Every breach makes headlines, but most pitches hit spam. Landing coverage with Karissa Breen? That’s a zero-day – rare and career-defining. Karissa Breen, one of Australia’s most respected cybersecurity journalists, is making her move into the United States, and for communications professionals, that means understanding what it takes to get on her radar.
In our chat, she called out three key things she looks or in her sources and aims for in her reporting:
- Authenticity is authority. Ditch the fluff, bring the real talk.
- AI is everywhere, but curiosity and credibility still win.
- Journalists want substance, not just “synergy.”
From Down Under to the Cyber Innovation Epicenter
Karissa built KBI.Media into a global platform—300K downloads, 65 countries, and an audience of CISOs and execs making billion-dollar decisions. Her podcast, KBKast, explore the real challenges and innovations shaping cybersecurity with security leaders at Cloudflare, Datadog, Google Cloud, Palo Alto Networks, NetApp, and Salesforce, as well as government officials.
As Karissa enters the US market, we asked what makes a pitch stand out—and what PR pros keep getting wrong. A former cybersecurity practitioner herself, Karissa also runs KBI.Digital, a marketing agency for security companies, giving her a unique view of both sides of the communications challenge.
You understand both editorial and marketing. How does that shape your work?
Most people in the media look at cybersecurity. I came from it. I’ve worked for Australia’s largest banks as an analyst and conducted numerous roles within cybersecurity departments. I’ve had to explain technical concepts to senior management and other business units. When someone pitches me a story, I instantly know if it’s real or just marketing fluff dressed up as thought leadership.
KBI.Media is our editorial engine—long-form interviews, digital magazines, and on-the-ground coverage. It’s where we tell real stories about how technology, people, and business collide. KBI.Digital helps vendors translate technical depth into business relevance. I built both because the gap between what companies say they do and what the market understands is still enormous.
What made now the right time to expand into the US?
The US has a huge cybersecurity economy but surprisingly fragmented storytelling. There’s a lot of noise, a lot of pay-to-play, and not enough depth. In Australia, we’ve proven that independent, hard-hitting, long-form conversations resonate because decision-makers are tired of recycled press releases.
What’s surprised me most is how hungry American audiences are for authenticity. They want less fluff and more substance. Being Australian, I’m naturally more direct—and that’s exactly what folks in the United States are looking for.
How is AI changing your work as a journalist?
AI is an amplifier. It can make lazy journalism worse and sharp journalism faster. But it can’t replicate curiosity or discernment coupled up with authenticity.
My role is to ask harder questions, not just faster ones. The more content becomes automated, the more audiences will crave a human voice, nuance and accountability. Journalism isn’t fading away, it’s changing towards multiple formats that we as a media outlet need to create to hit our audience where they’re at. I do believe written content doesn’t hold as much weight as it once used to. But, this is where podcast, social media and personality led journalism is dominating. That’s the future of journalism and we do see businesses moving towards that.
Cyber Requires Translation without Dilution
You sit between business and technical audiences. How do you walk that line?
Translation without dilution. Executives don’t want fiber-optics-level detail, but they also don’t want buzzwords. Practitioners want credibility. So I anchor every story around impact: what changes, who’s affected, why it matters.
Credibility is currency in this industry. You earn it by never overselling.
After hundreds of interviews, what’s the consistent blind spot you see?
Most organizations still treat cybersecurity as an IT function, not an economic function. They’ll spend millions on tools but avoid investing in communication, training, and cultural design. That’s why they keep repeating the same failures—different logos, same mindset.
Which conversations have really stuck with you?
The ones that hit hardest are when leaders drop the façade, when a CISO admits burnout, or a senior executive owns up to a failed strategy. Those moments move the industry forward because they’re real. No one has cybersecurity all figured out.
Pitch Perfect: What Cyber Journalists Actually Want
What separates a compelling pitch from vendor noise?
A dream pitch has three things: relevance, credibility, and timing. Show me why now, not just why you. Bring a new insight, a data point, or a story that challenges the status quo.
What to avoid? Buzzwords and self-congratulation. “We’re the first, best, most innovative…” That’s not a story, that’s an ego. Lead with a human angle or a problem the industry hasn’t solved yet. That’s how you earn my attention.
I also appreciate people who can get back to me quickly and follow our processes. Sometimes in media we need to have tough conversations, and we appreciate PR professionals who can relay harder feedback back to their clients on our behalf.
What gets you to say yes to an interview versus a byline or contributed piece?
For the podcast, things like seniority, company, background, or an extremely good story to tell. We take bylines and contributed pieces too – as KBI.Media covers a lot of ground not just ‘technical’, we explore the business side of cybersecurity too.
What’s your lead time?
For the podcast, we typically book guests from 1-3 months in advance. We make concessions of course – but this is our standard lead time.
How do you prefer to be pitched?
For written content pieces that include press releases, bylines etc. we encourage PR companies to set up an account with our team and participate in the onboarding session. PR companies will then have rein to upload content pieces to our backend, we then get notified about the content which has been uploaded, from there our team go and manually review the piece on whether we publish or not. This process allows scale and velocity, and options for us to cherry pick which content is going out on the site. We want to share insights across multiple levels and backgrounds, so there is a place for everyone, no matter their size, to tell their story.
Where do you stand on embargoes and exclusives? Do they influence your coverage decisions?
I don’t appreciate PR’s trying to shop around an exclusive – you either give it or you don’t. Embargoes come across as extra busy work for not a lot of value for most media outlets that I speak to. News cycles move too quickly, so embargoes whilst we adhere to them don’t offer enormous value given the media climate we’re currently in now.
Looking Ahead
As you build KBI.Media’s US presence, what excites you most?
The scale of possibility. The US is the epicenter of global cyber innovation, and bringing an independent voice into that space, as an underdog, feels awesome. I’m excited to keep proving that journalism in cybersecurity can be both commercially strong and editorially fearless.
We’re not just reporting on the industry. We’re shaping how it communicates with itself.