Podcast

Peter Jacobs, Lay of the Brand Welcome to Lay of the Brand, where we talk with the experts on tech, marketing, creative and PR to learn what’s new, what’s working and what’s next. I’m Peter Jacobs with Merritt Group. Cyber attacks are no surprise, growing like weeds fueled by new, easily accessible tech, and cyber security providers are responding with a flood of new, more capable tools, but that puts CISOs in a familiar, uncomfortable position: how to sift through all the noise, hype and sales pitches to figure out what will actually work for them, for marketers, the channels to reach those CISOs are shifting as well. So what can you do now to engage security leaders with the right info at the right time. That’s why we’re talking with two cyber marketing experts, Gianna Whitver, co founder and CEO of the cybersecurity marketing society and co host of the breaking through in cybersecurity marketing podcast, and Michelle Schafer, a Merritt Group partner who leads the agency security practice. Thanks for joining us.

Gianna Whitver, Cybersecurity Marketing Society Thank you so much, Peter, so honored to be on. 

Peter Jacobs  Gianna, you’re a marketing advisor to cybersecurity companies, and you head up an industry group made up of cyber marketers. So what are you hearing? Are the top challenges marketers are dealing with today? 

Gianna Whitver  A couple of the same challenges we’ve had for a while, a couple of new ones. So breaking through the noise, being different, standing out, has been the perennial marketing and cyber challenge for companies that are trying to break through this intense amount of competition, of sameness, of saying the same thing. We’re also experiencing in the last year or so, some channel decline. So as channels become more and more saturated, they they work less. So what channels are working as a huge conversation topic as well in the industry right now,

Peter Jacobs  Michelle, are you seeing the same kinds of challenges that Gianna is talking about?

Michelle Schafer, Merritt Group  We are. We get asked a lot to help companies figure out their story, their message. I spend a lot of time really thinking about how we can differentiate our client stories and narratives when the market is completely crowded, and it is an echo chamber in cyber and we see that every time we go to events at RSA and black hat, you look booth to booth, and everybody’s got the same message. And obviously, right now we’re all hyped on AI. What will it be next year? It just it goes in cycles. So I think as marketers, we really have to figure out that unique story, and that’s what I love, that’s what I’m passionate about.

Peter Jacobs  That’s really the big thing, isn’t it? Differentiation, and this is the perennial issue for marketers, is, how do we say the things that the market needs to hear without sounding like everybody else. So where does a marketer find that different angle? What do they need to look at? 

Gianna Whitver  What’s interesting being in this industry and coming from a different industry a while ago, when you when you enter this industry, you have different audiences that you’re selling your product to. If you’re doing an enterprise motion, you’re selling to the less technical security buyer, and then you’re selling to the super technical security buyer. And that puts marketers in a bind in some way. If you have one message, how are you going to wrap up everything you need to say about what your product does and how you help companies without it either weighing too far to one side, not technical enough, too fluffy, too much BS, as they say, as we get lobbed that, or too technical, which is too many buzz words, too much tech jargon. Nobody understands what it actually does. You just spit a lot of words, and you add the word Kubernetes in, right? So there’s this fine line, and it’s a very fine line. I think, I think a lot of marketers in our industry, even the season, season, season, CMOs, who have done this for years, who have sold multiple companies, who have been involved in very big successes, all say it’s difficult and it’s a fine line to walk.

Peter Jacobs  Michelle, you and I have talked about storytelling a lot, and that’s the toughest part, isn’t it, finding the story that’s going to resonate.

Michelle Schafer   It really is. And yes, it’s diving into those buyer personas, understanding how to really talk to that audience, whether it’s the CISO or the SOC analyst, and spending a lot of time there. But what’s interesting is, we’re having a lot of startups come to us and say, Look, we want to create a whole new market. We want to play bigger. Obviously, they’ve read the book, and they’re really trying to, you know, create something new and unique in order to stand out. And then you go talk to the industry analyst over at, you know, Gartner, Forrester, or Omdia, and, you know, they’re confused, because they’re trying to always put these companies in a segment of the market, and they bucket them in. And so it’s kind of nice when the analysts can validate, look you belong in a certain market. This is why, and I think it really helps as we go through these messaging and storyline creations with our clients, to bring in those analysts pretty early on. On to get them to sort of test the message out. And I think it works really nicely to kind of help the marketers see and hear from a third party perspective, know where they need to be in the market and why they are in a certain market. 

Peter Jacobs  Well, let’s talk about that, how CISOs and SOC analysts and all of the decision makers and their influencers are getting their information. What sources do they trust the most? And has that changed over the past year or so? 

Michelle Schafer   I do have a connection of CISO friends. And Merritt Group has done surveys of CISOs about, you know, who do they trust? Where do they get their information? Where do they like to go? And the truth of the matter is, they trust each other, and they have Slack channels, and they’re talking all the time. And when it comes time for a kind of vendor bid and trying to shortlist who they’re going to bring in when they need to change a technology, they just ask their friends, and that’s how they come up with the list. Now, they do look at the Gartner magic quadrants, they do their research, but really, when it comes to those decisions, it’s trusting each other, and they have really great networks. They go to a lot of small, private events. They have these interesting conversations with each other about this very thing, trying to figure out what all this noise is in the market and how they can cut through it and really get what they need when it comes to the technologies.   

Peter Jacobs  Gianna?

Gianna Whitver  I’d agree with that the rise of community and small shared spaces that are private and exclusive has grown, and just like the cybersecurity marketing society, has a community that only marketers in cyber can get into. There’s a lot of Discords, Telegrams, Slacks that exist for security professionals, that involve a lot of talk about vendors that we don’t get to hear. 

Peter Jacobs  Let’s talk more about events. What kind of events are CISOs looking for, and how do they play into fostering this kind of communication? Are they becoming popular? 

Gianna Whitver  Again, especially in person, the professionals in security, the CISOs, etc, are going to, like Michelle said, these high class, sort of smaller, more curated events, we still hear great things about the classics, the advances of the world, et cetera. You might have heard no CISOs go to RSA. I don’t think that’s true. They might not stop by your booth, but they are at RSA. So events are still something that matters to to professionals in the industry and even to leadership in the industry. There’s also a lot of curated dinners, of curated sort of exclusive activities and activations that happen that are geared towards the higher level security buyer that people go to. 

Michelle Schafer  I would absolutely agree with that. I think these smaller, more intimate dinners and events that they go to really allow them to have good conversations, but a lot of them are under Chatham House rules so they can speak freely about the challenges they’re having their environments. You know, nobody’s recording them. No media are there. This is an important avenue for them to really connect with each other. And I do think, you know, I’ve heard from CISOs before that at RSA and black hat, they want to go where the new innovations are. So they’re heading down to innovation sandbox, to startup city. They actually enjoy talking with some of these newer companies and newer innovations more than going on the big show floor where it’s loud and noisy, and yes, anybody can get a free T shirt. I think they’re really looking at what is the next cutting edge technology that they need to be thinking about and putting in their environment.

Peter Jacobs  Are CISOs and other security decision makers going out and seeking out information beyond the channels that you’ve talked about? Are they going online? Are they reading white papers? Are they listening to podcasts and attending webinars. Where are they getting their information from?

Gianna Whitver  I definitely think podcasts are in the mix there. I do think webinars depending on the topic, right? I think, I think it’s a catch on 22 in a way, because if you write the Verizon DBIR, which is like a white paper, essentially, it’s a big research report with a lot of words, and it’s huge. It’s like, what, over 40 pages, I don’t remember, but I’ve got it in my downloads box somewhere. If you read something of that quality and that caliber, maybe, maybe a CISO will read your white paper. But if you’re just charting out, you know, content for content sake, highly unlikely. That said in defense of white papers — which is a funny thing to say out loud — in defense of white papers, one good thing they do provide to marketers is some sort of signal. So even if nobody ever reads your white paper, if they’ve downloaded it, at least you get a little, a little glimpse into what interests that company, right? Hey, if the CISO of X downloads your white paper on like, EDR, or, you know, app sec, it’s like, Well, hey, maybe they are interested in the content around that topic, even if I know they never actually read it. Right? So I’ll say that.

Michelle Schafer  And I can chime in here too, from our reports that we’ve done, look the CISOs do still read, you know, Bloomberg, Wall Street Journal, you know, some of them have Squawk Box on every morning and they’re looking at the market. And then some of them still like the technical journals, you know, the SC magazines, or the Dark Readings of the world. I do think, though, that Twitter’s out, people don’t trust it as a social platform. It’s really tough right now with everything that’s changing on Twitter, but LinkedIn has become the source of trust. I think for a lot of folks, I mean, news is flying. A lot of networks are being made, relationships are happening on LinkedIn, and I think that’s just been a great platform for the cybersecurity community as a whole, but I do think CISOs really like and trust a lot of the information coming from their friends on LinkedIn. 

Peter Jacobs  That’s really interesting, that a business oriented social network is the place that is growing and is reaching the kinds of people that we want to talk to. Is there an aspect of it that CISOs also have the need to explain what it is that they’re doing to the rest of the C suite? So they’re looking for information that they can bring to the CEO, the CFO, the COO to say, here’s why we need to do this, and we need to do it now. And by the way, I need some budget, 

Gianna Whitver  Yes, and that is something that vendors are especially well equipped to provide to CISOs, if I could say that.

Peter Jacobs  Michelle, is that something that you would recommend? 

Michelle Schafer  I do.I still think to Gianna’s point, there is, you know, a need for them to get information from these vendors and the white papers, the webinars, you know, wherever they can grab it quickly. I do think they like demos. And the video format has become very big for that, because people want to digest information quickly. You know, we are in this short form content world. So I feel like if a vendor has a really well done video demo, video explainer of their technology on their website. It’s easy for them to really digest it and say, Hey, this is for me, or it’s not. So I think video has really become important in that quick understanding of these in depth technologies.

Peter Jacobs  That really helps make it real for people when you can actually see the thing in action, it helps really explain the “what.” How about explaining the “why?” Where does that come from?

Michelle Schafer  I mean, I think that’s where, if you can get the interest from a video, you go to the next step, and you have that conversation. You talk to the vendor, you know, you really want to see it hands on. And maybe you go to an event and you, you know, really kind of get that opportunity to interact with the technology and see how it could fit into your environment. And I think for CISOs, they have to have that, you know, feeling of comfort before they even carry on to any future conversations. And CISOs also get information from the people in the day to day in the thick of it. So that is your you know, IT managers, your security manager, your SOC analyst. They’re looking to their teams right below them to recommend these products and solutions. And those are the folks that are getting their hands dirty and the kind of the technology itself.

Peter Jacobs  And that’s an excellent segue. There are influencers within the organization, there’s also a big growth in influencer marketing, and of course, we see that across B to C, but in B to B as well, there’s a lot of interest and a lot of success with influencer marketing. How does influencer marketing fit into this discussion when we’re talking about something that is so highly technical and also that can be so vital to the success of an organization. 

Gianna Whitver  Security purchases are trust buys, right? You have to really trust the solution is going to do what it says it’s going to do. You have to trust the company is reputable. If it’s a startup, you have to trust that they’ll be around in a couple years for the renewal. And one thing that security influencers and influencer marketers in general bring is authenticity, which breeds trust, right? These are authentic folks. They’re real people. It’s not a company, it’s not a corporate, it’s someone you know, maybe, or, quote, unquote, no, because you’ve been following them on social media, hopefully you like and respect their opinions, and that sort of flows down to the products that they’re helping promote.

Peter Jacobs  So Michelle, how should a cyber marketer look at developing an influencer marketing strategy? 

Michelle Schafer  So I do think traditional PR is evolving into influencer relations. Sure, there’s always going to be a need to get that earned media, but we are seeing, you know, the newsroom shrinking. I think that it is getting more difficult, and there’s a lot of paid media opportunities out there. And those are, those are great too, but I think influencer relations is really starting to take hold and take off. And I think it’s because of what Gianna said. It’s about that trust, that authenticity and that credibility, and it’s a way to lift a brand using an influencer. You know, there’s a lot of folks in the cyber market that are kind of the who’s who, that have built decades of credibility, and people follow them. They trust whatever they say on social media, and they want to interact with them. And so being able to leverage these influencers is just a great way to kind of have a shortcut right in your buying process. If you see an influencer, and maybe it is a top CISO, somebody in the market that you know, again, is well known, well recognized. I do think that, you know, that gives you that “pause moment” where you can say, “Oh, wait, this influencer is speaking about this company and this technology. Maybe I do need to take that call. Maybe I do need to have that demonstration of that product.” I do think it is a way to kind of cut out some of that research and longer buying cycle before you get to that decision. And I’m not saying that you have to disregard all of that. I still think, you know, any CISO has to make a very informed decision when they are switching out technologies or adding something new into the stack. I just think influencers can really help fast track it a little bit more.

Gianna Whitver  I think they cut through that perennial noise that we were talking about earlier, too. Since they have such a strong voice and big following.

Peter Jacobs  This goes back to where we started, which is the differentiation aspect. An influencer, if they are well known, well respected and can provide that authentic voice, can help clear out the clutter, because they’re going to say, all right, don’t worry about the hype stuff. This is what you really need to focus on. And that’s really what any buyer in any market wants to hear. They don’t want to be sold to. They want to be shown how this service, this product, whatever this technology is, can help us solve the problem? Do marketers spend enough time talking about solving the problem, as opposed to, here’s what the thing does?

Michelle Schafer   I think it’s a balance, right? You have to be able to talk about your company and your technology, but you have to be also an authority in your market, and that that thought leadership, and I hate kind of using that term, because I know it’s overused, but that thought leadership builds influence. It builds that credibility, that you know the market, that you know your stuff, and it talks about the challenges that your product solves. And that’s where PR and marketing comes in, and we develop a lot of great content around the challenges in the market, right? Whether it’s, you know, the latest nation state attacks, ransomware, the latest threat, you know, being able to build things like threat reports, having webinars on these topics, it’s really about sharing your knowledge across the industry. And I think that can really be the way to go to be beneficial. And again, you can’t forget about your product, but you’ve got to really be helping others out and being that source of education.

Gianna Whitver  Michelle nailed it, if you can be helpful and relevant, and if people read your content, watch your webinars, read your articles, whatever you’re producing. If they read it and they and they’re like, great, I would read more. And thank you, then I think you’re doing a good job.

Peter Jacobs  All right, it’s prediction time. What’s next for cyber marketing? The top issues, the top opportunities. What do we see coming down the pike that cyber marketers and PR pros can take advantage of? 

Gianna Whitver  I think video is huge. Short form video is underutilized in the industry. Still, I know we as an industry have an aversion to Tiktok but that doesn’t stop the tiktokification of everything else. So short form video will be big, and it’s already big now, and I think more companies will start using it in 2025 and I think there’s a huge opportunity for fun, enablement of channel partners, of customers, of prospects during the sales journey that we can start doing using short form video, and I’m excited to see the innovative sort of media forward companies start using it and setting the standard for the rest of the industry.

Peter Jacobs  Is that something you’d like to see more of, that the information should be more fun?

Gianna Whitver  Yeah. I mean, it’s stressful. It’s a stressful industry. Why don’t we as marketers bring a little little fun to it? Make people smile, make people laugh. I think that builds one it’s good for the audience. Because, hey, there’s a lot of security professionals who want to quit, and we don’t want them to. We need them. And then two, I mean, if your brand is something that people look forward to seeing your logo, and they have a nice feeling, an emotional connection to your brand, it’s good for your company, too.

Peter Jacobs  What do you see, Michelle?

Michelle Schafer  I like the idea of getting more creative, more fun, like Gianna said, because it is a very high pressured environment for security professionals. And I feel like the companies that are being creative embracing new things, using influencers, and this harkens back years ago, when Axonius was using the Olympic star, Simone Biles, for their marketing campaigns. I thought it was fun and it was memorable. And, you know, I think that marketers just need to be thinking about where the industry is going. And I think tapping into these influencers can be really great, because a lot of them are creators, and they have new ideas. And I think it’s important if you do engage with them, make sure you’re listening to that influencer, and make sure it’s a two way street that you are coming up with a really fun, creative marketing campaign with them, because they do think they can bring a lot to, you know, an industry that traditionally has been very kind of straightforward. We’ve been using the same marketing tactics for years with the white papers, the webinars. So I think we should be embracing new forms of content and creativity.

Peter Jacobs  Gianna, you lead the Cybersecurity Marketing Society, and of course, part of your mission is to make sure that marketers can learn from each other

Gianna Whitver  Exactly, and that’s the heart of our community. The Cybersecurity Marketing Society was founded by myself and my co founder, Maria Velasquez, because we wanted to share and learn from each other. We were at different security companies, and we were talking about the events and the personas and what was working in the market. And eventually got 10 other friends together with us in a Slack group. And now, every day, 3500 marketers from 1000 security companies share with each other about what’s working what isn’t in the industry. 

Peter Jacobs  And one of those things you’re doing to bring people together is an event for cyber marketers, right? 

Gianna Whitver  Absolutely. So what’s coming up is Cyber Marketing Con, December 8 through 11 in Philadelphia, Pennsylvania, as a live stream and replay around the globe. It is a conference all about marketing in the cybersecurity industry. So if you are on the go to market team of a security company or a large company that happens to also market security services or products, then this is a conference that you should consider attending. We’re going to have amazing speakers, from Palo Alto Networks, from Pantera, from Human Security, from companies, both big and small, security products and services, plus plenty and plenty and plenty of curated networking partnership opportunities and tracks for every category of marketing, from influencer and brand, and comes all the way to executive topics geared towards the CMO and towards company strategy.

Peter Jacobs  I’ve been talking with Gianna Whitver of the Cybersecurity Marketing Society and Merritt Group’s Michelle Schafer. Thank you both for being here. This was great. 

Gianna Whitver  Thanks, Peter 

Peter Jacobs  And thank you for joining us. Lay of the brand is brought to you by Merritt Group, an integrated strategic communications firm that blends the best of PR, marketing and creative to help our clients tell their stories and build business. Got a topic suggestion or want to share feedback, subscribe to Lay of the Brand on your preferred podcast platform and leave us a review, and please spread the word and tell your friends and colleagues to tune in as well. To learn more about Merritt Group and the show, check out layofthebrand.com.