This week on Ethical Voices Bill Keeler, senior director of PR and communications with Semperis a leader in AI powered identity security, and cyber resilience, discusses:
- Why “vaporware” claims are the fastest way to lose credibility in cyber PR
- The ethics issues involved in ransomware attacks
- The issues CISOs face – and how it is coming to the big screen
- The power of transparency
Tell us about yourself and your career
I’ve been in public relations and communications for about 30 years. I spent these last 20 plus years focused on cybersecurity. I was involved heavily with all of our cybersecurity clients when I was at Schwartz Communications, which then turned into MSLGroup in 2016. I took over as PR director globally for Cybereason, at the time a hot startup in endpoint security. These last two plus years I have been at Semperis running global PR and comms.
It is an amazing ride. There is always a breach. There is always a story in cybersecurity. There is never a dull day. There is a lot to communicate and a lot to talk about as it relates to defending all of our digital infrastructure. Everything that we have on our phones and our laptops and digital devices is at risk from cyberattacks.
What is the most difficult ethical challenge you ever confronted at work?
The most difficult ethical challenges were on the agency front where you would have clients who were asking us to write a press release or publish news that was entirely fake or filled with enough holes that it was more worthy of being Swiss cheese.
If we encountered that, we always pushed back. We used to call it vaporware. It was where you were trying to get an advantage against your biggest competitors. But it turns out that, the bulk of that press release was essentially fake news. There wasn’t really much legitimacy to it.
I’ve been blessed over the years to work with a highly talented group of ethical people who would always push back. When I was at the senior account exec level, sometimes you feel pressured. You don’t know what to do or how to respond to a client.
Being able to bring those issues up the food chain into Senior leadership within the teams, was always refreshing to get a good response to go back to the clients about how that was not our recommendation and we certainly wouldn’t stand for it as an agency. I’ve been able to carry that same approach out on the private side working now for about 10 years representing individual cyber companies.
What do you do when your bosses tell you all our competitors are making this claim. If we don’t make it, we’re going to be at a disadvantage. Other people are fudging it, why don’t we fudge?
It’s a good question. We would push back and say, you want to gain a competitive advantage. That is understandable.
Is there truth and legitimacy to what you claim? There usually was a little bit of gray there, but oftentimes a lot of truth to it. Maybe they were trying to push the envelope and make the announcement six months to a year before reality, so we would push back and say, try to find a happy medium somewhere. Let’s not make the announcement immediately. Let’s wait three to four to five months and see if we can improve the product stack, see if we can improve the opportunity. To put out a press release that had some truth to it.
Companies do it all the time. It’s a matter of announcing a product. When is the product actually available? That could be six months to a year later, but if you’re transparent about that, you cover your bases. A lot of times, companies would not want to be transparent by saying, yeah, the product’s available immediately, because the sales team was under pressure to close deals, to generate revenue, to meet the quarterly goals.
Are you seeing changes in this globally? How are things different in other countries?
From a public relations and communications perspective, they run differently in other countries, Australia, Singapore, Germany, France, other parts of Europe where we have PR support. But ethical standards are still the same.
It comes down to what is inside of each individual and pushing truth versus fake news are the people that I want to be partnering with. I won’t put up with fake news with the agencies that we work with, if that were ever to arise.
PR strategies and how you approach the media and how you might write a press release or how you might write a blog might be a little bit different, but ethical standards are still the same, tell the truth and be transparent. If you do that, you’ll survive. You’ll win. You’ll be better for it.
One of the reasons I reached out to you is I saw on LinkedIn a post about “Midnight in the War Room” a full-length feature film that you are co-directing. Tell me more about that.
You and I have known each other for a long time. Mark, you probably say, wow, Keeler, you’re co-directing a full-length feature film on cyber war. Are you out of your mind?
This whole project started as the result of a conversation that my boss Tom LeDuc, our CMO and I were having with Chris Inglis. Chris is an amazing man strategic advisor at Semperis, and he was the first ever US National Cyber Director under President Biden. We were in a meeting earlier this year with Chris and we were talking about cyber war and conflict, all these massive breaches that seemed to be in the headlines every week from Change Healthcare to Colonial Pipeline to Solar Winds, to the WannaCry attack all the way back to 2017.
I asked Chris if there had ever been a time when he really became concerned? About all of these attacks and our safety as a nation and how we go about protecting our digital infrastructure. He immediately said the Colonial Pipeline incident. Within a day or two gasoline stations up and down the Eastern seaboard were running outta fuel.
There was panic. People were hoarding gasoline. Chris and I were talking about how that was only on the Eastern seaboard. Imagine how quickly chaos could ensue if you disrupted gasoline across the entire country up into Canada, down into Mexico…if you were able to disrupt fuel distribution in Europe, and it happened over a period of days, chaos could ensue pretty quickly.
We went with that idea and said, why don’t we try to produce a film on cyber war and the heroic work that CISOs do with their teams every day to keep our critical infrastructure safe and to keep us safe. We are going to dive into the topic of cyber war.
We’ve talked to an amazing group of leaders in this industry from Chris English, General David Petraeus to Jen Easterly, and we’ve interviewed about two dozen CISOs from a variety of different industries and companies asking them about their role, the stress, the thanklessness, the long hours. How do they keep it all together under pressure?
We want this documentary to appeal to average people, our spouses, our children, our relatives and make this a call to action. Every citizen, every consumer has a responsibility to improve resiliency.
And if we can all do that, we’re better prepared to fight back against China and Russia and our biggest adversaries.
It’s been a lot of fun. Mark. There’s a lot of work to do to get this film completed.
It’s a documentary that will hopefully appeal to tens of millions of people around the country and around the world. And it’s been amazing, talking to these cyber first defenders.
These are people that every day of the week protect our critical infrastructure, and they go about doing it in sometimes a very thankless role. The long hours, the stress, their teams, these security teams are behind the scenes, rooting out risk and trying to discover when the Chinese Nation state group or the Russian Nation State Group is inside the water utility, or inside a hospital network, and patients’ lives are at risk when ransomware attacks hit.
And emergency room equipment suddenly goes down. It’s been an amazing amount of interviews and these stories we will be bringing to life in the documentary.
What are the ethics issues in dealing with hackers in these nation states that may be holding companies and their data hostage?
It’s a good question. What are the ethics involved in dealing with criminals?
A, after all, these are criminals. In some respects, the ransomware actors and other threat actors have been glorified, as heroes in some parts of the world. But these are essentially criminals. They may be operating a business as if they think it’s legitimate, and they might have a help desk and an HR team on staff. But these are criminals.
They crossed the line several years ago when they broke a code they had set up about how they wouldn’t attack hospitals. Do you know why they started attacking hospitals? Because hospitals were threatened and felt like if they did start paying, they would get decryption keys.
The decryption keys would enable them to restart their equipment on patient floors and in ERs. And get back to providing the best quality care for patients. When that equipment is down and you have to go back to manual processes, it slows down the response times with which you can treat patients.
There are no ethics in hackers. The Federal government, maybe not even 10 years ago, was recommending that companies pay ransoms. But that has changed dramatically as people have figured out that when you’re paying, you’re only fueling this economy even further.
Don’t think for a minute that any of these hackers have any ethics, it’s zero. Zero.
I agree with you. I always advise clients they are going to sell it again if they want to. This goes back, right back to the Barbary Pirates. People would pay folks off, and that was one of the first jobs of the Marine Corps.
We’ve found over the years that when companies pay ransoms they are challenged with closing the security hole in the network, which enabled the ransomware actors to get in the first place.
Companies have been paying multiple times in a given year. They pay the ransom. And what does that do? It puts a bigger target on their back. And a second and a third and a fourth ransomware attack. They’ll attack them fairly quickly after the first payment was made.
Now I’m an advocate for companies making decisions that are in their best interests and sometimes ransoms must be paid. There are small businesses, small doctor’s offices, small accounting firms, dentist’s offices around this country that could literally be put out of business if their computer system was made inoperable and they couldn’t operate their business for a week or two.
We saw this just as recently last year with the Change Healthcare attack. You had hundreds if not thousands of doctor’s offices and dentist offices around the country that were having a hard time meeting payroll, and they were thinking very seriously about shutting down operations temporarily, laying off staff, and these are small businesses with six or 10 or 12 employees, who were going to be losing their jobs.
It’s a real challenge for organizations today. Even with hundreds of millions of dollars being spent on cybersecurity technology and security services. The bad guys have an advantage in that they don’t follow the rule of law. They have no ethics, they have consistency, and they have patience, they’re highly skilled and they have to be right once.
The good guys, the defenders, have to be right 100% of the time or all hell could break loose. Going back to the documentary, that is one of the reasons we want to highlight the amazing stories, the heroism in Cyber First response. In defending these brand names that we are all familiar with.
We shop in these retail locations. We purchase products from online retailers that have been suffering from cyber risk. We want to bring those stories to life and really awaken America again about the importance of resilience and how we can all play a better role in becoming more resilient as a nation.
What is the best piece of advice you ever received?
It is really about always telling the truth. It is that simple. It protects your credibility as an individual.
It is gonna protect your company’s credibility. And if you are working for a PR firm or you have partners or customers, everyone’s credibility is then protected.
I would also say don’t stoop down to the level of trying to make up an answer if a partner or a customer or a coworker could ask a question, and you don’t have an answer.
Admit that you don’t know the answer. Seek out an answer. Use the leadership within your company, use your friends, use your resources. Network with people that you know, which may help you find the answer to that question.
Transparency is key. We talk about transparency all the time in the cybersecurity space. You see it in the headlines. When a retailer or an automobile manufacturer or any company is attacked one of the most important things for that company to consider is how transparent can they be. Their customers will appreciate knowing more about the risk to their personal data.
The risk of their social security number. Blogs and social media have a way of being very harsh to people and very harsh to companies when they are not transparent after breaches. So, my advice as it relates to cyber and everyday life is just always be as transparent as possible.
Be truthful, be transparent and it goes a long way to ensuring that you are a credible source in the industry.
Listen to the full interview, with bonus content, here
- The PR Industry Wasn’t Built for Us—So We’re Rebuilding It - March 9, 2026
- Truth Under Fire: Ethics in Cybersecurity Communications - March 3, 2026
- This Week in PR Ethics (2/3/26): Fake posts, fake experts and fake photos - February 3, 2026
0 Comments