The short answer: pitch the cybersecurity trade press first for most routine news and product updates (Dark Reading, CyberScoop, SecurityWeek, The Record), because that’s where security buyers actually read. National tech press like TechCrunch and Bloomberg carry more prestige but demand bigger news such as major funding rounds. And for pipeline, the newsletters and podcasts your buyers trust individually, like Risky Business and Venture in Security, often beat both.
That ranking may surprise some founders, but it shouldn’t if you truly care about getting in front of your buyers.
Let’s be honest, how often are you sitting around scrolling through TechCrunch or Bloomberg yourself on a daily basis in 2026? The landscape is much different than 2006 – before the social media and Web 2.0 boom – and is even more pronounced today.
That being said, carrying the logos of TechCrunch, WSJ, and Bloomberg does convey trust – and can assist in landing enterprise deals and the next funding round – so they do have their place.
We run PR retainers for cybersecurity companies at Green Flag Digital, which means we maintain a live pitch list, track which outlets respond, and watch which placements actually produce demo requests instead of just congratulations on LinkedIn. This is that list, organized the way we organize it internally: by tier, with honest notes on what each outlet wants and how hard the door is to open.
One thing before the list. Security marketing changed when Google bought Wiz for $32 billion. Before that deal, the industry mostly believed security buyers were pure logic machines immune to brand. Wiz proved otherwise, and now every funded security company is competing for the same attention from the same reporters. The companies that win coverage understand which outlet fits which story. That fit is what this list is for.
How We Tiered This List
Two questions decide an outlet’s tier: how hard is it to get in, and who reads it. Tier 1 is national press with the hardest doors. Tier 2 is the cyber trade press, moderately hard doors with the most valuable readership for a security company. Tiers 3 and 4 open easier and still put credible logos on your press page. Tier 5 is creator media, where the pitch is a relationship rather than a news hook. The UGC section at the end has no doors at all, just communities that decide for themselves.
A note on method: we pitch most of these outlets in live client work. Response patterns below come from our own tracking, not from scraping other people’s media lists. Where we haven’t pitched an outlet directly, the notes come from studying what it publishes.
Tier-1: National Tech and Business Press
Equal or greater reach than TechCrunch. The difficulty is the same: you need genuine news.
- Bloomberg: funding rounds of $50M and up, M&A, and cyber news that moves markets
- Reuters: breaches, nation-state activity, major deals. Wire pickup multiplies your reach.
- Axios (especially Axios Codebook): a dedicated cyber newsletter that runs on scoops and exclusives
- The Wall Street Journal (WSJ Pro Cybersecurity): CISO-heavy readership with an enterprise angle
- Forbes: staff cyber reporters plus the contributor network, which are two very different doors
- Fortune: funding and leadership stories, plus Term Sheet for deals
- The Information: subscription depth. They like contrarian takes and numbers nobody else has reported.
- Wired: narrative security stories and novel attack research with a wow factor
- VentureBeat: the enterprise AI and security intersection. More accessible than TechCrunch for product news.
How we pitch this tier: exclusive first. Before any release goes wide, we offer the story to one or two target reporters with a 24 to 48 hour window. National press wants to break news, not repeat it. If the exclusive lands, the wide release rides the momentum. If it doesn’t, you’ve lost two days, which is a fair trade for the chance at a Bloomberg headline.
Tier-2: The Cybersecurity Trade Press
For a security company, these outlets often drive more qualified pipeline than anything in Tier 1, because your buyers read them every day at work.
- Dark Reading: the flagship cyber trade for research, threat intel, and bylines
- CyberScoop: policy and enterprise security news. Reporter relationships pay off here.
- SC Media: product news, research, and an awards program
- The Record (Recorded Future News): hard news and threat actor coverage from a respected newsroom
- BleepingComputer: vulnerability and breach coverage with a huge practitioner readership
- SecurityWeek: funding, M&A, and product launches. One of the more pitch-receptive outlets in this tier.
- The Hacker News (thehackernews.com, the publication, not the forum): wide reach for vulnerability research and product news
- Infosecurity Magazine: UK and EU angles plus conference coverage
- CRN: essential if you sell through the channel
- SiliconANGLE / theCUBE: video interviews and written coverage, mostly conference-driven
Two practical notes on this tier. First, bylines are a real door here: Dark Reading and several peers accept contributed articles from security executives, and our standard turnaround from pitch to publication runs two to four weeks. Second, timing matters more than founders expect. We schedule releases for Tuesday through Thursday, 8 to 9am Eastern, because that’s when trade editors are building their day’s coverage. A great story wired on Friday afternoon dies quietly.
Tier-3: Enterprise IT and Vertical B2B Trades
These doors open easier than the tiers above, and the logos still carry weight with buyers. The links help your SEO too.
- Cybersecurity Dive: Industry Dive’s cyber vertical, fast on funding and breach news
- CIO Dive: for stories with a CIO or buyer angle
- The CyberWire: daily briefing inclusion plus a podcast network
- Security Boulevard: syndication-friendly, open to bylines and contributed content
- Help Net Security: very receptive to product news and research
- eSecurity Planet: reviews and category roundups. Get into the comparison lists.
- ITPro / Network World / IT Brew: broader IT audiences, good for infrastructure-adjacent stories
- DevOps.com: for anything touching the pipeline, AppSec, or DevSecOps
- Spiceworks: practitioner community plus editorial
Tier-4: Channel, Deal-Flow, and Niche Outlets
Coverage here is reliable even for smaller news, like the modest acquisition that national tech press will never touch. We once worked with a security firm that wanted big coverage for a small, quiet acquisition. The mismatch was the problem: no Tier 1 editor could justify the story to their readers. This tier exists for exactly that news.
- MSSP Alert: the MSSP and MDR channel bible
- Channel Futures / Channel E2E / Channel Insider: partner-ecosystem news
- Crunchbase News: funding rounds of any size
- PitchBook: deal database plus editorial
- VC News Daily / Pulse 2.0: close to guaranteed pickup for funding announcements
- Mergermarket / M&A Magazine: acquisition coverage regardless of deal size
- SecurityInfoWatch: physical and cyber convergence
- Runtime / The Next Platform: deep infrastructure audiences
Tier-5 for Trad Media, But S-Tier for Revenue: Newsletters, Podcasts, and Creator Media
You’ve heard the stories of people getting covered in the New York Times and getting $0 in business from it. More the rule than the exception. If you’re trying to actually land business while building trust with your true audience, these pubs are actually S-Tier.
- Risky Business: the most influential podcast in security, with sponsor slots and news coverage
- tl;dr sec (Clint Gibler): a big AppSec and engineering readership
- CISO Series: podcasts and events built around your exact buyer
- Venture in Security (Ross Haleliuk): the strategy newsletter cyber founders and VCs read
- Return on Security (Mike Privette): funding and market analysis. Covers every cyber round.
- Cloud Security Podcast: cloud-native security audience
- Detection at Scale (Jack Naglieri): the detection engineering niche
- CyberScoop Safe Mode / CyberWire podcasts: the audio arms of the trades above
The pitch works differently here. An editor needs a news hook. A host or newsletter writer needs a guest their audience will thank them for: a genuinely useful take, original data, or a founder who can talk about a hard problem without pitching product for forty minutes. Read or listen to three episodes before you write the email. The hosts can tell when you haven’t.
User-Submitted (UGC) Channels
No gatekeeper here, but the community is the editor, and it punishes marketing-speak.
- Hacker News (news.ycombinator.com): a front-page HN post can outperform a TechCrunch feature for developer-facing security tools. Use Show HN for launches, and lead with technical write-ups instead of press releases. Have a technical team member or a friendly submit.
- Product Hunt: launch-day visibility, a badge, and a backlink. Works best for product-led security tools. Less prominent than the past but still relevant.
- Reddit: r/cybersecurity for general discussion, r/netsec for research only (strict moderation), r/msp for channel plays, among many others. Test out a few and be very transparent that you rep the company.
- LinkedIn: founder-posted announcements now regularly reach more people than the trade article covering the same news, and more than the company account. Takes time warming up and you should post on schedule.
- X/Twitter infosec community: vulnerability research spreads here first. Genuine research from good researchers gets traction if it’s authentic. Some brand videos and launches can do really well if well-produced, funny, or weird.
Match the Outlet to the News
The fastest way to waste a pitch is sending the right story to the wrong tier. Here’s the routing we use:
| Your news | Pitch first | Then |
|---|---|---|
| Funding round, $50M+ | Bloomberg, Axios, TechCrunch (exclusive) | SecurityWeek, Crunchbase News, Return on Security |
| Funding round, under $50M | SecurityWeek, Cybersecurity Dive | Crunchbase News, VC News Daily, Return on Security |
| Original threat research | Dark Reading, BleepingComputer, The Hacker News | Wired (if the story has a wow factor), tl;dr sec |
| Product launch | SecurityWeek, SC Media, Help Net Security | VentureBeat, eSecurity Planet roundups |
| Small acquisition or partnership | MSSP Alert, Channel Futures, Mergermarket | CRN if channel-relevant |
| Executive hire or POV | CyberScoop, byline pitches to Dark Reading | CISO Series, podcast guest spots |
| Breaking news commentary | Whoever is covering the story, within hours | LinkedIn founder post same day |
Keynote on breaking news commentary. When a major breach or vulnerability breaks, reporters need expert quotes fast. Our standard is a two or three-sentence quote drafted within an hour of the news and approved by the client within two or three hours, because after that, the story has moved on. Rapid response is one of the highest-leverage ways for security companies to land real coverage in PR. It’s a speed and volume game, and this system has to be a well-oiled machine to work well.
What This Looks Like in Practice
A media list is necessary but not sufficient. The companies that consistently appear in these outlets run a system: original research on a schedule, an exclusive-first release process, a byline program, and rapid-response monitoring. We’ve broken down the best cybersecurity digital PR campaigns of 2026 if you want to see what earns coverage, and our monthly ranking of 220 venture-backed cybersecurity companies shows which brands are converting funding into visibility and which are invisible despite nine-figure raises.
That gap is the whole game. Claroty has raised $940 million. Cyera raised $400 million in one round. Money like that buys engineering, but it doesn’t buy trust. Coverage in the outlets above, accumulated over quarters, is what makes buyers, investors, and increasingly AI search engines treat a company as the credible answer in its category.
FAQ
Which cybersecurity publication should I pitch first?
The one or two outlets whose readers most closely match your buyer, pitched as an exclusive before anything goes wide. For most security companies, that means starting in the trade press (Dark Reading, CyberScoop, SecurityWeek), not the national press.
Do cybersecurity publications accept contributed articles?
Yes. Dark Reading, Security Boulevard, Help Net Security, and several others run bylines from security executives. Expect two to four weeks from accepted pitch to publication, and expect editors to reject anything that reads like a product brochure.
How is pitching a podcast different from pitching a publication?
A publication needs a news hook. A podcast needs a guest their audience will value. Pitch the host with a specific topic you can discuss with depth, reference their recent episodes, and keep the product out of it.
When should I send a cybersecurity press release?
Tuesday through Thursday, 8 to 9am Eastern is the most recommended time. Avoid Mondays, Fridays, and any morning when a major breach is dominating the news cycle, unless your story connects to it. These rules are not set in stone, some teams plan their week on Mondays so you want a pitch in before then. For the biggest news, the best journalists are glued to their phones on nights and weekends too. But don’t pitch small stuff outside those recommended windows.
Is guaranteed or paid coverage worth it?
Newswire distribution guarantees your release appears on syndication pages, sometimes on major domains. That has some value for visibility and AI citation, but it is not editorial coverage and buyers can tell the difference. Balance both and dedicate a good portion of the budget to acquiring real editorial coverage.
Working on getting your security company covered? This list is the starting map. If you want to claim your territory and command the category, our cybersecurity PR team runs the full system, from research to exclusive pitches to rapid response, for Seed through C security companies. Or start with the broader picture of our cybersecurity marketing, PR, and content services.
Last updated: July 2026. We maintain this list from our live pitch database and refresh it quarterly.
Leave a Reply