Want commercial success in infosec? Stop doing marketing! (like everyone else)
Updated Jan 2023
I have a long-term plan based on my love for the community: I want to convince companies that it pays off to support it. And in those (few) cases where management understands, I want to help them out. Or rather, I want to help out their existing marketing department understand the community, people in it and how to target these in the most effective way.
This article is meant as a submission to the debate, primarily with infosec marketeers - but obviously anyone is free to read along. If you have any questions or comments feel free to get in touch.Disclaimer: In this article I will be talking about the infosec community as a uniform organism and as if only one infosec community exist. This is a huge simplification made for the sake of argument.
So, you’re an infosec marketeer? Funny enough I never thought I would want to be that. I come from a technical background in infosec and have always had a strange relationship with the more commercial side of infosec. Most important of all I never thought of marketing to be particularly interesting or relevant. And yet, here we are where I am writing an article about just that.
The thing is that marketing comes in many shapes and sizes. Sure enough, the more traditional side of marketing never seemed interesting to me. But then I learned about community-focused content marketing.
If you’ve never heard of that term before, there’s a logical reason. I made up when I learned that content marketing in infosec can have several expressions.
How it started
I’m getting a bit ahead of myself here. I want to start with how I got engaged with the infosec community back when I started in Infosec: I started arranging OWASP meetings in my local chapter. I am not really sure why I started. It somehow seemed natural, I guess – but I know why I kept doing it: I love to arrange cool talks, to gather people, to see the happiness in their eyes when they’ve learned something new or met someone interesting. I love to help people in the community in general. It gives me a huge satisfaction. So, when I had the chance to help getting the non-profit infosec conference Security BSides to Copenhagen there was no doubt in my mind that I just had to be part of that.
So, imagine my joy when I eventually realized that it is possible to combine my extensive background in infosec with my love for the community into a real profession – and calling it something as exotic (at least for me) as ‘marketing’.
It’s all about the community
One thing I’ve learned through the years, by being an active part of it, is that the infosec community holds a tremendous power. And spending the last 1? year in my first marketing position as head of community in a rising FOSS project only supports this: The community decides which companies and people are hot or not, who provides a great service and which companies it’s cool to work at. And that can – to some degree – be manipulated via content marketing.
As the name suggests, content marketing is about content. It’s nothing new and not unique to infosec. How strange it may sound it’s not about converting customers, generating leads, or even making sales. What it is about, though, is creating familiarity, likability, and trust towards your brand – and doing it whilst genuinely wanting to support the infosec community.
The thing with the infosec community is that in general it wants to help those who cares about it. And if your marketing strategy is to love the community, it will love you back by telling everybody how great your products are, how competent your specialists are and what a great place to work your company is. Or to put it another way:
When people trust your content and associate you as an expert, you effectively eliminate your competition.
In a market where it’s hard to sell goods and services and even harder to get qualified employees this is solid gold.
领英推荐
What is this content you keep talking about?
In its basic form content is anything which immediately provides value to the community. And when you base your marketing strategy on it, needless to say, it should be produced in a consistently high quality so the infosec community over time recognizes content from you of being of great value.
Content can be:
Or, since the community appreciates companies having an edge, so to speak, content can also be
Basically, anything that can turn on the inner infosec geek in your target group. And related to this I can’t emphasize enough how important it is to have a culture where people get ‘stupid ideas’ and management dares to follow up. ‘Stupid ideas’ in this context are ideas that potentially are so fundamentally different from everything else that it might be either ludicrous or pure genius. If they work, you get to harvest it. And honestly, what’s the worst thing that could happen if it fails??
I can not thank Jason Blanchard from Black Hills Information Security (https://www.blackhillsinfosec.com/ ) enough here.?
He has been a huge inspiration and help for me to discover this, finding out that I wanted to do it – and how I could make it my own thing. This is especially true now that I’ve started a consultancy business helping companies and their existing marketeers to get started doing this. Thanks, Jason!
Back In the beginning of my journey into this, Jason pointed me to a workshop he had with Jon Barnes called “Infosec Marketing in 2021: Hacking the New Normal”. It has talks on overview of content, strategy and examples on how to create great content. I highly encourage you to watch it if you’re interested in this. Find it at https://www.youtube.com/watch?v=IkQNNsq8faI .
Infosec marketing is not for everyone!
There’s a catch here. Of course, there is: This is hard. Really hard. Especially if you have no experience in infosec and don’t know your way around the infosec community. To master that takes time and effort.
It’s hard to create content. Or rather, it isn’t – if you know what content that would turn an infosec geek on. And knowing that actually is the hard part if you don’t have infosec geekiness as part of your DNA. And in my experience that is a rare thing among marketeers.
The more you know about infosec and geek culture, the better you would be as a content producer/editor here. But all that isn’t worth much if you don’t have communication skills and has this hunch about what would be a good talk or how this or that blog article should be angled to catch the attention of your audience. So, in other words: This is neither all marketing nor all infosec. This is both. And people who master both are a rare breed.
Going for community-focused content marketing is a long-term strategy. When attacking the infosec community – or any community – it takes time before you get any notable result. The good part about that is that once you succeed, that reputation will stay within the community for good (well, almost).
Good luck!
Reducing cyber risk | CEO at Seculyze
1 年Awesome! I think you are hitting something important that is happening that I also feel. Marketing, Sales and Product are changing. When I close my eyes, Sales is the slick guy with pointy shoes driving a Porsche, Marketing are sending millions of standard mails and Product wears an old Star Wars t-shirt. Just making a point :) Areas are evolving, maturing, and have to reinvent themselves to stay on top of the curve. Product-Led-Growth (PLG) is surfacing making MQL and SQL inferior to PQL. The market evolves product and business through feedback. Maybe a type of "new wave marketing". Finding your Ideal Customer Profile (ICP) is much more important than revenue from any customer or then SoMe traction, because it is through ICPs you will grow your business on the global market. I btw love that you write about relations. That is a topic we have talk about when we meet next time. Good work on the article
Building security products that fit into the real world and solve real issues | Cybersecurity evangelist, former Gartner analyst
3 年I'll point to this post when people ask me about my job :-) Great stuff!
Marketing Strategy x Personal Branding
3 年Great read and appreciate the shout out! I think making a case for any marketing investment requires answering the "how do I measure results" question as well as bringing technician insights to bear that the C suite trusts- aka the sandwich approach. Support from the "doers" in the weeds of the work and openness from the C suite at the top who trusts their opinion. Align these stars, make it something that doesn't come across as a "forever" commitment, and be sure you bring the answer to the measurement question and you're in a good position to pitch it! Great write up-
Cybersecurity Content Marketing
3 年Totally agree. Marketing isn't about pointing readers in a direction and saying, "Buy our product or X will happen". It's about building relationships, trust, understanding the day-to-day role of those who work in the trenches. Cultivating relationships is how marketing should be done. You clearly understand that Klaus A., so you'll be a huge asset to the first company that snaps you up. Good luck!
Identity governance innovator and philospher
3 年So fricking spot on! Wauw!