Former Google security PR manager brings expertise to software supply chain startup
Sarah O’Rourke heads PR at Chainguard, a VC-backed startup founded by former Google engineers who are transforming the way software is built
Q: What drove your decision to pursue a career in tech PR/comms? And what inspired you to join the Chainguard team?
Sarah: Starting out, PR was actually not my first career choice. My college degree was in journalism. I wrote for the college newspaper covering a variety of beats from community and local events to eventually landing the student government beat. I loved the process of interviewing and uncovering stories, and even the pressure of the deadlines. When I graduated, the world looked a lot different in the newsroom. Everything was moving online, print was a dying industry and jobs were scarce, so PR was a natural industry to transfer my writing and storytelling skills. I ended up moving to San Francisco to join the PR agency world and naturally, a lot of clients I first worked with were tech companies (or traditional companies trying to become tech companies given the digital boom).
I went in-house at Google to lead communications for the cloud security team and security product portfolio. Cybersecurity is a vast industry within the tech industry itself – it has its own dedicated news cycle and every day I learn something new. When the SolarWinds attack happened in 2020, I remember talking to reporters and security leaders at Google about the details, speculation, endless senate and house hearings, and thinking to myself this is a serious wake up call for a lot of companies. But what actually struck me the most was that a lot of people in the industry (many at Google and now here at Chainguard) were flagging these supply chain risks and concerns for a long time. It just wasn’t that shiny thing everyone was talking about until unfortunately, something really catastrophic happened. Throughout all that, it became clear that there needed to be a shift in how software gets developed and to have established practices for building software safely and with the right checks and balances. Then, the Log4j vulnerability came out that next December, and I was pretty tired after that one. I thought, okay this issue isn’t going away, there is really an opportunity here to make a difference for a lot of organizations struggling with software supply chain security. Chainguard was already starting on that mission and I am proud to be a part of it.
Sarah O’Rourke
Q: How do you tackle the challenge of making complex tech topics relatable to the general public?
Sarah: It's important to look around at what is happening in the world and try to tie your story to those events. In cybersecurity, for example, policymakers and the White House are really involved in the issue, which if you look at all the issues they have to tackle or address it's amazing that there is this concerted effort to influence change because it really does have a huge impact on the American public if it's not fixed. It's not just telling a story that you have a product or service that does XYZ, you have to dig deeper to tell the story about what problem you are solving for them or why their lives will be impacted or changed in a positive way. I don’t think any consumer ever would care about a specific enterprise security product or service, nor should they. But what they do care about is knowing their car is secure, their phone is secure and their personal information is protected.
“It’s not just telling a story that you have a product or service that does XYZ, you have to dig deeper to tell the story about what problem you are solving for them or why their lives will be impacted or changed in a positive way.”
Q: How do you see tech culture evolving today? How do you think story can help that evolution?
Sarah: Tech used to be the darling and today it's scrutinized even more so than the government or other major industries. I sometimes read old cover stories about founders or products when they first launched and compare them to how they are covered today. It's a really wild shift, but I think it's a necessary one. Consumers, enterprises and governments all have different perceptions of technology than they did just a decade ago. They care about privacy, disinformation or national security and it's likely those things all were known to be risks at the time, but it wasn’t the story everyone was focusing on. People wanted connection and information at their fingertips and they wanted it fast. In today’s environment, I think storytelling can help by addressing it head on and leaning in to the extent you can. Apple does a really good job leaning into big tech issues like privacy in all their storytelling and advertising. It's amazing that when you think of an iPhone you now think about privacy as a main feature benefit and probably less about the camera lens or battery life. Using stories to tell your users that you are thinking about risks or their concerns and taking them seriously versus trying to distract away from them can be a game changer, or else it eventually becomes too late and you find yourself on the defensive side of a story.
Q: What trends or developments do you anticipate in the PR industry, and how are you getting ready for them?
Sarah: It's really competitive and noisy and that is only going to grow. That makes the job for PR pros harder in terms of landing coverage or breaking through. Knowing who your audience is, knowing what reporters care about and making sure the stories you bring them not only matter to them but can help them in other areas of their beat makes a big difference. PR is really about relationships and it's a two-way street, not a one-way street. And I also think there will be a bigger shift to people over products in terms of telling the right stories, so trying to find and cultivate those stories will be important.
Q: What is the most rewarding aspect of your career? What motivates you to continue in this field?
Sarah: I really like learning from people who are experts in their field and finding ways to bring their stories to life. I’ve been fortunate to work on really fun, exciting stories with security leaders and also some not-so-fun ones like security incidents or breaches. But what I always take away from those experiences is that there is still so much for me to learn and challenge myself to become a stronger communicator.
“Using stories to tell your users that you are thinking about risks or their concerns and taking them seriously versus trying to distract away from them can be a game changer, or else it eventually becomes too late and you find yourself on the defensive side of a story. ”
Q: For women aspiring to succeed in this profession, what advice would you offer them?
Sarah: Never doubt yourself and don’t be afraid to speak up or raise your hand. I think in tech, and early in my career I often did this, I just went with the motions and was there to do whatever was asked - pitch this or that. I always said to myself, I’m not technical or an expert so I don’t have anything to add. But as communicators and storytellers, we are the experts in our domain and we should own that. Ask questions, push yourself to understand complex topics and don’t be afraid to go deeper. It's important because we are the bridge to the outside world to tell the stories about what technology is or does.
Q: Lastly, we host a popular Book Club. What are you reading?
Sarah: My friend recently gave me a book about San Francisco - Season of the Witch by David Talbot. San Francisco (because of its proximity to Silicon Valley) is synonymous with tech today, but really the city’s history is so vibrant, complicated and beautiful at the same time, and tech is honestly the most boring part of its history. I wish I lived here 50 years ago. :)
* Chainguard is a Story Changes Culture client