In Cyber Security Marketing, You Are the Threat.

This blog was written by Clark Barron, Demand Generation Manager at Nisos.  He discussed this during his episode at the Breaking Through in Cybersecurity Marketing Podcast.

Cyber security marketing sucks.

There, I said it.

And no, I’m not talking about being a marketer in this industry. I actually love this industry. I’m talking about the actual methods, strategy, and content being employed by marketers in this industry.

It’s tone deaf, it lacks personality, and it’s full of marketers that are quickly becoming the new generation of cell-phone-belt-holster-wearing-try-hards on LinkedIn that think their email marketing automation qualifies as artificial intelligence.

I’m here to fix that, and I promise we’ll get through this together.

But yeah — buckle up.

Let me guess. You probably came into this industry from an agency or some other industry where your CRM was full of MQL’s, your BDR’s loved you, your pipeline was growing, you didn’t have to prove you and your team deserve to be there, and your mother didn’t ask why you kept getting more tattoos because you’re a good Southern boy that shouldn’t ruin what the good Lord gave you.

You know, Magical Christmas Land.

So, you took a job as a marketer in cyber security, and at the end of your 90 day plan, you’re staring at the following:

• A white paper with 1,000 downloads and zero qualified leads
• An email marketing unsub list that is outpacing your “lead” list (insert audible, deliberate scoff)
• Absolutely zero value whatsoever added to the pipe
• An executive who’s tone of voice has magically changed to a tad bit “urgent”, as it were.
• A Google search history that includes “BetterHelp App Discount Code 2022” and “How to start an Etsy store”.

Yeah, I get it. This shit is hard.

However, before you cash in your 401k to convert a Mercedes Sprinter van into a camper set forth in abandoning all humankind, let me take you through the main reason most all marketing in cyber security sucks and what you can do to suck less.

When I say that marketers in cyber security are playing on hard mode, I mean it.

Out of every single industry on the planet, cyber security can be one of the most difficult spaces to market in. Those brave, naïve souls that come into cyber security have no idea what they’re in for, and it takes no time at all for them to be wonder why their tried and true tactics simply don’t work.

There is one single explanation that 99% of marketers in cyber security haven’t realized yet—

The only difference in a marketing campaign and a cyber attack is that one of them is legal.

That’s it.

Thanks for coming to my TEDTalk.

Yes, of course there’s more to it. Let’s break this down and explore why you are actually the threat actor to your buyer, whether either of you realize it or not. And, we don’t even have to dive into the technical specifics of each stage of a cyber attack to see why we’re the threat.

First, let’s go over the high level architecture of a cyber attack, step by step:

1. Recon —What hackers do when they’re trying to learn everything they can about their potential target.
2. Weaponize — This is the point where they develop the methods in which to infect their target.
3. Deliver — How a hacker gets the payload to the target
4. Exploit —Finding which vulnerabilities are best suited to aid in delivery and then, well…exploiting them.
5. Install — Once a hacker’s target has taken the bait, the attacker has to establish a greater foothold on the target.
6. Control — Establish complete control over the connection and own the relationship.
7. Maintain —Once it’s working, keep them on the hook. Look for more opportunities to stay relevant.

So, what does this tell us?

First, it points out a few glaring difficulties that marketers have in this industry. I say glaring because some of you may not have caught on yet (you will), which is understandable. Let’s continue.

Now that we know what a cyber attack actually looks like, let me ask you a few questions about your marketing efforts.

1. When you enter a new industry, what’s the first thing you need to understand as a marketer?

Answer: Your audience. You may call it persona building. Hackers call it — Recon. (lightbulbs going off yet?)

2. Once you know your audience pretty well, what’s the best way to attract their attention?

Answer: Develop relevant content. AKA — Weaponize

3. Now that you have your product and your content ready, what’s the best way to navigate getting that in front of your audience?

Answer: Have a fully developed go-to-market (GTM) strategy — Delivery.

4. But wait… how exactly did we know what content to develop that would get their attention?

Answer: Pain Points.

However, what we’re actually doing is finding their vulnerabilities and — Exploiting them.

5. Once you’ve gotten your audience’s attention, what’s an efficient and relatively effective way to keep feeding them content?

Answer: Marketing Automation.

Streamline your process and — Install.

6. The tricky thing about buyers is that they’re evasive. Just because you caught them in one place doesn’t mean they’re going to stay there forever. So, what do you do?

Answer: Retargeting.

You need know exactly where they are and what they’re doing at all times. Otherwise, how will you exploit them — Control.

7. You’re now controlling everything. You know everything about them. They can’t hide from you anymore (or at least that’s what you think…), and you’re never letting them out of your sight again.

So, how do you make sure you never let them off the hook?

Answer: Nurture.

It sounds completely innocent when we use that word, doesn’t it? Leave it to marketers to label this rather psychotic and toxic behavior as something that sounds so innocuous.

But, of course you guessed it again — Maintain.

Ok, take a breath, and let’s go over what all this means.

The point is this — the reason your marketing isn’t working is because your audience is comprised of world class experts in defending against exactly the type of “attack” you’re trying to deploy.

And, marketers in cyber security have been running the same exploits against vulnerabilities that have been patched for 20 years.

In this industry you are going to be chasing down your target audience exactly like a hacker would. You also have to do this all while your audience knows not only exactly what you’re doing, but how to stop you in the most effective way possible.

If you want to stay relevant, you have only one option…

Find a new exploit.

Finding a new exploit

As of the writing of this, there’s an article making its way around LinkedIn called CISO Manifesto: Rules for vendors — 2022 Edition

If the fact that an article like this was even written isn’t a “holy shit” moment for you, then nothing will be. However, It’s not like things like this are new. There are countless blogs, videos, and podcasts that are solely dedicated to trying to improve the strained relationship between cyber security marketers and CISO’s — helping marketers actually understand the people they’re trying to reach.

If you want to be armed to the teeth with insights that will put you on the map, I suggest you listen to Audience 1st by Dani Woolf.

If you want to learn about new ways that challenge the marketing ways of old, dive into demand gen marketing — check out Chris Walker and Refine Labs.

While we’re at it, here’s a secret — If you’re looking to learn from the best group of marketers in cyber security today, join the Cyber Security Marketing Society.

You will not find a more helpful, supportive, and especially resourceful group of marketers on the planet.

Join the community, get in the discord, and watch the podcast.

There may even be a chance you’ll see my dumb face.

Now.

Look, it’s ok as a marketer to not know what to do sometimes.

There are way too many useless acronyms, too many arguments about what the hell an MQL actually is, and too many empty pipelines out there wide enough for a Ninja Turtle to skateboard through.

But — this is why we have leaders, mentors, communities, and resources available to us that help us navigate murky waters.

It’s not ok, however, to fail to educate yourself, change your perspective, and respect the people you’re trying to market to.

At that point, you’re just a criminal.