Dark Reading publishes original threat research, practitioner analysis, and security news for the working security professional. To get covered, you need a real finding: a novel vulnerability, a tracked threat actor, original attack-chain data, or a policy-level observation backed by your own telemetry. A product launch announcement, no matter how well-written, will not land here. Research that teaches the desk's readers something they could not have learned elsewhere almost always will.

I run fractional cybersecurity PR for security vendors, research teams, and practitioners, and Dark Reading comes up in almost every brief I take. It is the outlet security buyers actually read: CISOs, threat-intel analysts, SOC leads, red team operators. A placement there signals technical credibility to exactly the audience a B2B security company most needs to reach. But getting there requires understanding how the newsroom is structured and what its editors are actually looking for, because pitching it like a trade outlet is one of the fastest ways to get quietly ignored.

How Dark Reading's newsroom is organised

Dark Reading runs across a set of distinct editorial verticals, each of which has its own editorial lead and its own appetite for content. Knowing which vertical your story lives in is not optional. It is the first thing you figure out before you write a single word of a pitch.

Vertical / sectionWhat it coversWhat earns a slot
Threat IntelligenceTracked actors, campaign analysis, malware families, TTPsOriginal telemetry, named threat groups, novel attack chains
Vulnerabilities & ThreatsCVEs, zero-days, patch guidance, exploit activity in the wildVendor research with PoC data or real-world exploit observation
Attacks & BreachesReported incidents, post-mortems, breach analysisTimeline with technical detail, root cause, lessons drawn
Cloud SecurityCloud misconfigs, IAM flaws, SaaS attack surfacesResearch tied to a specific cloud environment with reproducible findings
Application SecurityCode-level vulnerabilities, SAST/DAST findings, API risksNamed product or framework with CVE or researcher validation
OperationsSOC workflow, detection engineering, SIEM, XDRPractitioner experience, benchmarks, measured outcomes
Edge & InfrastructureOT, ICS, IoT, critical infrastructureSector-specific research with real device or protocol data
DR TechProduct analysis, vendor landscape, buyer guidanceIndependent analysis with comparative data, not product marketing

The editorial team is small, and editors cross-cover beats. The fastest way to lose a desk is to pitch the wrong vertical, address no one, or blast the full team as a CC list. Pick one editor by name, match your research to their beat, and you stand a real chance. Pitch all of them and you will be ignored by all of them.

What Dark Reading actually publishes, and what it ignores

The clearest pattern I have observed across cybersecurity PR campaigns is this: Dark Reading runs stories where the reporter learns something from the source, not stories where the source is promoting something. The distinction sounds simple but it filters out the vast majority of pitches the desk receives.

Stories that get picked up almost always have one of three things: original data the source gathered through their own research or telemetry; an observed attack or campaign that is happening right now and has not been reported elsewhere; or a practitioner's contrarian analysis of an accepted security assumption backed by evidence. Stories that get ignored are product launches, funding announcements, partnerships with other vendors, survey results about how many CISOs are worried about something, and anything that reads like a marketing team wrote it.

Field ruleDark Reading is not a trade press outlet you pitch announcements to. It is a practitioner publication you bring findings to. If your story does not teach a working security professional something new about how attackers operate or how defences fail, find a different outlet for it.

The outlet also has a strong editorial firewall. Advertising and content partnerships are handled by a completely separate team and have no influence on editorial coverage. Pitching a sponsored content inquiry to an editorial contact will damage the relationship. Keep the two tracks separate, always.

The research-led pitch: what it looks like in practice

The Dark Reading pitch that works is not a press release with the product name removed. It is a short, technically specific summary of a finding, written in the language a security editor uses every day, with enough detail for the editor to make a fast judgment on whether it fits their beat.

Pitch anatomy
  1. Subject line: the finding in plain English. No hype words, no product names. "New phishing campaign targeting APAC financial sector exploits ADFS token caching" beats "Vendor X discovers critical threat." Max 12 words.
  2. Opening sentence: what you found, when you found it, and what it means for the editor's readers. One sentence.
  3. Three to five bullets: the technical evidence. Named threat actors if attributable, specific malware families, CVE numbers if relevant, victim sectors observed, detection indicators available.
  4. Why now: a sentence on the news peg. Is this campaign active today? Did you observe it in the past 30 days? Is a patch window closing?
  5. What you are offering: an exclusive on the full report, an embargo briefing, or a researcher interview. Be specific about what you are giving them and what you are asking for in return.
  6. Contact: a named researcher or technical spokesperson, not a PR contact as the primary.

Keep the pitch under 200 words. If the editor needs 400 words to understand why this is a story, the research is not distilled enough. The full technical report lives in the attachment or a shared link, clearly labelled as embargoed if it is. Editors at Dark Reading review a large volume of pitches and will not read a long pitch to determine whether it is interesting. The opening sentence and the first two bullets do the work.

The threat-research angle: what makes a finding publishable

Cybersecurity PR that lands in Dark Reading almost always traces back to a dedicated threat research function. Companies that publish consistently on this outlet have invested in research teams that generate original findings: tracked adversary groups with internal naming conventions, honeypot networks that log real attack attempts, red team engagements that surface novel technique variations, or long-running malware analysis that produces new IOC sets. That research infrastructure is what makes the pitch possible. Without it, you are in the product-marketing lane, and no pitch mechanics will move you out of it.

If you are a smaller security vendor without a dedicated research team, the path is not to manufacture a research-sounding pitch out of marketing content. The path is to find the genuine research your team does produce, however narrow, and own that beat. A boutique ICS security firm that has observed three months of attack attempts on a specific SCADA system has a real story. A mid-market endpoint vendor that has tracked a phishing kit evolving across 14 campaigns has a real story. The finding does not have to be headline-making. It has to be true, specific, and useful to the practitioner reading it at 8am before a team standup.

What makes a finding publishable
  • Observed in the wild, not theoretical. Editors will ask whether this has been seen actively exploited or is a lab finding only.
  • Named and specific. A named threat group, a specific CVE, a specific malware family, or a specific victim sector is more publishable than a generic "new wave of attacks."
  • Your own data. Repackaged third-party research with no original contribution will be spotted immediately. The sourcing has to be yours.
  • Actionable for defenders. What can a SOC analyst or security architect do with this information? If the finding has no defensive implication, it is harder to publish for a practitioner audience.
  • Responsibly disclosed. If the finding involves a vendor vulnerability, disclosure protocol must be followed before pitching. Pitching before disclosure is a fast way to lose credibility with both the vendor community and the outlet.

Timing, exclusives, and embargoes

Dark Reading works on a daily publication cadence with a continuous digital feed. Unlike a weekly magazine, there is no single issue window to hit. But editors do value exclusives for significant research, and embargo coordination is standard for major vulnerability disclosures or large-scale threat-actor revelations. Offer an exclusive to one editor when the research is genuinely significant. For research that is interesting but not headline-scale, a non-exclusive briefing with a few days of lead time before the report goes public is a reasonable ask.

The 72-hour window is a rough working expectation. If you have not heard back in three business days on a time-sensitive pitch, one follow-up is reasonable. Do it by reply on the same email thread, one sentence, asking whether the topic fits their current coverage. Do not call the editorial team. Do not pitch the same story to a different editor at the same outlet while waiting. If two editors at the same newsroom run conflicting stories from your research, neither will work with you again.

Field ruleExclusive means one editor, one outlet, one embargo date. If you have pitched three outlets simultaneously and called it an exclusive in each pitch, you have not offered an exclusive. You have offered a liability. Editors talk.

Bylines, contributed articles, and Dark Reading Connect

Beyond news coverage, Dark Reading publishes practitioner-authored contributed articles under its editorial guidelines, and runs Dark Reading Connect, a community platform where practitioners post their own analysis. These are meaningfully different tracks from editorial news coverage, but they are genuinely useful for building a presence on the outlet over time.

A contributed article in Dark Reading runs under your name, has to pass editorial review, cannot be a product pitch, and typically runs 800 to 1,200 words. The best contributed pieces are practitioner teardowns of a real incident, a methodology for a specific detection challenge, or a contrarian take on a security practice with concrete evidence. If you are building a threat research PR program, contributed articles are the sustained cadence that keeps you visible between major research drops. They are also substantially easier to place than getting a reporter to write a standalone news story about your work.

Dark Reading Connect is more accessible still: it is essentially a practitioner blog layer within the site. For founders and security leaders building a personal voice in the industry, contributing analysis there consistently builds a searchable archive of your thinking that compounds over months. It is not the same as editorial coverage, but it is real visibility to the practitioner audience you most want to reach.

Building a relationship before the pitch

The security press operates in a relatively small world. Dark Reading editors and contributors are active on LinkedIn and X, attend Black Hat, DEF CON, RSA Conference, and the specialist regional events. Most of the best editorial relationships I have seen built in cybersecurity PR started with a researcher sharing genuinely useful observations publicly for months before any formal pitch was sent. When the time came to pitch, the editor already knew the research team was credible.

For a cybersecurity PR program that includes Dark Reading as a target, I usually build a 90-day pre-pitch phase: the researcher publishes short technical observations publicly, engages with coverage on the outlet's own pieces, and attends at least one industry event where Dark Reading editorial staff are present. By the time the pitch lands, it is not cold. The research and the researcher are already known quantities. That context does not replace the quality of the research, but it removes the friction that slows down a good pitch.

For the full landscape of cybersecurity outlets and how they compare in terms of audience, editorial angle, and placement approach, the 2026 cybersecurity PR guide covers the full set. If you are also targeting crypto-adjacent security coverage, the mechanics of pitching outlets like Decrypt for Web3 security stories follow a similar research-first logic, though the audience and editorial context are different.

What it costs and what it returns

Dark Reading coverage is earned, not bought. There is no pay-to-play mechanism in the editorial operation. The investment is in the research that makes the pitch possible, and in the PR operator who understands how to translate that research into a pitch format and editor relationship that converts.

A fractional senior cybersecurity PR operator running a program that includes Dark Reading as a primary target typically runs $5,000 to $12,000 per month. A full agency with a dedicated cybersecurity practice runs $15,000 to $45,000. For a company earlier in its PR journey, a launch sprint focused on one or two major research releases and handled as a project rather than a retainer typically runs $15,000 to $40,000 all in, depending on scope and the research volume available to work with.

What a Dark Reading placement returns, when the research is strong, is durable: a citable, searchable, independently authored piece on one of the most trusted practitioner outlets in the industry. It gets referenced in RFP processes, linked from industry newsletters, and increasingly cited in AI-generated security briefings. The audience is exactly the buyer most security vendors need to reach at the moment they are forming vendor preferences. That is a different kind of return than brand awareness in a general business outlet, and for a B2B security company, it compounds in the right direction.

SJ
Shilika Jain

Fractional PR operator for cybersecurity, Web3, AI, and DePIN founders. 50+ protocols and security vendors placed across Dark Reading, Forbes, CoinDesk, Cointelegraph, Decrypt, The Block, Blockworks and specialist trade press. View full profile → · Book a 30-min teardown →

Frequently asked questions

How do you get covered by Dark Reading?
You bring original threat research, vulnerability findings, or practitioner-grade analysis, not a product announcement. Dark Reading editors are looking for stories where the reporter learns something from the source: novel attack chains, tracked threat actors, real telemetry, or a contrarian take on a security practice backed by evidence. Match your research to the specific vertical it belongs in, pitch one named editor, keep the pitch under 200 words, and lead with the finding not the company. A cybersecurity PR operator who knows the desk can compress the time to placement significantly.
What does Dark Reading not cover?
Product launches, funding announcements, partnership press releases, vendor surveys about how many CISOs are worried about something, and anything that reads like it was written by a marketing team. Dark Reading has a strict editorial firewall: advertising and sponsored content are handled by a separate commercial team and have no influence on editorial decisions. Pitching an advertising inquiry to an editorial contact damages the relationship permanently.
How do you pitch a Dark Reading editor?
Under 200 words, technically specific, addressed to one named editor whose beat matches your vertical. Open with the finding in one sentence: what you found, when, and why it matters to a working security professional. Follow with three to five technical bullets covering the evidence. State what you are offering: an exclusive, an embargo briefing, or a researcher interview. Close with a named technical contact, not a PR email address. Do not call. One follow-up after 72 hours on the same email thread is reasonable.
Can you submit a contributed article to Dark Reading?
Yes, Dark Reading publishes practitioner-authored contributed articles that pass editorial review. They run 800 to 1,200 words, must not be product pitches, and work best as practitioner teardowns, detection methodology explainers, or contrarian takes with evidence. For companies building a threat research PR program, contributed articles provide the sustained cadence between major research drops. Dark Reading Connect, the community platform, is a more accessible layer for building a personal practitioner voice over time.
How long does it take to get a response from Dark Reading?
A working expectation is 72 hours for a time-sensitive pitch. For non-urgent research pitches, a week is realistic. One follow-up by reply on the same thread after 72 hours is acceptable. Do not pitch the same story to multiple editors at the outlet simultaneously while waiting for a response. If the pitch does not fit the current editorial schedule, a good editor will usually say so briefly rather than leave you waiting indefinitely.

Running a cybersecurity PR program? Start with the cybersecurity PR service overview, then the 2026 cyber PR playbook for the full outlet map. The full playbook library covers pricing, pitch guides and the AI-search layer.