Expert Insights researches, tests, and reviews cybersecurity solutions to help IT leaders, CISOs, and security professionals find the right tools for their organizations. We specialize exclusively in cybersecurity, which means our focus is sharper, our knowledge is deeper, and our recommendations are grounded in hands-on product testing — not just vendor marketing.
Expert Insights was founded in 2018 by Craig MacAlpine. Prior to Expert Insights, Craig founded EPA Cloud, which was acquired by J2 Global (NASDAQ: JCOM) in 2013. Today, Expert Insights is trusted by over 1 million business readers worldwide.
Our revenue comes from advertising partnerships with cybersecurity vendors. Select, qualifying vendors can sponsor placements on our site to connect with potential customers. These commercial relationships support our research and editorial work.
Our editorial and commercial teams operate independently. Vendors cannot pay for a better Editor’s Score, or a more favorable review. Our scores are based solely on product quality, assessed through hands-on testing by our analyst team.
Expert Insights is a privately owned company led by founder and CEO Craig MacAlpine. We maintain a robust onboarding process for all new advertisers to ensure they offer effective, secure, and credible solutions. We will never allow a low-quality solution to be advertised on our site, and we frequently decline vendors who do not meet our standards.
Our reviews are based on hands-on product testing, not just vendor demos or feature comparisons. Where possible, our analysts deploy each product in a controlled environment and evaluate it against a standardized criteria framework specific to the product category. This includes testing core functionality, ease of use, management console design, integration capabilities, and — where applicable — security detection and protection capabilities.
In addition to hands-on testing, we speak directly with product teams to understand architecture decisions, roadmap priorities, and known limitations. When we include information based on vendor briefings rather than our own testing, we clearly disclose this.
Every review includes a ‘How We Reviewed’ section that documents exactly what we tested, which environments and operating systems we used, and which product version was evaluated. For full details, see our Editorial Process page.
Each product we review receives an Editor’s Score out of 5, assigned by the reviewing analyst based on their hands-on assessment. The score reflects overall product quality and suitability for its target audience, informed by our evaluation of core functionality, ease of use, feature depth, integration capabilities, value for money, and vendor support.
Editor’s Scores are never influenced by commercial relationships. They are determined solely by our analyst team based on product testing and expert analysis.
Shortlists are curated guides that highlight leading vendor solutions in a cybersecurity software category. Each shortlist is researched, written, and published by our internal analyst and editorial teams based on hands-on product testing, market research, analyst reports, and verified customer reviews.
Every shortlist includes:
Solutions are included in a shortlist if they meet the inclusion criteria set by our analyst team. This process involves:
Vendors or customers who wish to submit a product for our team to consider can submit a briefing request on our website.
We do not produce a single ranked list from ‘best’ to ‘worst,’ because we believe no single product is the best fit for every organization.
Instead, our ‘Our Recommendations’ section matches products to specific use cases and buyer profiles. A product that scores highly for enterprise deployments may not be the best choice for a small business, and our shortlists reflect that.
We aim to make the strengths and limitations of each solution clear so readers can make an informed decision for their specific needs.
We revisit every shortlist and product review on a quarterly cadence. When we update a page, the ‘last updated’ date is clearly displayed. Major revisions — such as re-testing a product after a significant update, adding or removing a vendor — are noted clearly.
Between scheduled reviews, we also update content in response to significant vendor updates, major product releases, acquisitions, security incidents, or reader feedback.
All content is produced by our in-house analyst and editorial team. Our reviewers include security professionals with hands-on enterprise experience, technology journalists, and subject-matter experts across cloud security, identity management, email security, endpoint protection, and more.
Every shortlist and review is subject to a Technical Review by a senior member of the team, who verifies technical accuracy, scoring consistency, and that the content reflects genuine hands-on experience. Both the primary author and the Technical Reviewer are credited by name on every published piece.
Every author’s credentials are displayed on their author profile page, so readers can assess the expertise behind each review.