Cybersecurity Marketers, Stop Using FUD

Transcript

Opening

Hello, I’m Kerry Guard, and welcome to Tea Time with Tech Marketing Leaders.

Welcome back to season 12.

I hope you were able to catch my conversation with Sekou White. If not, be sure to get back and hang out with us as we talk about marketing to skeptical audiences.

In Cyber Security it’s very easy to use language that strikes fear in the hearts of buyers everywhere. But Aileen is committed to proving time and time again that you don’t need to scare your customers into buying your product. There’s a better way and she walks us through it.

Aileen Casmano is an experienced marketer in cybersecurity and technology. Her work experience and skillset spans across brand strategy, product marketing, communications, and creative strategy. Aileen is currently the Director of Marketing at Cyvatar, leading the brand vision, strategy, and team. Prior to Cyvatar, Aileen held various marketing roles at Owl Cyber Defense and Dynata (formerly Critical Mix). She is also a co-founder of the Cybersecurity Marketing Society. When she’s not thinking of the next big idea, she can be found hanging out with her Goldendoodle pup Oakley or catching a yoga class.

Here’s my conversation with Aileen.

Conversation

Kerry Guard: Hello, Aileen. Thank you for joining me on Tea Time with Tech Marketing Leaders.

Aileen Casmano: Hello, Kerry and our audience. Thank you so much for having me. I'm very excited to dive in today to our conversation.

Kerry Guard: Before we get there, let's have you introduce yourself to our listeners. Tell us, Aileen. What do you do? And how did you get there?

Aileen Casmano: My name is Aileen Casmano. I am currently the Director of Marketing at Cyvatar. We are a cybersecurity as a service provider with a complementary platform that is an all-inclusive subscription model for cybersecurity. Cyvatar is built to serve startups and SMBs, making cybersecurity accessible and achievable.

How did I get here?

I stumbled into the cybersecurity industry. I previously worked in market research in marketing and communications. And that's where I started my career. But I hit a plateau where the company I was at didn't have any more growth opportunities. I didn't have the support for professional development and career development. I felt itching. I needed to break out of my shell, and I didn't feel my growth was being supported. The industry itself didn't excite me, and I wasn't passionate about it. When you're not passionate about something, it doesn't motivate you, get you excited, or work that creative muscle. I kept my options open and started a job at another cybersecurity company, Owl Cyber Defense, and I love the team there.

I started in a product marketing role. I worked alongside product managers, the VP of marketing, and the rest of the marketing team to bring their cybersecurity hardware devices to market. I got to work on everything coming up with product names, go-to-market strategy, videos, messaging, and branding. Once I started at Owl, I just took off. I had great support from our VP of Marketing there and my manager. They allowed me the freedom to get creative to develop my strategy, things I had never been given the opportunity to do. And once I started doing it, I'm good at it. Going to conferences and networking in the industry introduced me to other amazing humans in cybersecurity marketing and talking to fellow marketers. I started to if this is a challenging field. It would be so nice to have people to turn to outside of our organization that we could bounce ideas off, etc.

My manager, Maria, at the time and I both joined from outside of cyber, and there was a learning curve. It was challenging to learn, but once we got it, we were very good at what we did and could market efficiently. Maria met this woman, Gianna, who was also into cybersecurity. The two started talking, and Maria was like, "What if there was this community where we could bring cybersecurity marketers together, whether it's on LinkedIn, or Facebook, or something?" Gianna had already been working on the idea. The three of us came together and started the cybersecurity marketing society, a community for cybersecurity marketers to learn, grow, and network, and it's a free membership. We have a Slack community. We have a yearly event called Cyber Marketing Con, which has grown to over 700 members. It's a place where cybersecurity marketers would come and be vulnerable and be themselves and show up and say, "Raise your hand and say, Hey, I'm new to this, or I'm facing this challenge, or I need a recommendation for a vendor, or can you share best practices in XYZ." And it's blossomed. We have our members think that they have helped it grow to what it is today because we just let the members decide and choose the direction of what they want. It's been a wild ride since 2018.

Kerry Guard: Yeah, such a good story. I am familiar with the cybersecurity marketing group, and I didn't realize it. I knew you were part of it, but I didn't realize you were a founder. It's huge. Thank you for finding an opportunity for that, leading into it, and helping make it a thing because communities are incredibly powerful. Cybersecurity is its beast. So to have a place for marketers to go and learn from one another, yes to that. Thank you.

Aileen Casmano: It is, especially for cyber marketers that don't have a tech background. I find that many product marketing and content writers in cyber have a technical background that they can apply to marketing. I don't have a technical background, so you feel behind already. But as long as you surround yourself with support and community and meet minded people who are in the same position as you or are in the same position, you’ll realize that it's achievable. You'll get there, and you just have to be patient. You just have to be willing to learn.

Kerry Guard: You got to have an open mind, and put your ego aside, which is so hard but powerful when you can put your learning hat on. And I love what you said about managers: they're so important to opportunity and growth, and when they can identify your strengths in what you do and help you lean into the power of that. That's awesome that you were able to find some thoughtful managers who helped you find your way of being passionate and what you love in regards to being a marketer and cybersecurity that's powerful and important, especially nowadays.

Aileen Casmano: Absolutely, never settle for a manager that doesn't empower you.

Kerry Guard: In terms of a challenge you're currently facing, what's keeping you up at night? What’s your biggest struggle?

Aileen Casmano: Sure. Related to Cyvatar and my role, we created a new cyber approach to cybersecurity. New model cybersecurity as a service subscription. Those are all buzzwords on VDC, but when you think of traditional cyber in B2B, you never think,” Oh, let me sign up on this website for a subscription.” At first, there's a lot of skepticism to our offer and solution, and we hear, “This is too good to be true. Let me see the fine print. What's the cancellation policy of their high fees?” And so, we are being as transparent as possible. It’s Cyvatar, but it's going to take some time to train and change the industry's mindset because in traditional cyber, you have to buy a bunch of different software and tools and usually commit to long contracts, etc., and hit their hidden costs and fees.

We're trying to make it effortless and transparent to get a cybersecurity solution in place, especially for startups and small businesses that don't have in-house cybersecurity expertise. Sometimes they don't even have a technology team, but they need cybersecurity. We're talking to sea levels that don't know well what phishing is or how to prevent phishing, etc. We're trying to educate and introduce this new approach to cybersecurity that people are scared of. There's a lot of trusts we have to build right now, especially with marketing, our solution, and our members. I'm trying to get as many case studies as possible and success stories, but companies don't want to share what they're doing for cybersecurity; that's a risk. Building trust and making Cyvatar build a good reputation and good brand perception around our brand and our name.

Kerry Guard: I imagined mirroring back something important that you said, with small businesses. There seems to be a huge element of education that goes along with this, not just from a pricing model, but in terms of your point, not knowing what phishing is and how to even go about that. That's a huge undertaking when you have to convince somebody that they need this thing because they already know they have a problem and also convince them there's a problem.

Aileen Casmano: Exactly, and especially for the market we serve startups in SMB, they don't think they need cybersecurity yet. They're like, “Oh, we're young. Our product is very early, or we're in stealth mode or putting our funding towards sales teams, and they don't see cybersecurity as a foundational business need.” And without using the fear factor, we educate them and outline why it is. Not having cybersecurity in place can affect many foundational business projects and initiatives, such as meeting compliance and acquiring new customers. Some customers require security questionnaires, and if you have nothing in place, you obviously can't confidently answer. So we're doing a lot of education for the startup and SME market. And those sea-level non-technical executives of cybersecurity, why it's so crucial to embed it into your business strategy early on, and how it sets you up for success. You can scale and grow and not have to worry.

Kerry Guard: This actually dovetails perfectly into our conversation today, which is all-around cybersecurity messaging. And I love what you said, in terms of not talking about not breathing fear into it. That seems to be the easiest way to do it, though. You need to say, “Guys, all these terrible things will happen.” It seems to be pretty clear-cut messaging. Why is that not helpful? Is that something you're avoiding? What is fear-based messaging to you? And why are you trying to steer clear of it?

Aileen Casmano: It's called FUD. Fear, uncertainty, and doubt in cyberspace for those marketers listening from outside the industry. And it's using fear tactics to sway a prospect into taking a demo or even buying your product. And the reason why Cyvatar decided not to take a fear-based approach is it comes back to that education. Instead of scaring someone into buying your solution, partnering with your company, and putting a sound strategy together, you want that education because you want them to understand why it's important, why the investment is worth it, and how it'll grow their business. Because if they never understand it, they'll never value it and make it a priority. And also, it's just a tacky way of marketing, like, “Oh, let me you profit off of another company's hack, and other companies breach and make them an example.” We always use it as an opportunity to educate instead of making an example and scaring someone into talking to us or taking a meeting with us.

At Cyvatar, I joined very early on. I was the second or third full-time hire, aside from the co-founders, and from the early stages of ideating on our brand and how we want to be perceived. Even our branding colors and logo are very different from the traditional cyber branding. When you think of cyber, you see dark colors, such as dark blues and blacks, and a hacker in a hoodie facedown in front of a laptop. The cyber industry uses the usual imagery and branding, and we assign attire. We don't want cybersecurity to be a scary thing. We don't want it to be taboo. We want it to be a transparent, positive experience.

Our colors are purple and blue; we're light, bright, modern, and fun. It's inviting when someone reads our content piece, lands on our website, or sees us at a conference. It's a very inviting, energetic brand that we carry through our imagery, creative assets, and messaging. It's especially important when we're talking to and working with the non-cyber and non-technical audience because we don't, we don't want them to be afraid of cyber, and we don't want it to be a taboo conversation. Our branding has a different approach. The non-traditional approach has been successful for us, and people have taken a liking and appreciate it.

Kerry Guard: It seems the hard way, which is right in terms of right or wrong. It's the right way. But it does feel harder because it's low-hanging fruit to scare people into needing something. As you're talking about the problems of the things that will go wrong if you don't take care of this thing, it sounds like you probably close deals a lot faster. But to your point, it's not. It just doesn't feel good.

Aileen Casmano: An analogy that comes to mind is if all your dentist said to you that you're going to get cavities if you don't brush your teeth, they educate you on good dental hygiene and why you should floss and why you should come for cleaning and why you need to brush your teeth every day. If you just constantly got messages from your dentist to brush your teeth, or else it would just not form an initially good experience and perception of your dentists. All these positive things will happen, and you'll have these great outcomes in your life.

Kerry Guard: I love this. In terms of education, where do you begin with that? Talking to people and gearing the sales team up with the right content is your website. What's your strategy in terms of bringing this to life? We're saying education takes a bit longer to bring people through and in. I imagine you have a pretty solid strategy behind it to help bring people in and move them through.

Aileen Casmano: Absolutely. Our sales team and I'm doing air quotes. We don't call them a sales team. We call them solution outcome advisors, and that's usually the first human touch a prospect has unless we meet them at a conference or trade show. But that's the first face-to-face touch that prospects have with us. We're not doing the hard sell. We're not using the get cyber, or you'll get breach tactics. It's “Let's assess what you have. Let's look at where your gaps are. Let's collaborate and build a strategy that fits where your business is right now.” But build a roadmap. When you get to 200 or 500 employees, we know what solutions they need to build on in your strategy and put in place to ensure that your cyber grows with your organization. We also don't throw a bunch of tools at a company and say, “ Get all these tools, and it'll be safe.” Every strategy for our members is custom. It's a very solution-focused conversation when our sales team is meeting with prospects and having those initial conversations. They're trained on all of the solutions we have. They have experience with build and advising smaller companies and medium size enterprises. So that's the first touch and then, as far as our marketing material and our content.

Every employee goes through training on cyber HR solutions. From the marketing team to the member experience team, to the sales team, and everything in between. We're all trained. We can all have those conversations when we're out in the field and at events of the solution-focused and outcome-focused approach Cyvatar peaks. And even with our content, we never put out content that isn't aimed at educating and building trust with our audience.

Kerry Guard: In terms of content, one of the things you mentioned was case studies and customer stories. Are you leaning into that? Are you getting into it? Because you're having success right now. Why is that so important to you to lean into those?

Aileen Casmano: As a company that's breaking into a new category and a new approach to a traditional industry. People are always looking for proof points. So show me what you did for a company. Show me what you did for a company in my industry. If we can have that testimonial and those numbers of Cyvatar who helps this company secure and maintain remediated state in 60 days or less. Tying facts and figures to our business model immediately build trust and, with prospects saying, “Alright. Let's get into this. Let's have a conversation, and let's dig in deeper.” And we also have customers that will give them a meeting with prospects and a testimonial. I would say the case studies and leveraging all the expertise on our team, from our co-founders to our member delivery team at speaking events and webinars.

We have such intelligent and seasoned cyber veterans that work for us. Leveraging internal expertise, making sure the right people are on the right calls with prospects, making sure the right people are at certain events, and even leveraging our internal expertise for content. I'm not an expert at multi-factor authentication. If we're working on a blog about that, or if we're working on a solution-oriented response to something like log4 J, which was the vulnerability that came out a few months ago, I'm pulling in our technical resources and our technical expertise to make sure that our messaging is crafted with a solution oriented approach.

Kerry Guard: I love that. I'm curious, though, because you're talking when you're talking to an audience that's less educated about the space. You're not talking to CISOs, and you're not talking to people who live, eat, breathe, and sleep cybersecurity, as your company does. So, you're talking to a very different audience when you are bringing in those experts. Is there a language barrier? What do you find in terms of them being too technical? Do you have to avoid masking in terms of messaging and simplifying language? I just wonder if there is a bit of a challenge there.

Aileen Casmano: There's a translation done to make it digestible and understandable by a business decision maker. But it's still important to extract the details from the expert. Owl has a very technical product. It's hardware-enforced cybersecurity, extremely technical meant for critical infrastructure that built my muscle of, let me take this technical description, or this technical use case, and translate it into easily understandable and understandable. And that's how I collaborate with our technical team because we're not in our content. It's designed so that a CEO or a CFO can understand what solution they're getting right or what solutions Cyvatars bringing, or what solution MFA brings. It's tied back to the business and how it will bring solutions for their business and ROI for their business. And overall, why cybersecurity is an important business initiative. We're not digging into our content's details and tactical, technical reasons.

Kerry Guard: Yeah, I think there's going to be a balance between sounding what you're talking about and making sure that your audience who doesn't isn't technical about it understands it. I can see that being an art almost.

Aileen Casmano: We tailor it to our different personas. A CEO or CFO wants to know how it'll affect their bottom line and, and how it'll bring return on investment. Different financial implications where a CEO doesn't want business downtime and wants to make sure employees are trained on cybersecurity and are cyber aware. We translate our solutions to the personas we're talking to and make sure that we always tie it back to business drivers and business. The overall business strategy and making sure that it contributes to growth.

Kerry Guard: This could probably be a total tangent, and if we need to veer off of this, that's fine. But my curiosity, because you keep mentioning it, and so my curiosity is getting the best of me right now. I'm curious because you keep mentioning the bottom line and how cybersecurity affects your bottom line. I can see that if you have a breach and a lot of your data gets leaked, how that could hurt business? Is that really what it comes down to in terms of the bottom line? How are you speaking to business outcomes? Are you talking about cybersecurity? I'm just so fascinated by this idea of messaging.

Aileen Casmano: It affects many different areas. It costs way more if you don't invest in cybersecurity and get breached. If it's ransomware or whatever, do the cleanup for that breach than it does to implement a solution and have that running over time.

Most companies now, especially in technology, ask for some security questionnaire about a product they're implementing or a tool they're buying. What security does your company have in place before we sign the dotted line and decide on implementing it? It's going to be implemented into their network. And so if there's nothing in place that could delay or even kill the deal. The earlier you get security, the more opportunity you have for sales pipeline and knowing that you have a solution. So that's a big area we see a lot. And then another is compliance. HIPAA is a big one in healthcare, and there's a lot of compliance and financial services. If you have compliance, many companies think that they're secure, and that's untrue because you're just ticking a box of, okay, what I need to do. But it's not custom to your business. Whereas if you have security first, compliance is a byproduct because you're already implementing a security strategy custom to your business and your size, and then you build compliance.

On top of that, there are different regulations for each industry. But a lot of the time, we see compliance, companies that struggle to meet compliance in time and cost-effectively because they're scrambling to get a bunch of solutions and things in place, which takes a lot longer and it's more costly. Those are the two main areas where we see security. Having it from the get-go is more cost-effective and efficient and doesn't send the company into a frenzied emergency. And most importantly, especially when it's tied to new customers and security questionnaires, it builds trust. If you have your employees trained in security awareness training, it is one of the most important things that any company of any size should consider.

For a small investment, you can have peace of mind. Human error is one of the biggest vulnerabilities, and you can have someone clicking a link, someone responding to a text, or whatever it may be for a small investment. If you don't invest in security awareness training, usually, human errors get you in trouble. The cost-benefit analysis at the end of the day.

Kerry Guard: Why I think this is so key is not because I don't. I wasn't trying to get you to sit here and sell this on your phone because that's not what this podcast is about. But I think what's so key about that is because when I came out and said it, I initially gave a fear-based answer when I was asking you this question. You immediately flipped that into and used positive educational content at that moment. Everything we've been talking about in terms of how to talk about this thing in a beneficial positive way to get what people need in place that's going to affect their business without being without using FUD is really powerful; the way that you laid it all out there. It is possible to do it without fear-based messaging. And in some ways, I feel that was way more powerful. Thank you for walking us through what that could feel.

Aileen Casmano: Absolutely. I'm not trying to sell, just educate. Especially in our case for startups and SMBs, providing an accessible and cost-efficient cyber solution. They would have to go out and hire cybersecurity staff full-time for the cost of one employee, and you need a team. One person can't manage everything. Cyvatar solution usually depends on employee count, but it is more affordable than hiring a staff of two or three cybersecurity engineers or security IT engineers. So that's why CFOs love us. We have to save wherever we can, and I don't have to go out and pay for health care and a salary. I can just bring Cyvatar, and they can be an extension of our IT team, and we're their outsourced cybersecurity solution. So that's also how it affects just bottom line and stay, and scaling fast. You don't have to bring in an in-house team to train and get on board; we can just come in right away.

Kerry Guard: I can see how that speaks to the small businesses and startups. Talking about your personas and your audience and speaking to them about what they need, and then layering on this messaging that talks to each of those in a really powerful way. When you're talking to CEOs, you’re talking about productivity and downtime. And that's important in all of this. Our messaging and what we're talking about salines are important.

In cybersecurity, there is a better way to talk to your audience without scaring them. There's enough fear in the world, and we're all on edge. If you can speak to people in a way that brings them on board without making them feel they have control over making the decision, that's what it is. When you're using fear-based messaging, it takes their control away that you don't have control over making this decision because if you don't, here are all the things that could go wrong. Whereas if it's more about laying it out in the way you did from an educational space, here's everything you need to know whether we're the product for you or somebody else's. You need this thing, and here's why. Here's how it can, whether you're your CFO for these reasons or a CEO for these reasons, here's why cybersecurity is important. I have never really heard anybody lay it out so thoughtfully that way, and I'm just so grateful. Thank you.

Aileen Casmano: Yeah, you summarize that perfectly.

Kerry Guard: Before we close out here, Aileen, is there any last piece of information or advice you would give to those who feel inspired to lean more into the positivity in messaging their cybersecurity products?

Aileen Casmano: Let me think on that for a second. I feel that something that held me back was our brand would not be perceived as an expert and would lose credibility because people are so used to that fear-based approach. It's just not the case using fear as a motivator in any aspect of life. It's a bad business practice, so call your VP of Marketing, your CMO, and your CEO today and tell them the FUD is done. No More fun.

Kerry Guard: I'm going to make a big sign and hold it up. It's going to be great. It’s so good. Before we close out, Aileen, I have my three questions because you're more than a marketer. And it's nice to pull back that curtain and get to know you better. Are you ready?

Aileen Casmano: I am ready.

Kerry Guard: Okay, the first question for you. Given the pandemic, have you picked up any new hobbies in the last two years?

Aileen Casmano: I've gotten more into yoga. Before the pandemic, I didn't have time to do much just because I did much outside work during the week. I was commuting for an hour each way to work. I finally have time to lean more into that. I've always wanted to get better at and work at it. I have the goal this year of going through yoga teacher training. I've done that, and I've also gotten into indoor cycling. It’s nice, from being home quarantined to not wanting to go to a gym quite yet.

Kerry Guard: My dad's a big cyclist who bought this whole system. I’m so proud of it. If he bought this whole system where he feels riding alongside people, and they're racing. You can do all these races around the world. He loves it. These systems are awesome and it's nice that they found a way to help people exercise during this insanity.

Aileen Casmano: There are so many at-home options now.

Kerry Guard: It's awesome, for sure. If you were to be with your team right now or next, you would be with your team. What song would you want playing overhead to set the vibe? Oh,

Aileen Casmano: We have a daily KPI meeting, and we kick it off with an ever. Someone has said whoever's the first to join has to put us on. We're very into music. It's a really hard question. We love Prince, any Prince song. I liked the song Thunder by Imagine Dragons because it creates impact and disruption. I know that's such a buzzword, but it feels good. I feel that it brings people together and you could sing it together. And so that's what we would play.

Kerry Guard: You like can't help but get up and dance to that right. All right, last question for Aileen. If you could travel anywhere without vaccine passes, testing, and masking, where would you go? Why?

Aileen Casmano: Another hard question. I love Southeast Asia. I've always wanted to go to Singapore. I've always wanted to experience Dubai. I have done a lot of research and followed Instagram accounts of travel in both places, and it's just that Southeast Asia is just mesmerizing. I'm very into the culture, and I love Thai food. It's so beautiful and so different from here in America, where I live. I just can't help but get excited about it and love learning about Asian culture. It was probably one of those places.

Kerry Guard: So good. I'm feeling extra inspired by you to do this. I wanted to create a map and tag all the different places that everybody has said, so when we start making our travel plans as the world opens up, we have all this inspiration from you all. Thank you.

Aileen Casmano: Yes, that should be your bucket list.

Kerry Guard: I'm going to make it happen so everybody can access it. Aileen, thank you so much.

Aileen Casmano: Thank you. I'm so happy we are connected now.

Outro

That was my conversation with Aileen Casmano. If you are a cybersecurity marketer and not already involved in the cybersecurity marketing society. Be sure to check it out. Link to Aileen’s profile and society are in the show notes.

Thank you, Aileen, for joining me. It's so good to meet you and to hear how we need to use messaging and not fall into the foot of it.

In the next episode, I chat with John John Steinhert, where we talk about what it means to find a career in marketing. Gi ven the Great Resignation of people continuing to leave their jobs and careers in droves, looking for the next thing that want to hear why marketing may be the next step, and how we as marketers need to support those people making those moves. Stay on, and autoplay will take you there.