Speaking security the C-Level understands
As the tech world reels from the Solar Winds and Hafnium hacks, two of the most recent and devastating cybersecurity failures in years, it is more important than ever to articulate the technically dense subject of cybersecurity in an accessible way. As engineers continue the arduous task of expelling threat actors from their networks, we have an opportunity to reassess how, where, and when we have conversations about cybersecurity and network resilience. As tech marketers, we are the bridge between the complicated engineering side and the personas in the C-Level who must understand the threat to approve the budget for a resilient network.
Our new reality
Coronavirus and rolling shutdowns have vaulted the “cloud-first future” tech companies envision by at least a decade. The past 12 months highlight the coming reality of hybrid-remote work across the office world and the critical role the cloud plays ensuring its success. As more employees work remotely and more devices connect to your network, there are infinitely more entrances for a threat actor to worm their way into your IT environment.
Managing mobile devices and endpoints is an integral role in modern network security and just one of the constantly evolving investments needed to keep corporate data secure. How can we, the storytellers of technology, use our skills to ensure our future is as secure as possible?
We need a DevSecOps approach to marketing.
What is “DevSecOps”?
Short for “development, security, and operations,” it is a best practice for application development that integrates security into every aspect of the software delivery lifecycle – from the first architecture drawings to the continuous software updates.
So, what does “DevSecOps for marketing” look like?
It begins with how marketers and salespeople discuss security with the C-Level. When building out marketing collateral for any SaaS (Software as a Service) solution, especially for a platform where employees will be spending their time (email/productivity/collaboration solutions), strong security guardrails must be a highlighted feature, not a line item on a product page.
Your company’s security can equally be improved with DevSecOps marketing. Microsoft’s approach to security is changing as they make security training more engaging, accessible, and continuous. According to Director of Security Education and Awareness for Microsoft Digital, Ken Sexsmith, “A key for us is making it personal. The same things you do at home to secure your family are the same things you do at Microsoft. Your technology is vulnerable, and it only takes one minute for someone to take control of your device.”
A narrative-driven, DevSecOps approach to security marketing starts with the foundations – making sure everyone understands story.
Making the cybersecurity story accessible
Cybersecurity companies are shifting away from the clichéd “hacker in a hoodie,” a long-time avatar of threat actors, and speaking about network resilience in more accessible terminology. A recent campaign by Norton, The Most Dangerous Town on the Internet, uses documentary filmmaking techniques to connect and engage with their audience about cybersecurity.
How we discuss security also must shift to accommodate our new reality. Creating a resilient and hardened security posture is more than just installing new software or running an anti-virus scan. It is a constant game of cat and mouse where the mouse exploits holes in your system that you are not aware of. Even when you do everything right, such as zealously keeping your software patched, you can find yourself on the wrong end of an Advanced Persistent Threat (APT), a nation-state or other resourceful threat actor. An analysis of the Solar Winds attack shows that the APT exploited the software update system to deliver malware. Reframing security must happen from the beginning of a sales pitch. Security is a never-ending vertical of upskilling and threat mitigation rather than a “one and done” operation.
The story that we tell, of threat actors and data breaches, is exciting and topical. It is found in the headlines of newspapers and the speeches of presidents, but it is difficult to translate that engagement into real, tangible shifts in cybersecurity understanding and posture. The DevSecOps approach to marketing centers around a change in thinking that must occur across industries and society. As more of our lives, both personal and professional, migrate to the cloud, a hardened security posture is the very least required from companies who collect our data. A DevSecOps approach to marketing may not solve data breaches or APTs, but it can at least make a threat actor’s job harder.
If you’re interested in crafting your cybersecurity story in an accessible way for all personas, connect with the Audienz team today.