Cybersecurity marketing is unique. Thousands of marketers are targeting the CISO with products that are virtually indistinguishable, the best of which are the ones customers never have to think about, and their ROI is based on nothing happening. Weird.
On the marketing side, there’s a tremendous amount of noise and lots of competition. Trying to rise above the noise is difficult and compounded by the well-deserved skepticism that CISOs feel toward marketers that promise to cure all their ills by buying just one product.
This makes for an interesting dynamic, and when I was asked to be a guest on the Marketing InSecurity Podcast and the Tech Blog Writer Podcast this week, I wanted to share my perspective on how early stage cybersecurity startups should build their stories to be clear, concise, and honest.
Step One: Focus on the Problem, Not the Solution
Until you have a deep understanding of the problem you’re trying to solve, you’ll never be able to effectively communicate any product to the target customer. Many companies fall victim to “love the product syndrome”, an illness diagnosed when someone feels like their product is so good that anyone who doesn’t buy it is an idiot. I’m a big proponent of vaccination against that illness, and take regular booster shots to avoid it.
The idea is to completely understand the problem in every context:
- Why does the problem exist?
- Why hasn’t it been solved yet?
- How are people addressing the problem today?
- What solutions are out there that claim to solve it?
- What is the impact of dealing with the problem now?
- If a solution came out that objectively solved it, would people buy it?
- What other priorities would the buyer be willing to set aside to solve it?
- Whose problem is it?
- What’s the ROI of solving it?
- What can my team spend time on if they don’t have to waste it on this?
Once you’re an expert on the problem, you can move to the next step.
Step Two: Mastery of the Approach
At this point, forget you have a product. Instead, the idea is to build the approach. Here’s the Axonius example:
Let’s say you want to have a comprehensive, credible asset inventory and you want to understand how every device and user stacks up against your security policies. If you agree with that, let’s take the next step.
You already have plenty of tools that know about assets. You have a bunch of agents, network scanners, the infrastructure itself. It’s not a problem of not being able to collect information, it’s a problem of aggregation and correlation. All the information is there, just in different places without the ability to ask questions, get answers and take action.
If there was a way to simply collect all asset information from all of these tools, you could then correlate that information and see exactly how every asset fits your security policy. And if you could do that, you could also use those same tools to take action when needed.
If you’re able to get buy-in on the approach, then you’re ready to put it all together.
Step Three: Build The Story
Now is the fun part: figuring out how to tell your story in a way that resonates with the target audience. This is when you can start building story lines like “Asset Management: The Toyota Camry of Cybersecurity”. You need to find a way to tell the story in a few sentences, yet you need it to be remembered.
We were featured on Ken Rutsky’s Marketing InSecurity Podcast in an episode entitled From Idea to Product to Scale.
We were also featured on the Tech Blog Writer Podcast hosted by Neil Hughes. In it, we talk about the Axonius approach to building our story and the unpredictable nature of startup life.
Our goal is to help as many security teams on the planet stop wasting time manually trying to understand their assets. We hope we can tell our story in a way that is clear, concise, and honest, and we always want to do it without resorting to FUD.