Nobody told me I was going to run a podcast. Which is usually how the work that teaches you the most begins.
One week I was writing cybersecurity content for Horangi’s blog. The next, my immediate boss, Yang, asked if I would be good to “revive” the Ask A CISO podcast.
It was a show started as a side project by one of the company’s pioneers, and it had almost no listeners.
To be honest, I did not even know we had a podcast.
So, yes, as you would have figured by now, there was no handover document. No guest pipeline. No production budget. No promotion plan.
And no explicit expectations.
Though I immediately suspected there was one expectation hiding under all that silence.
It had to work.
Eight months later, Ask A CISO had grown its listenership by 2,400% and built a line-up of cybersecurity leaders that I would never have been able to reach if I had started with a cold pitch and a hopeful smile.
Before I continue, a caveat.
This is not a story about “finding your authentic voice.”
It is not about the power of consistency.
It is not a neat podcast growth playbook, because most neat playbooks skip the part where you are new to an industry, working alone, chasing senior cybersecurity leaders across time zones, and occasionally paying for production out of your own pocket because the episode has to go out on Wednesday.
If you are reading this because you want to grow a B2B cybersecurity podcast, the useful part is not the 2,400% number.
The useful part is what had to be rebuilt before that number was possible.
This is the less tidy version.
The one that actually happened.
The B2B Cybersecurity Podcast I Inherited Was Basically Dead
A few episodes existed.
The numbers were not encouraging.
There was no referral network, no established guest pipeline, and no process for getting an episode from “possible guest” to “published and promoted.”
Zilch.
Nada.
What existed was a brand name with genuine credibility in APAC cybersecurity, and a format that made sense on paper: senior security practitioners sharing real conversations about the problems keeping them up at night.
The format was right.
Everything around it needed rebuilding.
And the first problem was guests.
First and biggest, I might add.
I had just entered the cybersecurity industry. I did not know enough CISOs. I did not have a network I could casually tap. Cold outreach to senior security executives, with almost nothing to show them, felt like a long shot.
So I did not lead with the ask.
And in the beginning, that “almost” mattered a lot.
Because the first person who gave the revived show a real foothold was Gerald Auger.
That first guest matters in a way you only understand when you are trying to build something that does not yet have momentum.
Before Gerald, Ask A CISO was still mostly a format on paper: decent name, sensible premise, credible company behind it, but no real proof that the revived version could attract serious people.
After Gerald, I had something different.
Not a big audience yet.
Not even a proper pipeline.
But proof that someone credible had said yes.
That changed the next ask. I was no longer asking people to take a chance on an idea. I was asking them to join something that had already begun.
Once that first episode was in place, I was no longer asking people to take a chance on an idea.
So from there, I became more deliberate.
I did not lead with the ask.
I was asking them to join something that had already begun.
Finding CISOs Without Looking Like I Was Collecting Contacts
The biggest question came before the pitch.
Where do I find these people?
Where could I find CISOs, cybersecurity leaders, and practitioners with real opinions in the shortest amount of time?
One word: LinkedIn.
But the strategy was not to search for “CISO” and fire off connection requests with a podcast pitch attached.
That would have been too abrupt.
Also, why would anyone say yes to a podcast invitation from someone they did not know from Adam, metaphorically speaking?
So I looked for signals.
Who was actually writing about cybersecurity with a real point of view? Who was engaging in comments, not just broadcasting? Who had published a book, a whitepaper, or a detailed post that showed they had something to say beyond the standard CISO talking points?
When I found someone worth reaching out to, I did not pitch immediately.
I first engaged with their content.
Not a lazy “I agree.”
Not “great post.”
Something that showed I had actually read what they were saying. A comment that responded to the argument, not the job title.
Only later, when the timing felt less abrupt, would I bring up Ask A CISO as a platform for them to expand on something they had already been writing about.
The pitch was not really:
Please come on my podcast.
It was closer to:
You have something to say that the cybersecurity community in Southeast Asia should hear. Ask A CISO can help you say it to a wider audience than your LinkedIn post alone will reach.
That framing worked because it was true.
It put the guest at the center of the value proposition.
Not me.
Not Horangi.
Not the podcast.
The guest.
The clearest example of this was Mikko Hypponen.
If you know cybersecurity, you know the name. He was not someone I could approach with a vague “would love to have you on our podcast” message and expect to be taken seriously.
So the work started before the ask.
On 16 August 2022, I sent him a LinkedIn message after coming across his post through Perry Carpenter, who had already been a guest on Ask A CISO.
That detail mattered.
It meant I was not reaching out from nowhere. I had a path into the conversation, and I had a reason for the ask beyond “you are famous in cybersecurity.”
In the message, I introduced myself as the producer of Ask A CISO, explained that the podcast was produced in Singapore for cybersecurity professionals in Asia, and connected the invitation to his newly translated book and his experience.
Then I did something I now think was important.
I made the ask human.
I told him it would be an absolute pleasure and honor if I could convince him to say yes.
Looking back, that line was not polished. It was not the kind of thing I would put into a cold outreach template today.
But maybe that was the point.
It sounded like a person asking another person for an hour of his time.
I also gave him the credibility stack: Chuck Brooks, Perry Carpenter, and Dan Lohrmann had already been on the show. I told him the interview would happen in a virtual studio and take no more than an hour.
Specific ask.
Clear audience.
Named proof.
Low time commitment.
That was the pitch.
Not perfect.
But it was specific enough to be real.
And in senior cybersecurity outreach, real beats polished more often than people admit.
The lesson was not that every message should sound exactly like that one. Some of the wording makes me smile now, especially the “resounding YES” ending.
But the bones were right.
I paid attention to what he was already talking about publicly, looked for the angle that would make sense for Ask A CISO’s Southeast Asian audience, and framed the invitation around that. Not celebrity. Not name-dropping. Not “please lend us your credibility.”
The angle had to be:
Here is a topic you already care about, and here is why practitioners in this region would benefit from hearing you discuss it properly.
That distinction mattered.
Because the more senior the guest, the less useful a generic invitation becomes.
They have been invited to things before.
They can smell a content calendar from a mile away.
What they need is a reason to believe the conversation will be worth their time.
The First Few Months Were Mostly Manual Grind
The first few months were not a strategy deck.
They were a spreadsheet, a calendar, a LinkedIn tab, and a lot of waiting.
Sometimes, guests confirmed and then went quiet.
That was my biggest fear.
Scheduling across time zones, especially Singapore and the US, meant a single episode could take three weeks to lock in from first contact to recorded call.
Singapore was easy enough.
The US was not.
EST, CST, PST. Calendar invites. Follow-ups. Reminders. The quiet dread of wondering whether a senior executive was still coming or whether I had just built next week’s publishing schedule on a polite ghosting.
And if the guest was from the US, the local host had to stay up late and still sound awake enough to carry a meaningful conversation.
Thankfully, my CEO, who was from the United States, had a friend back home, Jeremy Snyder, who volunteered to help host the US episodes.
That solved one problem.
It did not solve the other one.
Audio.
The Episode That Almost Did Not Air
Even when video episodes exist, podcasts are still an audio medium.
Honestly, everything is.
Who wants to watch a great TV show where you cannot hear what the protagonist is saying?
The first time I got a recording back that was almost unusable, I remember sitting with the file and feeling my stomach drop.
One guest’s connection had dropped in and out.
The other had background noise that made the whole thing sound like it had been recorded on the runway at Changi Airport.
I had three choices.
Scrap it.
Publish it and hope nobody noticed.
Or fix it.
I tried to fix it myself first, because of course I did.
I spent an entire Saturday adjusting knobs and sliders in audio software that promised the world and delivered something closer to a slightly less throbbing headache.
It was one of those moments where the difference between “resourceful” and “wasting your weekend” became painfully clear.
So I went to Fiverr, found a professional audio editor, and paid for the edit out of my own pocket.
No approval process.
No waiting.
The episode went out.
And, more importantly, people could actually listen to it.
You are probably wondering why I paid for it myself.
One: it was the weekend, and I did not think this was the kind of thing I needed to call my boss about. The episode had to go live on Wednesday, and edits could take one to three days depending on complexity.
Two: I did not have a budget to work with. It simply was not something specified when I took on the podcast.
Three: each edit cost about S$40, sometimes slightly more. It was not a small amount if you had to keep doing it forever, but it was not enough to justify letting a good episode die.
Eventually, I outsourced most of the episode edits to that same Fiverr editor. I worked out a steady price with him because I could promise a regular stream of projects.
The brief was simple because it had to be: clean up background noise, level the voices, remove obvious dead air, and return something that sounded like a professional cybersecurity podcast rather than a Zoom call rescued from a bad connection.
The spend came in under S$150 a month.
That bought me back hours I could use for the work I was actually hired to do: research and write cybersecurity content.
After all, I was in Content Marketing.
Eventually I made it official. I asked Yang if I could submit claims for the editing cost, and framed it plainly: the editing support would free me up to focus on my core work while keeping the podcast’s quality consistent.
He said yes.
That decision clarified something for me.
When budget does not exist yet, sometimes you have to demonstrate the value before you can ask for the funding.
And production standards are not vanity.
They are a form of respect.
The guest gave you an hour. The least you can do is make sure people can hear what they said.
The Referral System I Should Have Built Earlier
The referral system did not begin as a system.
After recording, I would send each guest a follow-up email. I thanked them, shared the episode assets, and asked directly if they knew anyone else who might be a good fit for Ask A CISO.
Simple.
Not automated into oblivion.
Not a growth hack.
A real ask at a moment when the relationship was warm.
Once I had a few episodes out, I made that ask a standard step in the process. Every guest outreach email and post-recording follow-up had a referral moment built in.
But I was late.
The referral network did not kick in meaningfully until month four or five. The first few months were manual grind: finding people, engaging with their posts, crafting the angle, following up, scheduling, briefing, recording, publishing.
All of it.
I treated the referral ask as presumptuous in the beginning.
Who was I to ask a senior executive to recommend my fledgling B2B cybersecurity podcast to their peers?
That hesitation probably cost me two months of compounding.
I learned something obvious only after I had made it harder for myself.
The ask is not presumptuous if the experience was good.
And even if you are not sure the experience was good yet, asking still costs almost nothing.
The guests who referred others were not doing it because the show was famous.
They did it because the conversation was handled professionally, the topic mattered to their community, and the episode made them look like the serious practitioner they already were.
That was within my control from episode one.
The Bahasa Indonesia Episodes Changed the Shape of the Work
The Bahasa Indonesia episodes were not mine to produce.
But they were mine to manage.
A colleague in Indonesia saw what I was doing and thought the podcast could work for her market too.
I was excited, not only because she asked, but because her ask told me something important.
We had an audience in Indonesia.
To think that, after a few months, a different market could already see value in the podcast was beyond my wildest imagination.
It meant the show was becoming more than a side project.
At her request, we had a Zoom call where I walked her through the process: preparation notes, host briefing, background research, guest questions, publishing steps, and promotion.
Then came the reality check.
If Bahasa Indonesia episodes were added to the same feed, I had to manage the schedule more deliberately. We could not suddenly flood the show with non-English episodes and confuse the existing audience.
But splitting it into a separate show did not make sense either.
There were not enough Indonesian guests yet to justify a sister podcast, and I was not interested in creating an occasional blip on Spotify or Apple Podcasts.
So we kept the episodes under the Ask A CISO brand.
One Bahasa Indonesia episode a month, out of roughly four.
Flexible, but deliberate.
She handled the Indonesian-language recordings. My role was everything around the content: briefing the host on the conversation angle, reviewing the episode structure, managing publication, and making sure the distribution approach stayed consistent across markets.
The language changed.
The standard did not.
That taught me something I have used in every regional role since:
You do not need to personally produce content in every market.
You need to own the brief, the standards, and the outcome.
Execution can be distributed.
Direction cannot.
The Trailer That Made Ask A CISO Easier To Share
One of the reasons I think the podcast started to feel real, even before the numbers looked impressive, was that it did not only exist as an audio file on a feed.
Each episode needed something around it.
Not a huge campaign.
I did not have the team or budget for that.
But enough supporting material to make the episode easier to share, easier to understand, and easier for a guest to feel proud of.
This trailer was part of that effort.
In hindsight, this is where the show began shifting in my head.
It was no longer “record, edit, publish.”
It was packaging the conversation so it had a life beyond the episode page.
What the 2,400% Growth Actually Came From
I am wary of making this sound cleaner than it was.
The growth did not come from one brilliant tactic.
It came from a set of small operational decisions that compounded because they were attached to real people.
The LinkedIn comments mattered because they made the outreach warmer.
The professional audio mattered because it protected the guest’s credibility.
The referral ask mattered because it came after a good experience, not before one.
The Indonesia expansion mattered because it forced the podcast to become a regional content operation instead of an English-only recording schedule.
And the publishing rhythm mattered because a show that disappears for six weeks does not feel like a show.
If I had to reduce it to one thing, it would be this:
Ask A CISO grew because I stopped treating each episode as a file to publish and started treating it as a relationship to manage properly.
That sounds less glamorous than “podcast growth strategy.”
It is also closer to the truth.
What I Would Do Differently
I would build the referral system from day one.
No hesitation.
No private anxiety about whether the show was too small to deserve an introduction.
If the guest had a good experience, I would ask.
If the episode was useful, I would ask.
If the conversation genuinely served the cybersecurity community, I would ask.
Not because I was entitled to their network, but because the show needed trust to move.
And in B2B cybersecurity, trust rarely arrives through a cold email alone.
It arrives through someone saying:
This is worth your time.
The Part That Still Bothers Me
The show did grow.
Then the company was acquired.
And eventually, I was let go.
Ask A CISO did not become the long-running regional cybersecurity media property I had started to imagine in my head.
It was dropped, or at least dropped from the version of the company I was still part of.
That part still bothers me a little.
Not in a bitter way.
More in the way unfinished things bother you because, for a while, you saw what they could become.
I was proud of that show.
I was proud that something I did not even know existed became something guests wanted to be part of, something a colleague in another market wanted to adapt, something that made Horangi sound like the serious APAC cybersecurity company it was.
All said, I am still thankful to Yang and my CEO, Paul, for giving me the chance to do something I had never done before.
No handover.
No pipeline.
No budget at first.
Just a close-to-death B2B cybersecurity podcast, and the suspicion that if I treated the work seriously enough, other people might too.
For eight months, they did.
And that was enough to teach me something I have carried since.
Sometimes content growth is not really about content.
It is about care, made operational.