Getting to Success with Cybersecurity Content Marketing

Content marketing, while never easy, has tended to work if you follow best practices like explaining how your solution uniquely addresses your prospect’s pain points. It’s not so simple, however, to adopt these practices with cybersecurity products. Defining your category, along with your audience and its challenges, can feel like being sent into a round room and being told to stand in the corner.

Defining your category, along with your audience and its challenges, can feel like being sent into a round room and being told to stand in the corner.

This article offers some thoughts on effective content marketing tactics for cybersecurity marketers. I arrived at these insights after spending the last decade writing marketing content for some of the world’s largest security vendors and numerous cybersecurity startups. Additionally, in the last few years, I’ve been called upon to help multi-billion-dollar enterprise tech companies figure out their cybersecurity messaging. These engagements showed me how confusing the cyber content marketing process can be, even for veteran tech marketing professionals.

Context: Dealing with a crowded, noisy marketplace

While holding prospects’ attention in a competitive field always feels like striking a match in the middle of a hurricane, the problem is particularly acute in cybersecurity. The vast sector comprises thousands of vendors, each pushing for a piece of a market that is projected to grow from $197 billion to $478 billion in this decade alone. Tens of billions in venture money have flowed into cybersecurity, as well, though that trend is now slowing.

While holding prospects’ attention in a competitive field always feels like striking a match in the middle of a hurricane, the problem is particularly acute in cybersecurity.

Startups are attempting to elbow their way past established players. At the same time, high-profile hacks are prompting aggressive vendors to tout questionable solutions to panicked customers. It’s tempting to shout about your offering to be heard over the din, but that’s probably not the best approach.

Who are you talking to, and what do they really care about?

Traditional enterprise content marketing involves speaking to a “buying committee.” As long as you have six hands and three mouths, you’re fine. If you’re selling a storage product, for instance, the buying committee comprises stakeholders from the IT management, storage management, security, and finance departments. You can usually differentiate the decision makers from the influencers.

The cybersecurity buying group resembles its enterprise cousin, but with some notable deviations. Security buyers tend to come from multiple, loosely aligned departments. The decision makers and influencers can be a lot harder to spot. The CISO may not be the decision maker, even if she is the most senior person on the buying committee. This might be the case because the solution in question will come out of the IT operations or network operations budget, even if it’s meant to solve a security problem. It’s critical to understand this distinction.

Consider the following true story: The security team at a global financial firm scanned its infrastructure and found 200,000 security vulnerabilities. They turned to IT Ops and said, “Great news! You can go fix these now…You’re welcome.”

They turned to IT Ops and said, “Great news! You can go fix these now…You’re welcome.”

The result was a multi-year, multi-million-dollar project that likely involved many inter-departmental team building exercises and beaucoup kum ba yah moments. Get your hankies out. But, seriously, guess who had to pay for that? Guess who had to buy tooling to get the job done? It wasn’t the CISO.

Are you a solution, a fad, or a security feature?

The question, “What does your solution actually do?” comes up routinely in discussions with sales prospects. Buyers ask that because brand-friendly messages like “We’re an agile cloud platform that unleashes digital transformation” sound good to marketers but frustrate working professionals tasked with solving real-world problems. Cybersecurity amplifies this dynamic because it can be difficult to meaningfully categorize your product.

At issue is the fact that cybersecurity comprises several major categories of technology. There is no such thing as a “cybersecurity solution.” Rather, we have email security, network security, identity and access management (IAM), and so forth. The best practice is to create content that situates your solution in a well-established category and branches out from there. You could be an email security solution with uniquely effective encryption in transit, for example. Content formed on this basis helps orient prospect as to where you fit in a chaotic marketplace. If you want to define your own category in the spirit of differentiation, you will likely confuse prospects and lose mindshare.

A further complicating factor is the prevalence of new paradigms, which may or may not be categories. The secure access service edge (SASE), for example, while transplendently wonderful, is wreaking havoc on the content marketing process. SASE solutions are almost always multi-vendor, spanning several distinct categories of security and network operations. As of now, few buyers are looking for a complete SASE solution. Most are looking at adding a SASE component, such as a cloud access security broker (CASB), to their existing security and NetOps stacks—with the goal of building their own SASE on their own terms.

It’s easy to fall into the trap of messaging around a hyped-up fad. (Talking to you, Zero Trust.)

It’s easy to fall into the trap of messaging around a hyped-up fad. (Talking to you, Zero Trust.) Bandwagons don’t make for effective content marketing, however, especially because security buyers are allergic to hype and fluff. My suggestion is to position your solution in its own, well understood category and develop messaging that describes its relevance to the new paradigm.

Then, there is the risk of identifying yourself as a security solution when you are, in fact, a security feature. Let’s say you offer a storage solution with great access controls. It may not work to market yourself as a security solution, even if you provide strong security in storage. Having a dialogue with your existing customers can help you tease this out. In general, though, if you are not known as a security vendor, it’s probably best to showcase your security chops in your IT category rather than attempt a pivot to the security sector.

Conclusion

It is possible to create effective content that propels a cybersecurity prospect down the buying decision funnel. Getting there involves doing some deep thinking, and possibly some market research, about what your solution actually does, who will be interested in it, and why. This may sound obvious, but I mention it because I’ve worked with a lot of smart, experienced tech marketers who regularly struggle with these questions. It’s best to stay focused on current realities versus future visions and market hype. Cybersecurity content marketing that stays rooted in the real world will almost always perform the best.