As a cybersecurity marketing agency serving clients on a range of marketing efforts, from market assessments, branding, and messaging to marketing program development and execution, we set the foundation for sales enablement, helping the right people get in front of the right prospects in the right way to drive the client’s overall business growth objectives. Whether selling cybersecurity products and services directly or through channel partners, today’s landscape requires precise and deliberate targeting, data-driven strategies, and innovative engagement techniques. Connecting with a hard-to-reach audience requires finding the most effective ways to contact, engage, and nurture them with relevant information on a consistent and ongoing basis.
It isn’t easy.
We’ve compiled a set of six tactics to consider as part of your cybersecurity sales and marketing efforts. Some of these come from our own client experience, and others are the result of successes from other sales leaders in the industry.
While some cybersecurity companies have embraced a “bottom-up” revenue model—targeting developers, security analysts, and other users of a solution—many firms still vie for the attention of executives. In marketing products and services in general, it’s easy to assume that going “to the top” will get you faster results because the executives are the decision-makers, right? However, this is not necessarily the case when marketing cybersecurity products and services. While the executives may love your pitch and think your products have value, they will often pass the purchase decision down to middle management or the technical and engineering teams. Security is complicated and must take into account adherence to standards bodies, compliance, current existing infrastructure, and vendor compatibility.
In government, for example, it is almost always assured that the top executives will pass purchase decisions off to their direct reports. Charles Booth, vice president of sales in the IoT, Cybersecurity, and Networking space, says that top executives rarely pull the trigger when it comes to security solutions. “An executive strategic decision maker in the government sector has that power but rarely uses it,” said Booth. Having worked in the government sector for over twenty years, Booth attributes this to the executive role having an “expiration date” of 2-3 years. For executives to make a purchase decision, they would need to deeply immerse themselves in the process, which ties them up and keeps them from focusing on strategy, an integral part of an executive’s job.
In a mid-market commercial environment, seasoned sales executive Joel Broyhill shares how important it is for cybersecurity marketing campaigns to remain open to targeting different personas rather than the obvious ones, especially in the early stages of a company maturing their sales and marketing functions. “We had been targeting CISOs with our solution but started to realize that some of the lines of business leaders actually had a greater vested interest in investing in our solution. We started to see success by targeting business leaders instead and having them champion the solution with the CISO.”
As you build and refine your target audience, you’ll want to use a mix of channels—such as social media, email marketing, events, and community engagement—to align with their needs and preferences. Make sure to use analytics and metrics to track how your personas engage across these platforms and refine your digital strategy.
Tip: Of course, pitching executives is sometimes the best path forward, but don’t rely solely on going to the top. Much of your marketing work and sales outreach can (and often should) be focused on targeting across a range of levels within the organization. If you are targeting the top, make sure your message and content is business-focused and credible.
Security budgets grew by 8% in 2024, up from about 6% in 2023, but that doesn’t automatically increase vendor revenue. Despite big spending increases—and even bigger ones on the horizon—cybersecurity buyers are selective, have many options, and get exposed to countless cybersecurity marketing messages. Competition for their business is fierce.
This combination of factors means it is imperative to understand the various personas involved in both purchasing and using your solution—and then plan the right marketing activities to support them. For example, as part of our cybersecurity marketing practice, we worked with a client who sold security tools to developers and designed a go-to-market that was heavily “bottom-up” versus a “top-down” approach as is typical in many non-cybersecurity markets. In this bottom-up approach, we focused our marketing efforts directly on the developers who were responsible for writing more secure software, skipping the middle-management layer altogether—or at least building the organizational groundswell first with users before moving up. Some examples of tactics we included were targeting very technical keywords, creating technical content, engaging on GitHub and Stack Overflow, and going to developer Meetups, among others.
Tip: Deeply immerse yourself in the buyer personas engaged in both using and purchasing your solutions. Then, focus your marketing efforts where you will get the most bang for your buck and build that into your marketing and sales enablement plans.
Virtual events such as webinars and online meetups are now an important complement to in-person events like trade-shows and conferences. Valuable connections happen at both, as do many deals, so your cybersecurity marketing efforts need to span channels—and your message may need updating.
Modern audiences don’t want old-school marketing, they want inspiring experiences, which means it’s time to break the rules and re-think what a webinar or tradeshow can be. More immersive digital experiences are needed to engage audiences. Interactive elements like surveys, polls, games, and breakout sessions help capture the attention of audience members and, at the same time, allow you to learn more about your attendees.
That doesn’t mean you skimp on great content or speakers. Carefully think through what your presence (and investment) will be for events and how to maximize the return. It may not be the right choice to blow major amounts of your marketing budget on a large event (more ways to save here).
Matthew Fisch, cybersecurity consultant and SVP sales, emphasizes that getting in front of the right buyers requires you to “swim in their lane.” Matthew says you need to engage and hang out where they hang out, and not just attend security-focused events.
“If I want to sell into the banking or financial vertical, for example, I find events that they all go to, I get to know them, listen to them, and then build a real relationship,” said Fisch. “Then, when the topic of security comes up, I act as an advisor to help them build business solutions, whether it’s with my company or recommending products and services that I’m familiar with from being immersed in the industry. This builds trust and you can bet when they are ready to buy, I’m on their short list.”
Tip: Swim in your customer’s lane by finding the industry-focused events (both live and virtual) they frequent and attend them as an engaged participant. Listen to the key issues they face. Learn to speak their language and build a relationship. Later, you can follow up with cyber security marketing materials and suggested security solutions positioned to them around the specific problems you know they face.
While vertical marketing strategies are commonplace due to their effectiveness, many smaller cybersecurity firms still shy away from narrowing their focus to a few key verticals for fear of alienating a potential prospect that does not fall within those parameters. Instead, they may focus on the pain points their solution addresses horizontally across sectors and treat verticals as an afterthought. This approach is generally not sufficient to stand out in the cybersecurity space. Why? Since many buyers of cybersecurity products face the same pain points, too many vendors end up sounding the same. Buyers all want secure endpoints, a secure network, the ability to detect and respond to a breach quickly, secure software development practices, strong governance, remediation policies in place, and the ability to gain rapid insights when a breach does occur, to name a few.
With so many vendors pitching their solutions, the cybersecurity space can be noisy and confusing with little differentiation in messaging, which can quickly become frustrating for buyers. One survey found that 91% of decision makers thought unclear marketing made it harder to confidently compare and choose cybersecurity vendors.
Instead of repeating what everyone else is saying, use cybersecurity content marketing to explore topics that prospects care about, relevant to each target vertical. If a target buyer is a hospital, focus on topics they care about, such as HIPAA. If it’s a government target, focus on the standards they must adhere to, such as JITC (Joint Interoperability Test Command) or TAA (Trade Agreement Act). Discuss cybersecurity solutions from the buyer’s perspective, relevant to their day-to-day – and to do so in their language.
Tip: Leverage sales intelligence tools such as Zoominfo or Seamless.AI to develop industry vertical segmentation with tight targeting, intent data, and associated list development, and create specialized content, campaigns, and sales enablement materials accordingly.
Done right, cybersecurity content marketing can be not just an effective tool for SEO and brand awareness, but also a powerful sales tool. A technical white paper, for instance, can be very useful for engaging technically oriented prospects. It provides detailed, high-value information that the customer cares about while positioning the company as a thought leader, which drives credibility in support of sales. Keep in mind that you should not use a valuable white paper for cold, top-of-funnel lead generation, as it may never get the attention it deserves. Instead, use it as a follow-up from other lead generation efforts, whether digital advertising campaigns or an in-person interaction. This may sound obvious, but you’d be surprised how many marketers use white papers as first-touch lead generation activities, and then follow-up after customer visits or other interactions with glossy, shiny cybersecurity marketing material. By all means, include the glitz, but be sure to leave prospects with substance they can use.
One method Matthew Fisch used with great success was a white paper he authored on GDPR when it first hit the industry, which he used to start conversations with key executives at the vertical-focused events he attended. “I’d follow up after in-person interactions with key executives by giving them my GDPR white paper, which they found very useful,” said Fisch. “And now they know me and trust that I know their pain points on this subject. That makes it a lot easier to let them know what my company does and how our products can help them.”
Tip: Build up your cybersecurity content marketing plan by working from a list of topics that would provide value to your customers based on issues they face on a daily basis. Once these assets are created, use this content to nurture new and existing prospects.
Marketing teams in every cybersecurity company know the challenges around social proof, case studies, and testimonials in this market. Customers are often reluctant to announce to the world what products and solutions they use to keep their organizations secure. While the reason is obvious—inviting a breach from a hacker who knows the loopholes—it leaves cybersecurity marketers with a problem: How can you maximize the value of a happy and satisfied customer for prospecting efforts?
One way to help prospects understand the benefits of your solution without explicitly naming them in case studies is to write use case-oriented thought leadership articles based on client engagement but anonymized and with broader best practices referenced. This serves as high-value content as well as education around the challenges presented and a solution offered.
Another way to get your name out there without having your customer reveal any security secrets is to invite clients to discuss trends in published content. Ideally, this should be in alignment with your solutions, even if they don’t reference your cyber security solutions directly. This is particularly valuable for high-profile clients, such as F500 or other well-known entities.
Tip: Be creative in finding ways to showcase your solution’s value in the customer’s voice and “promote” a happy customer without having them tout your products overtly. The simple association with them can get you noticed.
The cybersecurity market is constantly and rapidly evolving, which makes marketing a security company challenging. In our Cybersecurity Market Outlook: Industry Trends and Insights, we highlight the key trends in cybersecurity that can help further augment your cybersecurity marketing plan and boost your sales enablement.
If you’re considering bringing on additional expertise to support your cybersecurity marketing strategy, plans, and programs, we recommend reviewing our eBook, Finding the Right Cybersecurity Marketing Partner, or you can contact us directly for an introductory chat.