, or give them an insight, a bit of advice that can help them, that's kind of what we want to be covering, and that's what we see are kind of, is it our USP, I suppose, in a very competitive landscape.
Madison Farabaugh: Yeah, and you touched on a bit of how Expert Insights kind of differentiates itself from some other cyber tech security publications out there, so can you maybe add a little bit more into how, how the team approaches its editorial strategy, and how it kind of deciphers what it should be focusing on for its key audiences.
Christine Blake: Yeah, it certainly is. And we're curious too, like, what does your particular day to day look like as a director of content, and maybe your other other roles and other initiatives like the podcast and things of that nature.
Joel Witts: Yeah, absolutely. It's yeah, it's busy. No two days kind of look exactly the same. So I would usually start by chatting with our in-house editorial team to talk through the stories we're working on that day, kind of looking at the topic of what's in the news, but also the kind of what other content we're working on. Because we're always working on, I wouldn't call them necessarily features in the traditional sense, but we might be looking at particular products that we're reviewing, or roundups of different categories, or you know, just looking at the trends over time, or different interviews that we've got in the pipeline. So we'll normally start by looking at that, and then we work with freelancers as well on news stories, so I'll connect with them and see what sort of the major stories in the news are that we need to be covering for our weekly newsletters, and that kind of thing. And then you know, there's also the bigger picture, so looking at content strategies, chatting with lots of different vendors to find out what's going on with them, conducting interviews, working on product reviews.
I do try and stay, maybe, maybe too hands-on in terms of, you know, writing different stories and looking at different products, but I enjoy it, for one, but also I think it helps make sure that the the overall strategy and direction is going in the right way, and that we're, I think, I think you really have to be immersed in cybersecurity as a journalist, or anyone in the industry, like if you, if you, you know, close your eyes, you'll miss something that happens. So yeah, I also try to speak to as many people as I can, particularly practitioners and people who are working in the industry day to day, because it really helps to understand what their, you know, what they want to know about, and to get their perspectives on things. So, we've been investing a lot in kind of chatting to CISOs and enterprise team managers to understand, you know, their day to day and what matters for them.
Christine Blake: Yeah, that's important, and it seems like you're very in touch with your readership and what they're looking for. And it's interesting too in your role, like people are consuming content and media in so many different ways, so you have to look at all the different variables and all the different mediums of how they're receiving their content and how to make it most useful for them.
Joel Witts: Yeah, 100% and a lot of the times I think, if we're being honest, people don't necessarily set out to read more content. I think they've got so much that, you know, it's being broadcast to them that you really have to have a strong value position to make people engage with you. And I think the other unique thing with cyber is the people that we're writing for tend to be, you know, they've got decades of experience, or more POVs, then they really know their stuff, so you've got to make sure that you do as well. I think it's really hard to write for this particular audience if you don't have a strong kind of understanding of and respect for the audience as well. I think is really important.
Madison Farabaugh: Absolutely, and I think that's a great segue into our next question, which is a bit more industry-focused. But based on your experience covering the cybersecurity industry for, I believe, it's over eight years, and just with speaking with so many practitioners and vendors, where have you seen this industry envolve the most?
Joel Witts: Yeah. I think that's a really interesting question, and I sort of try and ask that to everyone I speak to, really. And it's interesting to hear all the different responses. I think the number one sort of answer I get from experts when I ask that seems to be that, you know, as much as there's a lot of hype in the industry, a lot of things sort of stay the same. Like the security fundamentals are always kind of the same, even though they don't necessarily get talked about as much, but those kind of the basic things that everyone needs to be aware of.
But I would say, yeah, just in general, the pace of innovation seems to have just gone off the charts, both in terms of like the vendor tech space and the different innovations that we're seeing from the cybersecurity companies, you know. There are so many different announcements that are happening all the time, and every product, you know, it's really exciting to see that, but also, you know, the way that the threat actors are moving and the way that technology is moving, you know? I think when I first started doing interviews, kind of eight years ago, I was chatting to a lot of identity providers, for example, who were working on things like FIDO to passkeys, and now we're starting to actually see that roll out in all the different kind of consumer products, and now into B2B as well. So it's just so interesting to see that shift from kind of the kind of concept stage into actually is changing people's like day to day experiences of using different services and making people more secure. I think that's been really interesting to see.
Madison Farabaugh: That's awesome. And is there a specific aspect of cybersecurity that you enjoy covering the most?
Joel Witts: Oh, I think I do really enjoy the SMB side. I think it's really interesting to look at how businesses that don't have a lot of budget and a lot of cybersecurity expertise deal with some of these challenges. I think that's a really interesting and kind of under-discussed aspect of the cybersecurity landscape, but I also really am interested in those kind of areas of security that do intersect with how end users like people use technology every day, so identity is a good example of this, where people interact with those security tools every day, and sometimes it can create friction.
You know, I always laugh when you see those kind of memes about Madison FarabaughA not working, and you know those kind of frustrations that on the security side we know why it's so important, but how end-users interact with that is important as well, and obviously on that side as well, you've got the kind of the high stacks aspect of it, where you kind of talk about how attackers are trying to break into those systems and how they circumvent identity controls. I think that's always really interesting.
I think in terms of areas we don't necessarily cover so much, but I do think it's really interesting, it's kind of the psychology of the threat actors and cyber criminals, and how ransomware gangs work. For example, had some great conversations at Black Hat last year with people like Cynthia Kaiser, who was talking about the different ransomware gangs and how they interact with each other, and how law enforcement is going after that way. That is so interesting. And actually, the BBC cybersecurity editor wrote a great book last year, I think, called Control Alt Chaos, that kind of digs into the psychology of like teenage cyber criminals and how they kind of get into the hacking world. I thought that's really, really interesting stuff, and because it has such an impact on the cybersecurity industry in people's lives, and a lot of the time it's literally children. It's so interesting.
Christine Blake: Yeah, that is wild, and that is fascinating. No, yeah, I agree. I think that the cyber crime and the people behind the act, the threat actors, I think is so interesting.
Joel Witts: Yeah.
Christine Blake: We're always interested in learning more about that too. When it comes to, like, the current topics, we keep hearing about AI from vendors, media covering AI a lot. What type of AI trends stand out to you the most? Are there any topics that are kind of important to you right now in terms of covering and who you're trying to talk to you about.
Joel Witts: Yeah, I mean, for us, I mean, there's huge, there's lots of different aspects of AI that we're writing about. One of the common things that we seem to cover is AI and how it intersects with phishing. Email security has always been one of the sort of big areas, like I mentioned our founder came from an email security background and had an email security company, so how AI has kind of entered the phishing and the social engineering world is so interesting and quite scary, really, because phishing obviously is becoming a lot more personalized, a lot more realistic, and the sort of potential for it to be scaled out with hyper realistic attacks, I think, is quite worrying, and deepfakes.
I was chatting to a few email security and security awareness providers at RSAC this year about deepfake phishing, and particularly things like getting a WhatsApp message from your boss that sounds exactly like them, and you know how you combat that is a really interesting question. I think also a lot of engineers and developers I'm speaking to are definitely concerned about AI and the risks of AI finding vulnerabilities in their work, and how they need to update their workflows, and that's a very interesting question, as well. That's definitely something that you know, definitely matters day to day to developers and engineers. It has a real impact on their jobs, not, not like sort of this is a potential risk, but it's happening right now.
Christine Blake: And I'm curious, too, like there's so many vendors that you mentioned, RSA, you mentioned Black Hat at these big events, everyone's talking about AI. How are vendors kind of cutting through that noise? From your perspective.
Joel Witts: I think it's really, yeah, a really tough. It must, must be really tough for a vendor to, you know, cut through that and deal with, deal with all the noise in the industry. I think the ones that really interested me, like I say, is sort of where it has that that impact in terms of the day to day, and how it's not just a sort of conceptual, conceptual idea of AI that they're talking about, but they can prove that, you know, this is, this is how it's either helping organizations or how it's addressing these risks.
I think the research side is very important as well, so you know those kind of analysis of different models is definitely really interesting, but in terms of if you know the specific product side cutting through, I think it's showing how it's having an impact on teams, how it can either improve outcomes or solve challenges. That's definitely something that we're really interested in seeing, you know, putting, putting the ideas into practice, I suppose.
And the governance piece is really, you know, that's been very competitive, the whole AI governance angle, but it is really important for a lot of businesses as they roll out AI programs into their organizations, and the whole agenda side was obviously huge at RSA, see this year, but it really is, it's happening, you know. You see engineers having, you know, 20 different agents that they've got running overnight. You know, those aren't kind of future ideas are happening now.
Christine Blake: Yeah, exactly. And I think that's a really good point. It's being able to prove that the solution is working and making a difference, and not just adding AI into marketing messages and things like that at these events, so definitely good advice from a media perspective.
Madison Farabaugh: Yeah, and with all of the vendors, practitioners that you're speaking to, and I'm sure you're getting lots of hands-on insight there. Have there been any, whether it's AI related or another type of security, have there been any innovations that you've come across that are particularly either surprising, like, "Wow, they came up with this new solution, I've never seen anything like it before," or perhaps a new solution where you're like, "This is so timely for what the industry is dealing with right now,"? Has there been anything like that that's caught your eye over the past few years,
Joel Witts: Oh, 100% I mean, the last few kind of months, let alone years, as we're always seeing new core new technologies from the vendors we've covered. I just, this, the last couple of weeks, I've had demos from a few email security companies, one that's just released a module that kind of monitors all of your organization's teams meetings, and kind of flags suspected deepfakes to kind of alert people to, you know, if they're chatting to someone that's not real. I mean, it's kind of crazy that that's something that you've got to worry about, but it's the case. So, I thought that was a really cool bit of tech.
We've seen some kind of interesting changes happening in areas like secret management and PAM, so things like zero standing privileges, where identity privileges aren't persistent, they're granted just in time, and then automatically revoked when they're no longer needed. I think that's a really meaningful shift for security teams. I mean, these types of products don't necessarily always make the headlines, but you know these products are really interesting, and they do matter for security teams day to day. They have a real impact on, you know, the level of security that organizations can have in place. So those kind of features, you know, like I say, we kind of geek out about them here.
Christine Blake: Yeah, definitely. And you know it's interesting, you bring that up too, because one thing we were wondering, outside of AI and outside of some of the other, like, you know, top of mind things and headlines that you guys are are covering, are there any other topics that are more under the radar that maybe aren't getting as much attention that you're noticing?
Joel Witts: Yeah, I think there is a bit of a danger that with AI it kind of sucks all the energy out of the room in cybersecurity, for sure. And I think there's a few things that I personally like to learn more about, like quantum encryption. I think that's going to be, you know, it's already a huge story, but I think that's going to be even bigger.
I think the main thing for me is that that sort of cyber SMB angle for cybersecurity, and that fund, security fundamental piece. I think that is something that isn't talked about enough. I think most, the vast majority of businesses don't have big cybersecurity budgets. They don't, you know, a lot of companies don't even have one person managing cybersecurity as their job. It's, you know, one of many hats that that IT manager might be wearing, so they're having to learn these things, and, and kind of get to grips with the challenges of AI, for example, and apply some of these best practices to to their business, and I think that's really interesting. And it's not talked about enough, how you know things like user awareness training and phishing, and how these apply to small businesses and how we can help those companies deal with those challenges.
Christine Blake: Yeah, no, I agree. I think that the angle needs to be covered a lot more, because people focus on those big, flashy things and the big companies and the big budgets, but it's important to know what small businesses are doing.
Joel Witts: Yeah, absolutely, and you know they're worried about the same things that the bigger businesses are, but they just don't have the resources to throw them.
Madison Farabaugh: Awesome, and kind of our last main industry and events focus question before we move on to some listener questions. What are some tips or advice that you have for PR professionals who are trying to get in front of you or your team at Expert Insights, when they might have, whether it's news from a company, whether it is some rapid response on major news cycles, for example, we know the World Cup is coming up, we know the anniversary of Colonial Pipeline is around here. So, what are some tips that you have for any PR professionals?
Joel Witts: Yeah, we work with a lot of PR companies, and you know they're really invaluable, actually, for us to be able to, you know, to let us know about the new vendor news, and we've got a lot of longer-term relationships as well, because we cover, you know, a lot of the same kind of markets for, you know, for many years, and track the changes there.
I think we, you know, we are Expert Insights, we always want to bring that expert perspective, so we may, we maybe track less the topical things of like the typical news organization, but where pitches can lead with what the problem is and how their tech helps to solve it, or how their specific expert can provide some advice and some expertise for teams to help them solve their day to day problems, that's always something that we're, that's always a conversation as well worth having for us, and we always really like to share customer perspectives as well. So, someone that's been a CISO, for example, and can provide that advice for for our readers who are CISOs and share that expertise, that's always really interesting.
I think the, you know, some of the best vendor interviews that I've had have been with people who have come from the CISO world, and then, you know, gone to a company that they've used while they've been at CISO, and they can talk about, really, you know, this is what was really exciting for us as a customer, and here's why, you know, this kind of matters to the people reading the story. I think, you know, I always do feel bad, because we get a lot of, a lot of pitches, and I don't get round to responding to all of them, and you know, there's, there's probably a lot of great things out there that do get missed.
But yeah, I think that was, there was one, there was one pitch, I think the point that I will get round eventually, there was one pitch I had before RSA, and there was a company that I specifically wanted to talk to, so I went back, I found the pitch, replied to them, and they said that's great, happy to set up a conversation, but this pitch was actually from last year's RSA, so you know it was like a year later I did get round to responding, so there we go.
Christine Blake: Made that person's day.
Joel Witts: They're probably quite confused, but yeah.
Christine Blake: That's funny. Well, hey, yeah, you knew if you want to talk to him, you were able to search that inbox, go through all the different pitches. So,
Joel Witts: Yeah, so sorry that I think one, one, you know, the one real piece of, I guess, advice I could, I could say is that, you know, if it make it relevant to our readers' day-to-day experience, for experience size, that's the main thing. If you can relate it to, hey, this is something that your readers are struggling with, and you know, this is how we help solve that challenge, or this is a bit of advice that we can provide a bit of expertise, that will definitely catch our attention.
Christine Blake: That's great advice. Great. And transitioning to listener questions, our first one for you here is, who has been your most memorable interview?
Joel Witts: Yeah, that's a, that's a good question, and it, yeah, I think there's, there's a lot to choose from. I think the best interviews are the ones that sort of spark a debate. I think, so we had a great interview with a CISO, and they kind of made that, that point, that CISOs have to be right 100% of the time, and the attackers only have to be right once, and we put that story out, and it sparked a real debate, actually, between, you know, around whether that framing was helpful or if it was right, and I think it was really interesting to sort of spark that conversation.
I think we had some great interviews at RSAC this year, a lot about agentic AI and security risks around that, and kind of that debate around how humans can oversee agentic AI loops, and where security can fit into that without blocking innovation, and without stopping AI from being able to scale out. I thought that was really interesting. Some of my most memorable ones, though, I think, would be with the real techy people, who they're not polished, they're not kind of PR professionals, they kind of tell, tell you exactly how they think it is, and it can be very refreshing, but it could also be kind of hard to keep the interview on track. Those are definitely the most memorable ones.
Madison Farabaugh: That's awesome. Those conversations, conversations are especially fun to sit in on, because you get to hear just all of the in-the-weeds types of scenarios that they're dealing with daily. So, yeah, I've sat in on some SME calls before, and I'm just like, what, what am I doing hearing about all of these like super interesting operations that are going on right now. It is just fascinating, the stuff that you don't even think about, that some of these practitioners have to deal with.
Joel Witts: Yeah, 100% And it's so interesting to kind of get the real on-the-ground perspective, and you know, there's a lot of sort of big claims that vendors can make, but the reality of how kind of tech used in the business can sometimes be quite different. I always find that really interesting.
Madison Farabaugh: Absolutely, and you had mentioned earlier that one of the interesting insights that you love to gather is, you know, specifically from CISOs, and perhaps their experiences, you know, their direct hands-on experiences. Are there any other, you know, opportunities at Expert Insights that you particularly look for or offer to security leaders who might be looking to share some of their expertise or insights with your audience?
Joel Witts: Yeah, absolutely. So, we have an ongoing CISO interview series where we interview different CISOs and security leaders. We're always keen to promote those voices and share kind of expertise and insights from people that are working in the security space. We've had a series like our Women in Cyber series that Caitlin Harris did for us last year, which was a fantastic series, kind of lifting up voices across the cybersecurity industry. We are always kind of keen to share learnings and help promote, you know, security, better security outcomes, and speak to as many different experts as we can to share that the vendors are kind of, as I've mentioned, are invaluable sources for us, so we're always looking for insights and expertise to help, you know, round out our news coverage, and and bring those insights to our readers.
We're also, you know, we're launching a new newsletter later this year, actually, which we're going to call CISO Voice, and we're going to bring, you know, that's going to be specifically for CISOs, and we want to bring as many perspectives as we can from the CISO world and the vendor world to help CISOs to be able to do their jobs more effectively and to give them that kind of expertise and resource that they need, so absolutely, there's a lot of opportunity, actually, for people to share their expertise for Expert Insights. We really encourage it and support that.
Christine Blake: Yeah, that's excellent to know. I know this episode is coming out in early June, but do you have plans to be at Black Hat this year?
Joel Witts: Yes, I will be at Black Hat. Yeah, I'm looking forward to it. Really looking forward to it, actually.
Christine Blake: Love that. We'll have to see you there.
Joel Witts: Yeah, absolutely.
Christine Blake: Listener question: since we are here in the beginning of summer, any go-to spring/summer hobbies that you're looking forward to this summer, other than Black Hat?
Joel Witts: Yeah, I do love the summer, actually. And in the UK, we're just starting to get some, like, warmer summer weather after quite a wet and miserable winter. So I'm really looking forward to some sunshine. I really enjoy surfing, love the beach, even just walking along the beach, or just chilling out for the beach in the afternoons. Yeah, can't be beat in the on the beach with a book in the summer, you just can't beat it.
Christine Blake: You can't beat it, and that's a great way to balance out all the cybersecurity talk, right?
Joel Witts: Yeah, yeah, absolutely. You definitely need it in this industry.
Christine Blake: That's for sure. Well, Joel, it's been a pleasure chatting with you today. Thanks for coming on the podcast and sharing all of your expert insight from experts. Loved hearing that from you.
Joel Witts: Oh, thank you so much for having me. Really appreciate the opportunity.
Christine Blake: Awesome, thank you everyone for listening. Thank you for listening to today's episode of Inside the Media Minds. To learn more about our podcast and to hear from some of our past guests, please visit us at W2Comm.com.
Madison Farabaugh: You can also subscribe anywhere podcasts are found.
