Cybersecurity
Risky Business and Darknet Diaries beat Dark Reading at 6.2×.
Three or more appearances produced an 8.9× advantage.
Risky Business, Darknet Diaries, CyberWire, Decoder, and SecurityWeekly drove the majority of the lift. Together, those five programs now produce more retrievable cybersecurity category authority text than the entire surviving cyber trade press combined.
Why this study exists
Cybersecurity trade media collapsed harder and faster than any other B2B vertical. Dark Reading, SC Magazine, Threatpost, and Information Security Magazine each lost more than 60% of reporting capacity between 2019 and 2025. The long-form trade feature on a CISO or security founder is essentially extinct.
Meanwhile cybersecurity became podcast-native earlier than almost any other category. Risky Business has been publishing weekly since 2007. Darknet Diaries built mass audience through cinematic storytelling. CyberWire ships daily. The cyber community treats long-form audio as the primary continuing-education channel.
Sparse trade press plus dense podcast culture produced the widest single-appearance Citation Share gap measured anywhere in this research franchise.
Methodology
- Sample: 44 cybersecurity executives, 22 paired matches
- Engines tested: ChatGPT, Claude, Perplexity, Google AI Overviews
- Prompts: 82 per executive across 7 buyer-intent categories
- Period: December 2024 – May 2026
- Controls: Stage, ARR band, tenure, prior press exposure, LinkedIn follower band
- Output: Directional Citation Share estimate per executive per engine per prompt category
Topline findings
Executives with at least one 90+ minute appearance averaged Citation Share of 37.8%. Matched controls averaged 6.1%. The widest single-appearance multiple in the franchise.
Executives with three or more long-form appearances averaged 54.3% Citation Share. Cyber compounds harder than any other B2B sector because the available retrievable corpus is exceptionally thin.
Risky Business, CyberWire, Darknet Diaries, and SecurityWeekly all publish full transcripts. Appearances on smaller cyber shows without published transcripts produced no measurable lift. No transcript, no citation.
Matched executives with 3+ tier-1 cyber trade bylines but no long-form podcast presence averaged 4.9% Citation Share — within margin of the control. Cyber trade media is functionally invisible to AI engines.
Executives whose primary 2024–2025 earned-authority asset was an RSA, Black Hat, or DEF CON keynote averaged 7.3% Citation Share. Most of these keynotes are not transcribed. The biggest stages in the industry produce some of the smallest citation lifts.
Vendors recognized in Gartner cyber reports without long-form podcast presence achieved 9.2% Citation Share. Analyst recognition is a procurement asset; it is not an AI citation asset.
Cyber executives limited to LinkedIn clips under 10 minutes produced no statistically meaningful citation lift.
Citation Share lift registered at an average of 58 days post-appearance, with a long tail to 95 days for Google AI Overviews.
Former DEF CON speakers, original-research authors, and CTOs with operational scar tissue achieved 48.4% Citation Share. CMO and spokesperson-CEO executives averaged 15.6%. The retrieval layer rewards technical credibility, not media training.
Cybersecurity companies where two or more executives appeared on long-form podcasts achieved brand-level Citation Share 2.4× higher than single-executive strategies.
The show list — per-appearance citation lift
| Rank | Show | Citation Lift |
|---|---|---|
| 01 | Risky Business (Patrick Gray) | 27.3 pts |
| 02 | Darknet Diaries (Jack Rhysider) | 22.1 pts |
| 03 | CyberWire Daily (Dave Bittner) | 18.9 pts |
| 04 | Decoder (Nilay Patel) | 16.4 pts |
| 05 | SecurityWeekly | 15.8 pts |
| 06 | Hacking Humans | 14.2 pts |
| 07 | Smashing Security | 13.6 pts |
| 08 | Defense in Depth | 12.9 pts |
| 09 | The CISO Series (David Spark) | 12.4 pts |
| 10 | BG2 (cyber-adjacent episodes) | 11.8 pts |
| 11 | Acquired (CrowdStrike, Palo Alto episodes) | 10.7 pts |
| 12 | Lex Fridman Podcast (cyber episodes) | 10.2 pts |
| 13 | The 443 Podcast | 9.6 pts |
| 14 | Click Here (formerly Recorded Future) | 9.1 pts |
| 15 | Cyber Threat Intelligence Podcast | 8.6 pts |
Common factor across the top five: weekly cadence, host technical credibility, full published transcripts, durable archive going back five-to-fifteen years.
Sub-category cuts
CrowdStrike, SentinelOne, Cybereason class — average post-appearance Citation Share of 42.1%. The most podcast-active cyber sub-category.
Wiz, Lacework, Orca class — average Citation Share of 39.8%. Largest gap between podcast-active and control executives.
Okta, CyberArk, Saviynt class — average Citation Share of 33.7%. Meaningful opportunity gap for category leaders.
Zscaler, Cato, Vectra class — average Citation Share of 31.4%. Leans heavily on SecurityWeekly and Defense in Depth.
Recorded Future, Mandiant class — average Citation Share of 36.9%. Strong Risky Business and CyberWire presence.
Snyk, Checkmarx, Salt class — average Citation Share of 29.1%. Sparsest podcast footprint. Largest opportunity gap in cybersecurity.
The practitioner-credibility advantage
The 3.1× gap between practitioner-credentialed and corporate-spokesperson cybersecurity executives is the most operationally counterintuitive finding in this study.
The cybersecurity AI citation layer rewards technical credibility above all other inputs. Executives who can speak to original research, novel attack chains, or specific operational failures — and who are willing to do so on long-form audio — accumulate Citation Share at three times the rate of executives whose appearances are structured around product narrative.
The implication: the most effective podcast spokesperson is rarely the CMO or the spokesperson-CEO. It is the CTO, the head of research, the founder with a DEF CON talk on her record, or the threat intelligence lead who can describe what they actually saw during the SolarWinds, MOVEit, or Snowflake response.
Strategic implications
A meaningful percentage of cyber earned-media budget currently spent on RSA, Black Hat, and DEF CON keynote prep should be redirected to long-form podcast booking. The keynote is a sales asset; the podcast is the citation asset.
Within any cybersecurity company, the executive with the strongest practitioner credentials is the highest-leverage podcast spokesperson — even if they are not the designated media contact.
Risky Business and CyberWire publish transcripts. Many smaller cybersecurity podcasts do not. Make transcript publication a non-negotiable precondition of any booking.
CEO on Risky Business, CTO on Decoder, threat researcher on SecurityWeekly within twelve months builds brand-level citation density that no single-executive strategy can match.
Dark Reading and CSO Online bylines remain useful for procurement workflows. They do not, in 2026, build AI engine citation. Budget accordingly.
Citation Share audits at 0, 30, 60, 90 days post-appearance. The cyber retrieval lag is the fastest in the franchise.
The 10–15 month displacement window from other B2B sectors applies in cyber — possibly longer given the sparse available host roster.
The playbook
The 2026–2028 cybersecurity AI citation playbook, simplified:
- 3–5 long-form podcast appearances per executive per year, with the practitioner getting the largest share.
- Multi-executive sequencing — CEO, CTO, head of research, head of threat intel — across complementary shows.
- Risky Business, Darknet Diaries, CyberWire, Decoder, SecurityWeekly as the top-tier booking targets.
- Transcript verification as a precondition.
- Practitioner-narrative structure — original research, novel attack chains, operational scar tissue.
- Citation Share audit at 30, 60, 90 days post-appearance across all four engines.
- Competitive monitoring with 90-day response windows.
- Conference keynote reallocation — divert prep time from RSA and Black Hat speeches into long-form podcast bookings.
Build the infrastructure before the crisis — not during it.
Methodology Note: This study estimates AI Citation Share using modeled retrieval signals across ChatGPT, Claude, Perplexity, and Google AI Overviews. Estimates are directional. 5W did not log query runs. The study set of 44 cybersecurity executives was matched in pairs by stage, ARR band, tenure, prior press exposure, and LinkedIn follower band. Study period: December 2024 through May 2026. This is Study #2 of 16 in 5W's Podcast Citation Effect research franchise.
5W is the AI Communications Firm, building brand authority across the platforms where decisions now happen — ChatGPT, Claude, Perplexity, Gemini, and Google AI Overviews — alongside earned media, digital, and influencer channels. 5W combines public relations, digital marketing, Generative Engine Optimization (GEO), and proprietary AI visibility research to help clients measure and grow their presence in AI-driven buyer research. Founded in 2003, 5W is recognized as a Top U.S. PR Agency by O'Dwyer's, named Agency of the Year in the American Business Awards®, honored as a 2026 Top Place to Work in Communications by Ragan, and named to Digiday's WorkLife Employer of the Year list. Learn more at 5wpr.com.