Cybersecurity: The Best Way to Market is to Support Your Audience

I have a long-term plan based on my love for the InfoSec community: I want to convince companies that it pays off to support it. And in those (few) cases where management understands, I want to help them out. Or rather, I want to help their existing marketing department to understand the community, the people in it, and how to target these in the most effective way.

In this article, I will be talking about the InfoSec community as a uniform organism, and as if only one InfoSec community exists. This is a huge simplification made for the sake of argument.

Are you an InfoSec marketer? Funny enough, I never thought I would want to be that. I come from a technical background in InfoSec and have always had a strange relationship with the more commercial side of the profession. Most important of all, I never thought of marketing to be particularly interesting or relevant. And yet, here I am writing an article about just that.

The thing is that marketing comes in many shapes and sizes. Sure enough, the more traditional side of marketing never seemed interesting to me. But then I learned about community-focused content marketing. If you’ve never heard of that term before, there’s a logical reason. I made it up when I learned that content marketing in InfoSec could have several expressions.

In the beginning . . .

I’m getting a bit ahead of myself here. I want to start with how I got engaged with the InfoSec community back when I started in InfoSec: I started arranging OWASP meetings for my local chapter. I am not really sure why I started. It somehow seemed natural, but I know why I kept doing it: I love to arrange cool talks, to gather people, to see the happiness in their eyes when they’ve learned something new or met someone interesting. I love to help people in the community in general. It brings me huge satisfaction. So, when I had the chance to help get the non-profit InfoSec conference Security BSides to Copenhagen, there was no doubt in my mind that I just had to be part of that.

So, imagine my joy when I eventually realized that it is possible to combine my extensive technical background with my love for the InfoSec community into a real profession – and call it something as exotic (at least for me) as ‘marketing.’

It’s all about the community

One thing I’ve learned through the years by being an active part of InfoSec is that the community holds tremendous power. And spending the last 1½ years in my first marketing position as head of community in a rising Free Open Source Software (FOSS) project only supports this: The community decides which companies and people are hot or not, who provides a great service, and which companies it’s cool to work for. And that can – to some degree – be influenced via good content marketing.

As the name states, content marketing is about content. It’s nothing new, nor is it unique to InfoSec. However, strange as it may sound, it’s not about converting customers, generating leads, or even making sales. What it is about, though, is creating familiarity, likability, and trust towards your brand – and doing it whilst genuinely wanting to support the InfoSec community.

The thing with the InfoSec community is that, in general, it wants to help those who care about it. And if your marketing strategy is to love the community, it will love you back by telling everybody how great your products are, how competent your specialists are, and what a great place to work your company is. Or, to put it another way:

When people trust your content and associate you as an expert, you effectively eliminate your competition.

In a market where it’s hard to sell goods and services and even harder to get qualified employees, this is solid gold.

What is this content you keep talking about?

In its basic form, content is anything that immediately provides value to the community. When you base your marketing strategy on that premise, it will consistently be high-quality, and the InfoSec community – over time – recognizes content from you as being of great value.

Content can be:

  • Blog articles
  • Podcasts/webcasts
  • Talks
  • Workshops

Or, since the community appreciates companies having an edge, content can also be

  • Memes
  • Joke

Basically, effective content marketing is anything that can turn on the inner InfoSec geek in your target group. Related to this, I can’t emphasize enough how important it is to have a culture where people offer “stupid ideas”, and management dares to follow up. “Stupid ideas” in this context are ideas that are potentially so fundamentally different from everything else, that the idea might be either ludicrous or pure genius. If they work, you get to harvest it. And honestly, what’s the worst thing that could happen if it fails?

I can’t thank Jason Blanchard from Black Hills Information Security enough here. He has been a huge inspiration and help for me to discover this, finding out that I wanted to do it – and how I could make it my own thing.  Back In the beginning of my journey into this, Jason pointed me to a workshop he had with Jon Barnes called “Infosec Marketing in 2021: Hacking the New Normal”. It has talks on overview of content, strategy, and examples of how to create great content. I highly encourage you to watch it if you’re interested in this: Hacking the New Normal.

InfoSec marketing is not for everyone!

There’s a catch here: This type of marketing is hard. Really hard. Especially if you have no experience in InfoSec and don’t know your way around the InfoSec community. That takes time and effort.

The more you know about InfoSec and “geek culture,” the better you would be as a content producer or editor. But all that isn’t worth much if you don’t have communication skills and the intuition about what would be a good presentation, or how a blog article should be angled to catch the attention of your audience. In other words: This is neither all marketing nor all InfoSec. This is both. And people who master both are a rare breed.

The pursuit of community-focused content marketing is a long-term strategy. When attacking the InfoSec community – or any community – it takes time before you get any notable results. The good part about that is that once you succeed, that reputation can stay within the community for good.

Good luck!


About the Author:

Klaus Agnoletti has been an all-round infosec professional since 2004. As a long-time active member of the infosec community in Copenhagen, Denmark, he co-founded BSides København in 2019. Currently he’s a freelance infosec professional specializing in security transformation and community focused marketing.

Twitter: @klausagnoletti

LinkedIn: Klaus Agnoletti.

Editor’s NoteThe opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Bora.

Cybersecurity: The Best Way to Market is to Support Your Audience
Scroll to top