The editorial policy

Discover how we create cybersecurity content that's clear, honest, and deeply human, making sure every piece is accurate, empathetic, and trustworthy.

What is the editorial policy?

The editorial policy we use at includes the guidelines that inform our decisions around all the content we create and publish, from the topics we choose to how we approach them, and how we communicate our point of view.

This policy also defines our standards for the content we publish and explains our creation process, along with the ethical considerations involved.

What are the editorial values?

Our audience expects us to know and understand their needs and to respect them by upholding editorial standards similar to those used in professional journalism. They also want content that actual people created for other humans.

That’s why we invest time and effort into making sure all content we create is relevant, engaging, and helpful to people in our audience. To achieve this, we prioritize clear, consistent, and empathetic communication with a strong focus on accuracy, honesty, and human-centricity.

1. Consistency and integrity

We make sure our branding, messaging, terminology, and the quality of our content are reliably and predictably aligned across all communication channels. Painstaking attention to detail is one of the ways we commit to respecting our audience’s limited time and energy. Another one is setting clear expectations and delivering on the promises we make through our content and product.

2. Empathy and humanity

We use the Jobs To Be Done framework to understand and address our audience’s challenges and experiences, whether they are customers or peers from the cybersecurity community.

When presenting security research or introducing a new product feature, we prioritize the needs and pain points it solves for the individual and their team. We create content for people, not abstract organizations.

3. Clarity and honesty

We strive to offer our audience clear, specific, and accurate information to support their decisions, whether they are customers or readers/viewers/listeners looking to consolidate their know-how and skills.

We advocate for using correct cybersecurity terminology and the proper meaning of words (e.g. hacker as a neutral term instead of one with negative connotations).

Whenever possible, we avoid jargon or explain it to keep content accessible to audiences of various levels of security experience.

We also make it our mission to avoid buzzwords and clichés that can confuse or mislead. That also translates to being careful not to use embellishments or sugar-coat facts.

4. Accuracy and relevance

In our content, we focus on fact-checking and validating every technical aspect, while staying updated with industry trends and incorporating audience feedback. Before going live, each piece of content goes through our cybersecurity specialists’ professional judgement and analysis.

Some of our content gets routinely updated to keep it relevant and up-to-date with our audience’s needs. Updated blog articles, for instance, are date-stamped to reflect this.

We never alter known facts, present fictional material as reality, or otherwise compromise our audience’s trust in our content.

Our rule of thumb is that accuracy is always more important than speed.

If you notice any issues related to fact-checking in one of our pieces of content, please email us at

5. Context and transparency

Whenever we can, we strive to avoid prescriptive content, preferring to offer context around research, choices, and the thought processes behind them.

To achieve this, our team also creates original graphics, images, and videos to provide practical details or demonstrate functionality.

We pride ourselves on being open about our product’s capabilities and limitations, providing detailed and accurate product information, including potential drawbacks.

On matters relating to general cybersecurity topics, we strive to remain impartial. However, we cannot guarantee complete objectivity when it comes to product-related content, which presents our inherent bias as the team that develops and maintains it.

6. Originality and authenticity

At, we invest in creating original, helpful content backed by proper research and attribution.

Most frequently, we rely on reputable sources such as reports and research by professional and academic institutions. We also conduct expert interviews and fact-check data points, facts, and claims to the best of our abilities and resources.

Our content can never infringe the copyright or anyone's intellectual property rights. When mentioning data and details that someone else created, we always cite and link to their original sources.

7. Engagement and feedback

Aiming to help people find answers, solve problems, and get inspired, we encourage choice and provide calls to action that are as non-intrusive and relevant as possible.

We constantly engage with the community and the larger cybersecurity community and incorporate their feedback into our content creation process.

8. Accessibility

We commit to making our content inclusive and accessible to our audience and its diverse needs.

We strive to make sure disabled people can access our content, which reflects in our choices of technologies, frameworks, and other technical means that ensure accessibility.

9. Diversity of opinion

It is important to us that our content reflects a range of diverse opinions that capture experiences and expert opinions of different people in cybersecurity.

To achieve this, we intentionally explore perspectives of people in different roles and companies, from different backgrounds and different parts of the world.

10. Selective, sanctioned use of AI

We only use AI models (ChatGPT, LaMDA, Gemini, etc.) for very specific activities such as:

  • Creating a transcript of a podcast episode
  • Suggesting ideas for headlines, polls, or other content elements based on content a human has created
  • Shortening or rephrasing specific sentences
  • Summarizing or extracting quotes from larger bodies of text (e.g. a podcast transcript)
  • Research around how these AI models interpret questions around offensive security and the kind of answers they provide.

Our team fact-checks, scrutinizes, and validates every word of these content elements for which we sometimes use AI models to ensure accuracy. We are fully aware of the fact that AI models sometimes produce mediocre ideas, fabricate information, and even plagiarize content, so we are particularly careful to avoid these pitfalls.

This is why we never publish content with fully AI-generated text.

Our team prioritizes original thought, critical thinking, and authentic content. Just as we value the creative nature of hacking, we acknowledge the irreplaceable value of the human content creator.

Contact us about our editorial policy

If you ever come across a piece of content which you believe needs improvements or steers away from our editorial policy, please email us at