.svg){kind=logo}
April 11, 2024
April 11, 2024
When Kaylin Trychon graduated from UMass Amherst with a degree in Political Science and Communications in 2014, she didn’t picture herself working in security communications for Google. However, she knew she wanted to achieve something significant with her career.
Moving from an agency to an in-house position with Raytheon’s cybersecurity division, to VP at bipartisan public affairs firm ROKK Solutions (where we met), to Google, and security startup Chainguard, Kaylin has become an expert at successfully navigating the often mismanaged and multifaceted world of cybersecurity communications.
She’s now leading PR, product marketing and audience development for Chainguard, a software supply chain startup launched in 2021. The company, which is working to make the software life cycle secure by default, through tools like container base images and software bill of materials (SBOM), recently announced $50 million in Series A funding.
I recently caught up with Kaylin to hear about the best piece of career advice she has received, how she thinks about security communications, and her tips for other security professionals. What follows is an edited version of our conversation.
What is the best piece of career advice you’ve ever received?
Coming from a military family, I’d been certain I wanted to do communications for warfighters or airplanes. However, during my in-house internship, everyone told me I should really start my career in an agency. I listened to that advice, joined an agency, and it changed my career trajectory.
Everyone is so hungry and there’s so much competition at an agency that it pushes you to be the best you can be. I thrive off of that type of environment. Even where I'm at in my career now, there is still no better feeling than getting a media hit. If you don’t feel the high of getting an interview request or piece of coverage, then public relations probably isn’t the right field for you.
The agency put me on a cybersecurity account and I started to realize how much information was being stored and shared online and the implications for society. I started following members of the security community on Twitter, learning the lingo, and was fascinated by how different audiences talked about security. I was able to combine my initial interest in national security with a new field and subject matter.
<split-lines>"If you don’t feel the high of getting an interview request or piece of coverage, then public relations probably isn’t the right field for you."<split-lines>
What have you learned so far about cybersecurity communications?
I see two main lessons. The first lesson is: Convenience will almost always trump security for consumers. When I first started out, I had zero knowledge about which steps I could take to be more secure online as a consumer. Compare that to today, where policies like two-step verification are becoming the default setting and the public is aware of major security breaches like SolarWinds and Log4j.
One of the most exciting things to me about joining Google was the opportunity to make security more convenient for everyone and to tell stories that make cyber attacks and their impact tangible for users. It is really difficult to inspire people to take an action they believe makes their lives more difficult, but, trust me, nothing is more difficult than getting your identity back after it has been stolen.
The second lesson is: Know which audience you’re addressing and tailor the message to them. Consumers are probably the most difficult audience to talk to, and the ones who get the most attention. However, you can’t ignore the cybersecurity experts who need to know what tactics bad actors have used and the government officials who want assurance that their systems are secure and their constituents are being protected online. As communicators, we know that being thoughtful and strategic about what we are communicating and where, when and how is what actually leads to the result we want.
<split-lines>"It is really difficult to inspire people to take an action they believe makes their lives more difficult."<split-lines>
Speaking of results, how do you like to measure success?
For me, it is all about reaching the right people. Did they retweet or share the article online? I don’t care at all about reaching a publication’s alleged 1.2 billion unique visitors. We all suspect that number is inflated, but an online engagement from someone your PR program is targeting is tangible and how I measure success.
How has the media landscape evolved with consumer awareness?
About 10 years ago, when I started pitching on this topic, it was incredibly difficult. You could not get a consumer or national publication to really write a consumer-friendly feature that explained why an everyday person needs to care about cybersecurity.
Today, it is vastly different. National newsrooms have both cybersecurity and personal technology reporters. I feel like I’ve been able to grow my career in tandem with public perception. The same reporters I was working with early in my career at trade publications are now directing coverage at national news outlets. I think that is a pretty unique experience.
Which one piece of advice would you like to call out to other cybersecurity communications professionals?
Take the security community into consideration. Spend time with the engineers, pay attention to the language they use, and learn the subject matter. Something I have challenged myself with is not using the term “hacker” to describe a bad actor or a malicious person, because I work with hackers, and I love them, and they're doing great work.
It is so easy to fall back on “cyber war” and other incendiary language, but using the right language at the right time and being really thoughtful about it, is what I will challenge my peers to do.
Walk me through a day in your work life at Google. How do you expect that to change at Chainguard?
My days are never the same, which I love. My days are never boring. In security comms, we never know what the news of the day is going to be, but we know there's going to be news. This is one industry where there will always be news. Being able to respond and be reactive is a huge part of my job.
Outside of breaking news, I was constantly engaging with reporters to understand what Google needed to do to help people understand this conversation. In security, we have these tentpole moments each year, like World Password Day and Cyber Awareness Month, but I also focused on the moments in between and making sure we’re helping to move the industry forward. Cyber is a team sport and a place where the adage “A rising tide lifts all boats” definitely applies.
Shifting to a security startup like Chainguard doesn’t change that ethos. There are endless security challenges and problems to solve, and events like Solarwinds and Log4j have demonstrated that supply chain security is a near top risk for enterprises of any size. One new and exciting challenge for me at Chainguard will be building a brand from the ground up.
<split-lines>"In security comms, we never know what the news of the day is going to be, but we know there's going to be news."<split-lines>
What do you do to destress?
Scroll TikTok endlessly! More seriously, I am an avid reader, I read constantly. I’ve actually run out of space for books in my apartment. I am also a golfer, a runner, and I love traveling — I am always on the road. My next adventure is going “off the grid” in the Tetons. Meaning, I will have no cell service for days. I don’t know what is more terrifying, the wild animals, or the thought of coming back to a thousand emails.
