Connect with us

Hi, what are you looking for?


Management & Strategy

Marketing Security Solutions: Is There a Better Way?

In my previous piece, I discussed the difficulty vendors sometimes have in understanding what security buyers are really looking for.  As I mentioned in that piece, this confusion is further compounded by the large volume of vendors and distinct markets that exist within the information security profession.

In my previous piece, I discussed the difficulty vendors sometimes have in understanding what security buyers are really looking for.  As I mentioned in that piece, this confusion is further compounded by the large volume of vendors and distinct markets that exist within the information security profession.  The irony that my previous piece came out during the week of one of the largest security conferences wasn’t lost on me.  Why is this ironic?  I’ll elaborate.

Many of the people reading this piece have been to the big Las Vegas and/or the big San Francisco security conferences at least once.  If you’ve never been to either of these conferences, saying something like “hordes of people descend on the conference location” would be an understatement.  The volume of people that attend these conferences is simply hard to grasp until you see it with your own eyes, and even then, it can be a bit overwhelming.

You know what else is overwhelming?  The number of vendors exhibiting at these two conferences.  Just how many vendors exhibited at these two conferences in 2017?  Let’s take a look at the numbers:

Las Vegas: 290 exhibitors across two floors of exhibition

San Francisco: 687 exhibitors across two exhibition halls

Not all conferences are quite this large, of course.  Some of them are downright intimate. And there are also the various different meetups, networking events, and peer-to-peer organizations that try to bring security professionals together, including vendors and customers.

I do understand the value that some of these different events bring to the security community and don’t mean to be critical of them in any way.  I understand that event organizers need to support themselves financially.  I also understand the need, or perhaps the perceived need, to be at some of these different events in order to be included in much of what goes on in the industry.  Further, I do understand the networking opportunities that some of these events represent for so many people.  I don’t argue with these points in any way.  Rather, I am making another point entirely.

Advertisement. Scroll to continue reading.

At large conferences, vendors may find themselves amongst hundreds of exhibitors and thousands of attendees.  How is it possible to stand out from the crowd in a sea of noise, gimmicks, buzzwords, and hype in order to grab the attention of those who are interested in our product or service?  Perhaps we can roll in a keg and offer free beer to those who stop by our booth?  Or will that merely bring us people who are interested in free beer?  What about if we roll in a boxing ring and stage boxing matches?  Or will that just bring us people who are interested in watching people box each other?

Although large conferences have many advantages, producing highly qualified leads as a return on the marketing budget invested is not among them.

Alright you say, so what if I focus some of my marketing budget on smaller, more intimate events such as those put on by peer-to-peer organizations?  Well, it is certainly considerably easier to stand out from the crowd in those types of environments.  So what’s the downside?  For starters, it can be extremely difficult for these smaller events to bring the right, most relevant crowd to their sponsors.  Some are better than others.  There is, however, quite a bit of variation, and it can difficult to truly understand what the event will be like at the time payment is rendered.

As an example, consider a series of intimate breakfast events that I was signed up to speak at in my previous position.  The company I worked for paid a fair bit of money to be one of three vendors in attendance at these events.  In exchange for this sum, the event organizer promised 10-20 CISOs and explained that non-CISOs would not be permitted to participate in the breakfast events.  With promises like those, who would say no?

As you might have expected, the reality on the ground was quite different.  There were very few, if any, CISOs in attendance at the overwhelming majority of the events.  In fact, the attendees were mostly a mix of people looking for a free breakfast, people who were brought in by the event organizers to bring up the number of attendees to between 10-20, and occasionally someone who was legitimately interested in hearing what the sponsors had to say.

Of course, mileage varies significantly with these smaller, more intimate events.  Sometimes they can be quite good.  But more often than not, sponsoring vendors walk away disappointed.  And worse yet, it can be extremely difficult to know how the event will be until it actually happens.  I know this both from my own experiences, as well as the experiences of others who have shared their frustrations with me.

Given the current state of affairs, perhaps the time has come for security vendors to rethink how they invest their marketing budgets?  Security marketing seems to be stuck in a bit of a “spray and pray” rut.  This is not a knock on marketing professionals in any way — historically, they simply have not had a lot of great options.  On the vendor side, this has resulted in poor return on investment from the marketing budget.  While on the customer side, this has resulted in security vendor fatigue.  Both results are quite unfortunate and exacerbate the widening gap between vendors and customers in the security field.

So what can be done about this situation?  How about looking for ways to better target marketing and sales efforts and budget?  What if security vendors had a way to understand the gaps that customers have, the issues they’re grappling with, and the problems they’re looking to solve?  Maybe, just maybe, the two sides would begin to draw closer together, improving return on investment for security vendors and reducing security vendor fatigue for customers.

Written By

Joshua Goldfarb (Twitter: @ananalytical) is currently a Fraud Solutions Architect - EMEA and APCJ at F5. Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.