How Cybersecurity Marketers Can Distinguish Themselves from Attackers | Joseph Carson
The goal is to frictionlessly get security buyers to information in trusted ways so they can self-verify and make wise, educated decisions.
How do we build and develop business and communications skills, foster different ideas that allow us to think about how to be more ethical and innovative, and communicate better with our audience?
How do we get cybersecurity to be a cool industry that people want to be in?
These are questions that Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea, asks himself regularly.
In this episode, I had a brutally honest conversation with Joseph on what motivates him, what his challenges are, what vendors do that piss him off, and the alternatives.
Guest at a Glance
💡 Name: Joseph Carson
💡 What he does: Joseph is the Chief Security Scientist and Advisory CISO at Delinea
💡 Company: Delinea
💡 Noteworthy: Joseph dedicated nearly 11 years of his professional career to Symantec. He’s also the Founder and CEO of Wiretrap, based in Tallinn, Estonia.
💡 Where to find Joseph: LinkedIn
Episode Highlights
🔥 Security is people first. It’s not about the technology.
“Technology will change over time. It's always an enabler for people to be successful in their jobs. What stays the same is the people…and their jobs slightly change and the way we deliver things slightly changes. We have to remember that people are our customers. And we have to make sure everything we do is to help them be successful.
"Security is not the reason why we're here. Security is my skills and expertise and knowledge."
I use that expertise and knowledge to help look at business problems, to help look at how people do their job, and then to embed my cybersecurity skills and knowledge into how to make what they do either operationally or what they do in the process or what they do in their job, better.”
🔥 Balancing time to continuously learn is a challenge for security practitioners to maintain.
“In our industry things change so quickly. if you don't balance off your time into the learning part, you can fall very, very quickly behind.
"I know that I specialize in expertise in some areas, but I know I'm not the expert on everything. So it's also by creating a community around you that you've got peers and people who you can go to, to answer questions."
You don't have to be an expert. That's one of the things is that yes, it's that continuous learning piece, which is very, very hard to maintain.”
🔥 There is always an opportunity for your audience to learn and engage if you provide them with information with context and a point of view.
“I will always learn things. I wouldn't say there's nothing that I couldn't learn or find new.
It really comes down to how they [vendors] explain it to me. In technology, of course, we have our preferred viewpoint and we look at things and sometimes you need to look at it from a different person's angle. If they can provide that type of context to me there's always an opportunity for me to learn.”
🔥 Before you get 10 minutes of your buyer’s time, remove FUD, remove fluff, and clearly explain what you really do.
“We are the target of a lot of marketers in regards to email campaigns. And it gets sometimes really frustrating because you see the same repetitive type of technique and message over and over again:
‘I want to explain how phishing will benefit your security awareness. Can I have 10 minutes of your time to explain this?’
"Before you even get 10 minutes of my time, you want to actually explain to me first what it is you do, and then you will, you know, you have to earn my 10 minutes. I mean, giving me a $50 voucher for whatever to attend? It's not worth my time."
I want to be educated. If you're not going to teach me something in that first email, you're not gonna get my time. That email that you sent will be basically sent into the trash bin. So it’s about knowing your audience and making sure that your message is clear to the audience.”
🔥 Email is not dead. It's just not the only one that's primarily used. It's still heavily used, though.
As marketers, we actually use the same techniques that attackers use and what's important is, how do we distinguish ourselves from the attackers? How do we separate ourselves?
"We have to provide much more trusted sources for ways that they can go and self-verify. Where are the sources coming from? Alternative means of going to the information you're providing."
So, yes, attackers as well use the same techniques as marketers, and that's the fear that many people have is - where's this information coming from and where it's taking us to? Is it malicious?”
🔥 The goal is to frictionlessly get buyers to information in trusted ways so they can make wise and educated decisions.
“The ultimate means is really about providing multiple methods of sources, rather than just providing a link. And if we provide multiple means, yes, we might lose that original source or where they came from to get the information.
"However, at the end of the day, the goal is to get them to the information where they can make educated, wise, smart decisions."
Eventually, at some point in time, they will put that as a trusted source, whether adding it as a contact into their email or into their social media. And then it becomes a trusted source of information because they do see the educational knowledge and value that the business is providing.”
🔥 Validate messaging with your buyers first. It’s harder to retract and change inaccurate messaging released to the market once it’s already out there.
“All companies with marketing teams need to reach out to people that are similar as me that do these, you know, buzzword bingos and really see through the message. They all should have access to people like myself and then get them on the teams, get access to them so that they can test the message before they make it public.
"Because it's harder to retract and change it once it's already out there. I've seen it in the past and I've had to go through and go, ‘oh, why did we put that out there?’ and try to change it and try to modify it."
Sometimes it does slip out, but make sure that the organization reacts and tries to correct it, quickly. It's better to do it beforehand than try to do it afterward. Trust me.”
🔥 Time is the most valuable asset. Let your buyer decide when their time can be used for your resources and assets in the way you serve them information.
“For vendors out there, don't try to waste my time. Try to make me more knowledgeable. Create content that educates me and educates me where I can decide how to use my time. Podcasts are great because it allows me to do multiple tasks.
"The most valuable thing in our world is time. I have a limited amount of time."
I will spend the time to read, listen and think about the medium of how to do that as well. Whether it be an article, about it being a book, or a paper, or a podcast, or something audio or video. Think about the medium in order to deliver that to your audience.”
Subscribe to Audience 1st
Get notified every time an episode drops to better understand your audience and turn them into loyal customers.