n my career, I’ve observed with horror security dismissed as “those techies in the basement” and something for projects to work around. The policing image that’s so prevalent of us constantly makes me cringe and I hate nothing more at a party when people ask what I do and hear their immediate response as “oh, you’re the one who deals with viruses and worms." Ugh! (Note to self: find a more glamorous title to talk about at parties).
Happily this image slowly but surely is going away as security moves onwards and upwards in organisations. And what if we, as security professionals, can do our bit in changing this image within the organisations that we serve? What if we actually wake up and start running security as a business? And what business runs successfully without marketing of its products and communication skills?
Look at our security vendors - they work very hard to define and create their product and services and to sell them to us. And all other things being equal, we generally prefer to do business with people that we get along with and who provide us with great service. We cannot dismiss the importance of strong communications.
So why do we shy away from words such as marketing and communications in security? Why are there so few (if any) “security communications managers” in internal security teams? As I discuss in my report, there are methodologies that can be used to create effective and inclusive communications and marketing activities - we just need to start. The marketing of security is a journey - not a miracle.
It saddens me that many security professionals have a negative and oversimplified view of marketing. They view marketing as boasting or selling and not valuable to the security function. One CISO we interviewed described the outlook of security professionals this way: “People are scared to be considered as marketing people. They are very comfortable talking about technology but refuse to design nice slides. They consider this not really within their scope of responsibility.”
I have a dream to see security teams everywhere who are respected, getting paid lots of money, engaged, being invited to meetings, consulted with and listened to. And of course to not have to lie at parties when I tell people what I do. This might involve designing a nice slide or shifting the conversation to a business level. It might involve taking someone out for a coffee and getting to know them.
I hope my first report (How To Market Security To Gain Influence And Secure Budget) can at least provoke some thought into the subject for you - at the very least, it can give you a methodology to break this tricky subject of marketing and communications down a little bit into manageable chunks.
Posted by Jinan Budge