• The world of B2B tech public relations mirrors that of the tech industry itself: ever-changing, forward-thinking and obsessed with innovation.

    What often gets lost in this industry, however, is something our agency takes very seriously: The human element. Regardless of company, industry or corner of the globe, humans are the ones doing the work that keeps the world spinning.

    But from where we sit, we seem caught in a cycle: A new piece of technology is released. The hype cycle whirs up. Pros and cons are discussed. The product does—or more often doesn’t!—change the world in some way. We move on. Rinse and repeat.

    But what about the people who tirelessly worked to make that product? The people who put in overtime research to get the technology made? The people who worked weekends to get it sold once it was created? On and on, there are humans at every critical step in the creation of technology and business processes.

    At Hoffman, we take pride in storytelling; we’re a communications agency, after all. And nearly every story has one singular element in common: The human experience. Without that, who’s going to read and relate to your story? More importantly, when we shift focus away from humans, we lose our humanity. If I want to earnestly tell my 18-year-old daughter that yes, technology can improve the world, humans need to be front and center for that to be true. We’re seeing this with the AI explosion and related concerns: Are we moving toward a future where we entrust non-humans to be in the driver’s seat? And what does this huge shift in our society mean for the future?

    In the quest for technological innovation, we need to remember humans are behind it all and their compelling stories should be told.

    Human-centric PR in cybersecurity

    In our work in tech public relations, we run up against this dynamic often: The client has a cool piece of technology or a new product and wants the media to talk about it. Great! We’d love to help. But the tech media landscape is crowded with “check out this latest product” stories. Unless you’re Google/Apple/Meta/Amazon, you’re going to be fighting against a sea of similar companies, selling similar-sounding stories to the media.

    We’ve worked hard to elevate the human element when it comes to storytelling. The people at the company making the product are what’s unique, more so than the product itself. And we’ve found these “human stories” are what media want and create better outcomes for clients.

    An example of this can be found with a client of ours, Trellix, a cybersecurity company resulting from the merger of FireEye and McAfee. Trellix has a large customer base, legacy name recognition, and many other benefits when mapping out a communications strategy. But there were challenges, as there always are, and Trellix was looking for a way to stand out from the competition.

    One of the biggest issues facing the security industry is the talent gap. According to industry nonprofit ISC2, there are more than three million unfilled jobs in the industry in the U.S., a problem that has persisted for years. Most security companies want to talk about this problem but don’t know how to (or what they are saying is not interesting, unique, or a score of other “well, but” caveats).

    Working alongside Trellix, we executed a campaign called “Soulful Work” to gather several ideas on addressing the industry talent gap. This effort encompassed diversity, hiring and talent initiatives, internal training and many other initiatives, both internal- and external-facing. Instead of simply saying “We want to talk about the talent gap,” Trellix decided to do something about it. By highlighting its employees internally and driving discussions around the talent gap externally, Trellix created a mini-movement. It’s this type of thinking that drives continued results and elevates our clients from chasing the “news of the day” or touting the latest product to saying something meaningful.

    We were particularly proud of the splash we made outside of traditional media coverage. We collected more than 200 stories centered on “soulful work” at a Trellix event in Las Vegas, our social team leveraged those stories—alongside custom video and other assets—as part of a resource-packed webpage to amplify the mission, all of which led to multiple placements on industry award lists at the end of 2023. Today, the work of PR goes beyond chasing media placements. We can make a dent in the conversation when we focus on the message and the people, using a blend of traditional PR tactics, as well as social media and other new forms of communication. The reason social media works in today’s world is it thrives on humans interacting with one another. It’s called “social” media for a reason.

    By focusing on the people, Trellix was able to see results. About 100 interns and more than 1,000 new employees from diverse backgrounds joined the company in 2022 and roughly 265 instances of media coverage—and about 120 social media posts—were placed under the Soulful Work umbrella.

    Stories tie us together

    The above example is just one of many that tell the story of how we try to put people first, regardless of client or technology or the specific goals of a project. We try to look at the entire business ecosystem: from CEOs and founders to engineers, developers, end users and everyone in between. These are people with lived experiences and reaching them—reaching anyone—is about relating to each other and finding that shared humanity.

    That’s storytelling. Everything else is just noise.

    As we face an uncertain future—one where the ramifications of the technology we’re creating are unclear and constantly changing—we can lean on one of the oldest forms of human communication: storytelling. And every story—from fables and myths to sci-fi epics and stand-up comedy bits—is a human one, a way to connect with one another and say “Hey, you’re not alone.” I don’t see AI replacing that anytime soon.

    The next time you find yourself struggling with a spokesperson or an interpersonal problem or maybe even just trying to get to know someone, try asking, “So what’s your story?” How someone interprets and answers will tell you more than any other bit of small talk. Humans are natural storytellers and when we embrace that, wonderful things happen.

    Gerard LaFond is Managing Director, North America, at The Hoffman Agency.

  • It’s been over a decade since the term “Zero Trust” was thrust into the cybersecurity lexicon.

    This concept — perimeter-based defense is outdated and network activity needs monitoring outside the “castle walls” — has become a goal state for network security. However, implementation is still a challenge, and for more than a decade, Zero Trust has joined many other industry concepts on “to do, eventually” lists.

    What needs to change for the industry to embrace Zero Trust? And why is it such a valuable concept when considering how to keep the world more secure?

    What Are We Trying to Protect?

    Taking a step back, we have a problem defining the “home” network we aim to defend. For decades, the model has been a perimeter setup, and ideally, everything within the perimeter is safe, while everything outside is kept at bay. Think of it like an M&M candy, hard shell on the outside, soft on the inside.

    Harold Rivas

    But the landscape has evolved over the last 15 years. Technologies and innovations such as cloud and software as a service (SaaS) have become more prominent, and critical assets exist far outside of company boundaries.

    This means organizations must adjust their security strategies — and Zero Trust is the best way to address this shift.

    Any strategy shift comes with the realities: cost, implementation timelines, efficacy, and other challenges. It can take considerable time for an organization to see the results of adopting Zero Trust, causing hesitation from board members who may be looking for solutions now.

    The tech world is also extremely fast-paced; new or entrepreneurial-minded companies may be moving too quickly to wait for the fruits of adopting concepts such as Zero Trust. These challenges contribute to lower adoption rates than what the industry needs.

    If we think of a security strategy like building a city, we can understand why this change has yet to be fully realized. Older cities in Europe have centuries-old blueprints for city planning: a central town square, surrounding dense areas of housing and businesses, and grid-system roads. This model served citizens well enough, but as society evolved, these models should too.

    However, every leader may not have the time, desire, or resources to update their city for the modern world. Similar thinking applies to security decision-makers who may already have invested in one layout or one way of doing security. Even though they may know something new will be better, they may be hesitant to commit.

    What would it look like if we were to build a new, modern city? There may be a better way to build cities or perform network security, but how do we do it?

    Zero Trust: A Concept vs. a Product

    Zero Trust is a framework or a concept; it’s not a product. There are products that help organizations achieve Zero Trust, but there is no singular plug-and-play solution.

    While traditional thinking has multiple controls in place relying on one another if compromised, it’s simply not enough. In a Zero Trust model, assets do not communicate openly unless explicitly permitted to, creating an environment of reduced “cross-contamination” of security incidents where the damage is isolated.

    Zero Trust cannot prevent organizations from being compromised, which is impossible in today’s threat landscape. However, it can effectively reduce damage, address and identify threats earlier, and decrease remediation time when triaging incidents. Think of it like healthcare; you can never totally prevent getting sick or injured, but you can do things to help, like exercise, eat better, and regularly visit the doctor.

    CISO Pressure

    Chief information security officers (CISOs) seem to be held to an impossibly high standard, often facing job loss or other consequences when their organizations deal with breaches or security incidents.

    Simply put, CISOs remain under intense pressure, and adopting a new security framework may not be feasible under the other constraints of the role.

    A few things come to mind that may help with this:

    • Government support may serve as an outside influence to encourage the adoption of Zero Trust, help drive change, or create a further rationale for CISOs with their boards.

    • Much institutional knowledge is lost when CISOs are let go after security incidents. Less pressure on the CISO and more time to implement frameworks like Zero Trust would help immensely. Similarly, the CISO community needs to communicate strategies and ideas to help each other grow.

    • Explaining concepts such as Zero Trust in ways that resonate with board members and the nonsecurity C-suite would help create wider adoption.

    The Future

    If your organization is considering a Zero Trust model, simply look at the phrase itself. What if you didn’t trust any network activity? What if you put protections in place to prevent cross-contamination? What if assets were only available to those who need to use them, not everyone in your organization?

    Zero Trust isn’t a plug-and-play solution, but an ongoing investment and journey. It demands dedication, perseverance, and reframing of C-suite preconceptions. Over a decade since its inception, Zero Trust is a CISO’s foremost ally in curbing the rising wave of cyberattacks and keeping critical assets safe from compromise.

    As we look ahead, cybersecurity MSPs must join forces to foster a widespread, cross-sector adoption of Zero Trust principles.

    Harold Rivas is chief information security officer (CISO) of Trellix.