Leadership Lessons with Michael Bartley, Director and Head of Cybersecurity, Business and Technology at Brands2Life

In this interview, Rachel L’Estrange, Senior Consultant at Hanson Search, spoke with Michael Bartley, Director and Head of Cybersecurity, Business and Technology at Brands2Life. They discuss his leadership journey, changes in the industry and the importance of mentoring and supporting the next generation of leaders in tech.

Can you tell us about your journey into leading communications in cybersecurity. What initially drew you to this field, and how did your career evolve to lead you to your current role?

My route into communications wasn’t particularly conventional. Before moving into PR I spent eleven years working in asset management. It was a strong grounding in business and markets, but eventually I realised I wanted to work in a field I genuinely felt passionate about. That led me to public relations, although the transition wasn’t straightforward. I was 33 at the time and had no direct experience in the industry. After about six months of trying to break in, I was offered a role at a small boutique agency in Fulham. In truth it was closer to an internship than a traditional job, but it gave me the foothold I needed.

From there things gradually began to build. I gravitated towards technology clients and eventually into cybersecurity, which quickly became the area that fascinated me most. I still draw on lessons from what I often call my “past life” in finance. Markets teach you that change rarely arrives in a neat or predictable way. It tends to happen gradually, then suddenly. Cybersecurity often follows the same pattern. Organisations can feel comfortable for years until a single incident exposes the reality of their risk.

That experience also shaped how I think about security culture. I remember watching teams gather rounds desks and work together to complete mandatory “individual” cyber training. If leadership treated it as a tick-box exercise, everyone else did too. If the culture took it seriously, people followed. That is why I am slightly obsessed with the human side of cybersecurity. You can deploy the best technology in the world, but if people are not engaged or accountable, it won’t protect you.

Fast forward ten years and I now lead the cybersecurity practice at Brands2Life, working with companies that are helping organisations build resilience in an increasingly complex digital world.

To set the scene, can you tell us about your current role. What sits within your remit today and what does success look like?

At Brands2Life I lead our cybersecurity practice, which means working with technology and security companies to help them communicate their expertise in a market that is becoming more visible and more scrutinised every year. Cybersecurity companies often sit in an unusual position. The technology is highly technical, yet the implications reach across the whole organisation. Boards care about it. Regulators care about it. Customers increasingly care about it as well.

Part of my role is helping companies articulate what their technology does and why it matters. But the work increasingly extends beyond product messaging. It’s about helping organisations frame broader conversations around risk, resilience, digital trust and increasingly, AI. Success rarely comes down to a single campaign or headline. It shows up when a company becomes a credible voice in industry discussions

How has the role of Communications evolved within your organisation over the past 3–5 years and where are you now influencing decisions before they’re made rather than shaping them after the fact?

One of the biggest shifts over the past few years is when communications is brought into the conversation. In the past, comms teams were often involved towards the end of the process. The strategy had been agreed, the product built, and the question then became how to tell the story. That sequence is changing. Communications is increasingly part of the discussion earlier, sometimes when the strategy itself is still being formed.

Technology companies are operating in an environment where regulatory attention and public scrutiny can influence how decisions are interpreted. Something that begins as a technical decision can quickly become a reputational issue. Because of that, leadership teams want to understand how those decisions will be perceived externally. What narrative does it create? What questions might follow?

When communications is involved early enough, organisations can anticipate those reactions rather than trying to explain them after the fact.

AI is transforming both the tech products we represent and the way we work. How are you balancing speed, experimentation and automation with trust, governance and reputation risk?

At Brands2Life we take a very AI-first approach. People across the business are encouraged to experiment with different platforms and become as proficient as possible with the technology. Personally, I think that has given us an advantage. Many organisations took the opposite route early on and tried to limit how much their teams interacted with these tools.

In communications, AI is already changing the way we work. Research can happen faster and many routine tasks can be handled far more efficiently than before. At the same time, AI is reshaping the cybersecurity landscape itself. It’s not necessarily making threat actors more sophisticated, but it is enabling them to operate at greater speed and volume. Defenders are responding in kind, using automation and machine learning to strengthen detection and response.

I often find myself thinking about the balance between speed and restraint. On one side you have those pushing for an increase in the pace of innovation, which is extraordinary. On the other you have the proponents for regulatory frameworks that introduce forced friction in a bid to ensure the technology is used responsibly. I’m not sure I’ve quite decided which side of that divide I land on yet. What’s clear is that while AI can accelerate many parts of our work, judgement still matters enormously. Particularly in cybersecurity communications, where credibility and trust are difficult to rebuild once they are lost.

 Tech and fintech companies are under constant pressure to scale. How do you balance bold growth narratives with responsible communications particularly in regulated or high-scrutiny environments?

Technology companies naturally want to tell ambitious growth stories. Innovation and scale are central to the way the sector operates. Cybersecurity adds another dimension because the industry deals directly with trust and risk. The companies that communicate most effectively tend to recognise that credibility matters more than volume. Being visible is useful, but being trusted carries far more weight.

In practice this often means focusing less on bold claims and more on demonstrating expertise. Many of the strongest cybersecurity brands position themselves as educators within the market. They help organisations understand the threats they face and how those threats are evolving. That approach resonates particularly well with senior buyers. CISOs and boards are not looking for exaggerated promises. They want partners who understand the complexity of the environment they operate in. When communications reflects that mindset, reputation and growth tend to reinforce each other.

From funding shifts to regulatory change to global uncertainty what’s been your biggest communications leadership test in the past year, and what did it teach you?

If I look at the past year, the biggest leadership challenge has probably been the pressure to deliver more with less. Many companies are navigating tighter budgets and greater scrutiny on spend, and communications is not immune to that. Clients are often being asked to prioritise much more carefully than before. That inevitably flows through to agencies as well. So the real question becomes how you maximise outcomes when time and budget are all constrained. In many ways that has become the job. Not simply executing activity, but helping clients decide what actually matters. Which audiences move the dial. Which messages influence decision makers. Which moments are worth investing in. One of my US clients used to call it “the magic sauce”. The ability to focus effort on the areas that genuinely impact the business rather than spreading energy across everything.

I think the past 12 months have enabled me to be much more adept at my job. It’s made me constantly ask the question “why”. It’s almost like I’ve reverted to a being a five-year-old, but constantly asking why we are doing something has resulted in an approach that has seen us doing much more of what moves the needle, and far less speculatory activity.

Beyond media coverage and engagement metrics, how are you demonstrating real business impact — whether that’s investor confidence, customer acquisition, policy influence or talent attraction?

Measurement can look very different depending on what the client is trying to achieve. Some organisations want coverage numbers above everything else, regardless of whether those mentions come from wire services or smaller outlets. Others are far more focused on targeted placements in specific publications that reach a particular audience.

As an agency we can adapt to either approach. The more important question we often ask is simply “why”. Why do you want coverage in that publication? Who are you actually trying to influence? And does that audience even read it?

Quite often those questions reveal that the objective has not been fully thought through. A national headline might look impressive on paper, but if the decision makers who buy your product never read that publication, its value quickly becomes questionable. For many cybersecurity companies the goal is not visibility alone, but credibility with a very specific group of buyers or policymakers. When communications help shape how those audiences understand risk and resilience, the impact extends well beyond a single article.

What advice would you give the next generation of communications professionals in tech?

Many facets of tech can seem intimidating when you first encounter them. The terminology alone can make the industry feel inaccessible. The good news is that communications professionals do not need to become engineers to contribute meaningfully. Curiosity matters far more. Spend time understanding the broader context. Cybersecurity, for example, sits at the intersection of technology, economics and global politics, and those connections shape many of the conversations organisations are having today.

Listening is also valuable. Attend industry events, read widely, listen to podcasts, pay attention to how practitioners talk about the problems they are trying to solve. Over time patterns begin to emerge. The technical details are important, but the wider discussion usually returns to trust, risk and resilience. Communicators who can bridge the gap between technical expertise and clear explanation will always be valuable in this field.