- Audience 1st
- Posts
- How Cybersecurity Marketers Can Distinguish Themselves from Attackers
How Cybersecurity Marketers Can Distinguish Themselves from Attackers
Everybody's got to sell, everybody's got to buy things, but it's how the transaction is conducted that is important.
Dani Woolf
30 Mar • Read Time: 12 minutes
The goal is simple: make it easy for security buyers to access trustworthy information, allowing them to self-verify and make informed decisions.
But how do we build the communication skills and ethical practices needed to connect meaningfully with our audience?
How can we bring fresh, innovative ideas to the table and make cybersecurity an industry that people genuinely want to be a part of?
These are the questions that Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea, grapples with regularly.
In this episode, I had a candid and thought-provoking conversation with Joseph about what drives him, the challenges he faces, the vendor tactics that frustrate him, and how marketers can do better.
POLL: What’s the most effective way to differentiate your cybersecurity solution in a crowded market? |
Before we dive in, don’t forget to subscribe to join 1700+ cybersecurity marketers and sales pros mastering customer research. You’ll get notified whenever a new episode and buyer insights summary drops.
Who is Joseph Carson?
Joseph Carson is the Chief Security Scientist and Advisory CISO at Delinea, with more than 25 years of cybersecurity expertise.
Known for his deep insights into privileged access management, Joseph is the brains behind ‘Privileged Access Management for Dummies’ and ‘Cybersecurity for Dummies’.
He’s a passionate advocate for stronger access controls and a relentless pursuer of better security practices.
When he’s not educating the cyber world or speaking at global events, he’s busy demystifying security one password vault at a time—always with a dash of humor.
Pro Tip for Connecting with Joseph
Skip the fluff. Joseph appreciates clear, concise, and informed conversations.
Lead with genuine curiosity and be ready to discuss specific security challenges or solutions—he’s all about practical, actionable insights.
And if you can squeeze in a good story or two, even better!
Insights and Key Takeaways
Put People Before Technology
Insight: Security is ultimately about people, not just technology.
"Technology will change over time. It’s an enabler for people to be successful in their jobs. What stays the same is the people…and their jobs may slightly change, but we have to remember that people are our customers."
In cybersecurity, the focus is often on tools, solutions, and technical advancements, but it’s the people using those technologies that matter most.
Marketers should craft messaging that speaks directly to the human element, emphasizing how their product enables users to succeed in their roles.
By shifting the focus from features to real-world applications that help solve business problems, you’re more likely to resonate with security professionals.
Continuous Learning is Key (But Difficult)
Insight: Security practitioners struggle to balance time for ongoing learning with their daily responsibilities.
"In our industry, things change so quickly. If you don’t balance your time for learning, you can fall behind."
Cybersecurity evolves rapidly, making it challenging for practitioners to stay current while managing daily tasks.
Marketers can support this need by creating concise, educational content that keeps security professionals informed without overwhelming them.
Webinars, short videos, and quick-read articles can deliver valuable information in manageable formats, helping practitioners maintain their expertise in a time-effective way.
Provide Context and a Unique Point of View
Insight: There’s always room for your audience to learn if you provide context and a clear perspective.
"I will always learn things…It really comes down to how vendors explain it to me."
Security professionals are open to learning, but how information is presented makes a significant difference.
Avoid jargon and generic pitches. Instead, offer insights that are clear, contextual, and specific to their perspective.
Sharing a unique point of view can make your message stand out and foster meaningful engagement.
Earn Your Audience’s Time with Clarity
Insight: Remove fear, uncertainty, doubt (FUD), and fluff from your messaging, and explain clearly what you offer before asking for time.
"Before you even get 10 minutes of my time, you need to clearly explain what it is you do."
Insight: Security is ultimately about people, not just technology.
"Technology will change over time. It’s an enabler for people to be successful in their jobs. What stays the same is the people…and their jobs may slightly change, but we have to remember that people are our customers."
In cybersecurity, the focus is often on tools, solutions, and technical advancements, but it’s the people using those technologies that matter most. Marketers should craft messaging that speaks directly to the human element, emphasizing how their product enables users to succeed in their roles. By shifting the focus from features to real-world applications that help solve business problems, you’re more likely to resonate with security professionals.
Continuous Learning is Key (But Difficult)
Insight: Security practitioners struggle to balance time for ongoing learning with their daily responsibilities.
"In our industry, things change so quickly. If you don’t balance your time for learning, you can fall behind."
Cybersecurity evolves rapidly, making it challenging for practitioners to stay current while managing daily tasks.
Marketers can support this need by creating concise, educational content that keeps security professionals informed without overwhelming them.
Webinars, short videos, and quick-read articles can deliver valuable information in manageable formats, helping practitioners maintain their expertise in a time-effective way.
Provide Context and a Unique Point of View
Insight: There’s always room for your audience to learn if you provide context and a clear perspective.
"I will always learn things…It really comes down to how vendors explain it to me."
Security professionals are open to learning, but how information is presented makes a significant difference.
Avoid jargon and generic pitches. Instead, offer insights that are clear, contextual, and specific to their perspective.
Sharing a unique point of view can make your message stand out and foster meaningful engagement.
Earn Your Audience’s Time with Clarity
Insight: Remove fear, uncertainty, doubt (FUD), and fluff from your messaging, and explain clearly what you offer before asking for time.
"Before you even get 10 minutes of my time, you need to clearly explain what it is you do."
CISOs and security practitioners are bombarded with marketing messages, many of which are vague or misleading.
To earn their attention, be direct and transparent. Clearly articulate the value of your product and how it addresses their specific needs.
Avoid using generic offers like gift cards to book meetings; instead, focus on educating your audience in your initial outreach.
Email is Still Relevant, But Needs Trust
Insight: Email remains an important channel, but it must be distinguished from tactics used by attackers.
"As marketers, we use the same techniques that attackers use. What’s important is how we distinguish ourselves and create trust."
Email is still a heavily used communication channel, but security practitioners are wary of its similarity to phishing tactics.
To build trust, provide alternative ways for recipients to verify information and establish your credibility as a reliable source. Include links to reputable sites or reference well-known research.
This extra step can reassure your audience that your email is legitimate and worth their time.
Frictionless Access to Information Builds Trust
Insight: Offer multiple, trusted pathways to information, allowing buyers to make informed decisions.
"Provide multiple methods of access, not just a link…The goal is to get them to the information where they can make educated, wise decisions."
Security practitioners value frictionless access to trustworthy information.
Avoid gated content or single-click links that create uncertainty.
Instead, offer multiple ways to access your materials, such as PDFs, links to established platforms, or downloadable assets from well-known sources.
This flexibility allows buyers to verify information through channels they trust, leading to more confident decision-making.
Validate Your Messaging Before Launch
Insight: Test your messaging with real buyers before releasing it to the market.
"All marketing teams should reach out to people like me to test the message before making it public. It’s better to validate it upfront than to correct it afterward.”
It’s common for marketers to launch messaging that sounds good internally but misses the mark with actual buyers.
To avoid this, get feedback from trusted practitioners who can identify buzzwords, inconsistencies, or red flags.
Validating messaging before it goes live ensures it resonates with the audience and prevents potential damage to your credibility that comes from retracting or modifying inaccurate claims.
Let Buyers Choose How to Spend Their Time
Insight: Time is the most valuable asset, so let buyers decide how they want to engage with your content.
"The most valuable thing in our world is time. Create content that educates me, allowing me to decide how to use my time.”
Security professionals have limited time, and they want content that adds value to their day.
Offer content in multiple formats—articles, podcasts, videos, or whitepapers—so they can choose how to consume information.
Podcasts, for example, allow practitioners to learn while multitasking.
Respecting their time and preferred content formats demonstrates empathy and understanding.
CISOs and security practitioners are bombarded with marketing messages, many of which are vague or misleading.
To earn their attention, be direct and transparent.
Clearly articulate the value of your product and how it addresses their specific needs.
Avoid using generic offers like gift cards to book meetings; instead, focus on educating your audience in your initial outreach.
Email is Still Relevant, But Needs Trust
Insight: Email remains an important channel, but it must be distinguished from tactics used by attackers.
"As marketers, we use the same techniques that attackers use. What’s important is how we distinguish ourselves and create trust."
Email is still a heavily used communication channel, but security practitioners are wary of its similarity to phishing tactics.
To build trust, provide alternative ways for recipients to verify information and establish your credibility as a reliable source.
Include links to reputable sites or reference well-known research.
This extra step can reassure your audience that your email is legitimate and worth their time.
Frictionless Access to Information Builds Trust
Insight: Offer multiple, trusted pathways to information, allowing buyers to make informed decisions.
"Provide multiple methods of access, not just a link…The goal is to get them to the information where they can make educated, wise decisions."
Security practitioners value frictionless access to trustworthy information. Avoid gated content or single-click links that create uncertainty.
Instead, offer multiple ways to access your materials, such as PDFs, links to established platforms, or downloadable assets from well-known sources.
This flexibility allows buyers to verify information through channels they trust, leading to more confident decision-making.
Validate Your Messaging Before Launch
Insight: Test your messaging with real buyers before releasing it to the market.
"All marketing teams should reach out to people like me to test the message before making it public. It’s better to validate it upfront than to correct it afterward."
It’s common for marketers to launch messaging that sounds good internally but misses the mark with actual buyers.
To avoid this, get feedback from trusted practitioners who can identify buzzwords, inconsistencies, or red flags.
Validating messaging before it goes live ensures it resonates with the audience and prevents potential damage to your credibility that comes from retracting or modifying inaccurate claims.
Let Buyers Choose How to Spend Their Time
Insight: Time is the most valuable asset, so let buyers decide how they want to engage with your content.
"The most valuable thing in our world is time. Create content that educates me, allowing me to decide how to use my time."
Security professionals have limited time, and they want content that adds value to their day.
Offer content in multiple formats—articles, podcasts, videos, or whitepapers—so they can choose how to consume information.
Podcasts, for example, allow practitioners to learn while multitasking. Respecting their time and preferred content formats demonstrates empathy and understanding.
My Final Thoughts
Cybersecurity is about people, not just tech.
It’s not enough to push products—you need to understand the human side of the industry to truly make an impact.
Keep it real, keep it clear, and keep it simple:
Put people first, always.
Earn their time with valuable insights.
Validate your messaging before it goes live.
Focus on building trust, not just generating leads.
Because at the end of the day, it's not just about what you sell—it's about how you help.
Until next time,
Dani
Subscribe to Audience 1st Podcast Newsletter
Thanks for reading! If you like summaries like this, subscribe to Audience 1st Podcast Newsletter to get notified whenever a new episode drops.
Excited to collaborate? Let’s make it happen!
Check out our sponsorship details to connect with real security practitioners and showcase your brand to an engaged community of cybersecurity decision-makers giving and seeking real buyer insights.
Reply