Expert Insights is an independent cybersecurity research and review platform, read by over one million businesses annually. This page explains the editorial principles, governance structures, and accountability standards that underpin everything we publish.
For details on how we conduct hands-on product testing, how we score products, and what our reviews include, see our How We Test & Review Products page.
Why Expert Insights Exists
Craig MacAlpine founded Expert Insights in 2018 after more than twenty years working in email security, IT infrastructure, and cybersecurity product deployment. Before Expert Insights, Craig spent a decade as CEO of EPA Cloud, a UK-based email security provider he founded in 2003 that grew to serve over 1,000 clients before being acquired by Ziff Davis (formerly J2 Global, NASDAQ: ZD) in 2013 and rebranded as VIPRE Email Security.
Craig founded Expert Insights because he was frustrated by the gap between how security products were marketed and how they actually performed. Too much of the information available to IT buyers was driven by vendor marketing rather than independent, hands-on evaluation. That frustration remains the driving force behind everything we publish.
Editorial Independence
Expert Insights generates revenue through advertising partnerships with cybersecurity vendors. These commercial relationships fund our research, product testing, and editorial operations. We are transparent about this because editorial independence is the foundation of our business.
Editorial and commercial functions operate as separate teams within Expert Insights. The editorial team reports through an independent editorial chain and is not managed by, or accountable to, the commercial team. No commercial team member has the ability to assign, approve, delay, or alter editorial content.
Our editorial team has final say on all published content. This includes which products are included in our research, what scores they receive, how they are described, how they are ranked, and whether they are recommended for specific use cases.
Our team has deep industry relationships built over decades, and our editorial staff meet regularly with vendor leadership at conferences and briefings. We value these relationships, but we draw a clear line between them and editorial judgment. When commercial and editorial interests do not align, editorial judgment takes precedence. Our long-term credibility depends on it.
How Advertising Affects What You See
We believe readers deserve complete clarity about how money affects visibility on our site. Here is exactly how commercial relationships do and do not influence our content:
What advertising can affect
Paid placements may affect where a vendor’s sponsored content appears on Expert Insights. This includes promotional placements within newsletters and email communications, and featured positions in dedicated advertising units. Within our buyers’ guides, sponsoring vendors may appear in a promoted position. All sponsored placements are clearly labeled, and all links to vendor websites from sponsored listings are marked as sponsored. Default ordering for non-sponsored listings is alphabetical. If a vendor ends a sponsorship, their listing remains in the guide — they were included on editorial merit before the sponsorship began, and that does not change.
What advertising cannot affect
Product inclusion. Every product included in our buyers’ guides and shortlists has been evaluated and approved by our editorial team based on product quality and relevance to the category. Advertising cannot buy inclusion in any guide — if a product does not meet our editorial standards, it will not appear regardless of any commercial relationship.
Scores, reviews, and recommendations. Our Editor’s Scores, review content, Pros and Cons, and “Best for” recommendations are determined solely by our editorial team based on hands-on testing. These are never influenced by advertising. A sponsored listing does not receive a higher score, a more favorable review, or a different recommendation than it would without the sponsorship.
Review content. Our analysis, including Pros, Cons, Strengths, Cautions, and Final Verdict sections, is based on independent hands-on evaluation. Vendors cannot review, approve, or modify editorial content before publication.
Awards. Our awards program is independent and based solely on criteria set by our editorial team. There is no pay-to-play element.
For full details, see our Advertiser Disclosure.
Who Produces Our Research
Our research is produced by two teams that work together: a technical research team that conducts hands-on product testing, and an editorial team that covers the broader cybersecurity market, maintains vendor relationships, and produces our published content. The two teams complement each other — our technical researchers verify whether a product does what the vendor claims, while our editorial team provides the market context, industry relationships, and journalistic rigor.
Technical Review — Craig MacAlpine, Founder and CEO
Craig MacAlpine leads the technical review side of Expert Insights. He evaluates products through the lens of a technical buyer: does the product work, is it fit for purpose, and does the ecosystem around it — pricing, support, integration, documentation — hold up in practice.
Craig’s career in IT security began in 1996 at ElectricMail, a UK systems integrator that connected enterprise email systems to the internet for the first time. Working with blue-chip clients including British Airways, EMI Music, and Channel 4, the team quickly evolved from connectivity into security — becoming the first European reseller of Check Point’s firewall range, deploying RSA SecurID remote access solutions, and developing managed email gateway services using MIMESweeper. That early experience of working at the sharp end of enterprise IT — understanding what large organizations need, how they justify technology decisions internally, and the support they require through rapid technological change — shaped Craig’s approach to product evaluation.
In 2003, Craig founded EPA Cloud, a UK-based email security provider. Over the next decade, EPA Cloud grew to serve more than 1,000 clients before being acquired by Ziff Davis (formerly J2 Global, NASDAQ: ZD) in 2013 and rebranded as VIPRE Email Security. Craig then served as a Product Manager at FuseMail (now VIPRE) from 2013 to 2015, managing their email security product line. In 2017, he spent six months in an interim role at EveryCloud Tech, the exclusive UK and US distributor for Hornet Security — a company Craig had known since it was a 40-person operation and which has since grown to over 900 people and become part of Proofpoint.
Craig’s technical experience spans email security, email encryption, endpoint protection, cloud backup, DNS filtering, web filtering (including browser isolation and proxy filtering), and the broader stack of security products that IT managers and managed service providers work with day to day. He is also actively involved with several managed service providers, giving him direct, current experience of the operational challenges MSPs face when deploying and managing security products for their clients.
Technical Research Team
Craig’s technical research team includes cybersecurity engineers and analysts, all with degrees in cybersecurity and hands-on experience in deploying, configuring, and testing security products. The team conducts the hands-on product evaluations that underpin our reviews and buyers’ guides, working through real deployment scenarios, configuration workflows, and day-to-day administration.
Expert Insights covers a broad range of cybersecurity categories. In areas such as application security and DevSecOps, where specialized development experience is essential, we bring in experienced software engineers and security practitioners to test products and provide their technical assessment. This ensures that our reviews are always grounded in relevant, hands-on expertise — even in categories that sit outside our core team’s primary skill set.
Editorial Team — Joel Witts, Director of Content
Joel Witts has led Expert Insights’ editorial operation since co-founding the company in 2018. Joel holds a First Class BA (Hons) in Journalism, Media and Cultural Studies from Cardiff University and has focused exclusively on cybersecurity journalism for over eight years. He has reviewed hundreds of cybersecurity solutions and interviewed hundreds of industry leaders across identity and access management, email security, zero trust, DevSecOps, and more.
Joel and his team of four writers cover the cybersecurity market at an industry level: attending major conferences, interviewing vendor leadership, tracking product roadmaps, and maintaining relationships with the companies and people shaping the market. Each year, the editorial team attends RSA Conference, Black Hat, and other major industry events, meeting with the leadership teams of companies including Google’s cybersecurity division, Zscaler, Proofpoint, and dozens of others. In a typical year, the team conducts in-depth briefings with upward of 30 vendors at RSA Conference alone.
Joel hosts the Expert Insights Podcast, which has published over 85 episodes across three sub-shows — in-depth vendor interviews, Women In Cyber, and Game Changers. Guests have included the Field CISO of Securonix, the CEO of Doppler, the co-founder of Action1, the Chief Innovation Officer of Snyk, a Managing Director at Dell Technologies Capital, and a former FBI Deputy Assistant Director.
Joel also co-writes Cyber Weekly, Expert Insights’ weekly cybersecurity newsletter for IT leaders. Cyber Weekly is part of a growing family of newsletters designed to serve distinct audiences within the cybersecurity community. Cyber Daily, a daily briefing, is launching soon, and a dedicated newsletter for managed service providers is in development. The goal is to create focused, high-quality content that different groups — CISOs, IT managers, MSPs — actively want to read and engage with.
How Our Teams Work Together
This is where the two teams reinforce each other. When a vendor claims a new capability or market position, our editorial team captures that claim through direct conversation with the vendor’s leadership. Our technical team then verifies whether the product delivers on that claim through hands-on testing. This combination of high-level industry relationships and ground-level technical verification is central to how Expert Insights operates.
We often find that vendors overstate or exaggerate their product’s capabilities. Our job is to filter that out so our audience of CISOs, IT managers, and MSPs gets a clear picture of what actually works. We do not publicly call out vendor marketing claims, but we do ensure that our published research reflects the product as we found it — not as the vendor describes it.
Publication Standards
Every piece of editorial content published on Expert Insights meets the following standards before going live:
Named authorship. Every article carries the name of the author who wrote it and the senior reviewer who verified it. Author credentials are displayed on their profile page.
Date transparency. Every article displays its original publication date and the date of its most recent update. We do not publish undated content.
Methodology disclosure. Every review includes a “How We Reviewed” section documenting what was tested, when, how, and in what environment.
Technical review. Before publication, all content undergoes technical accuracy review by a second analyst, followed by editorial review for clarity, consistency, and adherence to our style guide.
Fact-checking. Pricing, feature claims, and vendor details are verified against the most current sources available. Where we have been briefed on unreleased features, this is clearly disclosed.
Content Integrity and Corrections
We hold ourselves to high standards of accuracy, and we are transparent when we get something wrong.
Corrections. If a factual error is identified in published content, we correct it promptly and note the correction on the article. We do not silently alter scores, rankings, or editorial conclusions.
Product removals. If a product is removed from a buyers’ guide or a score is revised, we update the published content to reflect the change with an explanation.
Vendor engagement. Post-publication, vendors may contact us to report factual inaccuracies. Any corrections are made at our editorial discretion. Vendors cannot request changes to opinions, scores, or editorial conclusions.
Reader feedback. We actively incorporate feedback from IT professionals who use the products we review. If your experience with a product differs significantly from our assessment, we want to hear from you.
Our Standards for Advertisers
Not every vendor that approaches us is accepted as an advertiser. All prospective advertisers go through a qualification process in which we evaluate product quality, market credibility, and customer track record.
We frequently decline advertising requests from vendors whose products do not meet the standards our readers expect. We will not allow a low-quality or unproven solution to be advertised on Expert Insights. This gatekeeping is fundamental to the trust our readers place in our platform.
Why Trust Expert Insights
Expert Insights has been serving the cybersecurity community since 2018, built on a combined team experience spanning nearly three decades in IT security, enterprise infrastructure, and cybersecurity journalism. Our research is read by over one million businesses annually, with a global audience spanning IT leaders, cybersecurity professionals, and managed service providers across North America, Europe, Asia, and the Middle East.
We are one of the most cited sources in B2B cybersecurity AI search results, ranked in the top seven most-cited brands in digital software by Semrush in 2025. Our quarterly cybersecurity awards program, now in its seventh year, is fully independent with no pay-to-play element.
Our business model depends on maintaining trust with our audience. We prioritize long-term credibility over short-term commercial gain. Every editorial decision we make is guided by a single question: does this help someone make a better security decision?
Questions About Our Editorial Process
If you have questions about how Expert Insights maintains editorial independence, how we work with vendors, or concerns about any published content, please contact us at [email protected].
