Marketing Is Ravaging Cybersecurity

Published in

Command Line

6 min readFeb 17, 2017

It’s an interesting thing to see an industry approach a dangerous inflection point. If you focus closely, you can actually smell the vapor. What’s concerning — what should scare people — is that today’s industry on the verge of a concern is cybersecurity. It affects us all because it is perhaps one of the most indispensable fields in our connected society. But we can confront this problem. We can do a better job by focusing on engineering, solutions development, and marketing — in that order.

For years, people have said that cybersecurity is a bubble market. But most of those people are analysts, bankers, or consultants. Their incentives are aligned to promote incumbents who want people to believe that only they have the answers. I have and still do actually work in the field. Together, my business partner Dave Odom and I manage an early-stage product development, sales, and investment platform. We’re the guys who should be against the bubble rhetoric. But it is easy to see what is happening: marketing is fully overtaking product development. We’ve lined up to go to the mattresses to rebalance the equation.

Welcome To Wherever You Are

I recently had the opportunity to attend the RSA Conference 2017. This is a great conference with important value. But what I saw from companies exhibiting on the showroom floor was messy.

Walking the expo, I became more frustrated with every step. I saw a litany of copy-cat products, waves laser light shows, and a rows of chintzy branding. There was a lot of marketing going on—and not all of it good. But what I failed to find much of was novel engineering.

In the years that I’ve been attending trade shows, I’ve seen an inverse correlation between the amount of marketing spending and the level of technical innovation. Even though we’ve come far in what we can do — we have not made great progress in what we are doing.

Here’s a precision accurate cyber-chart based on exclusive and proprietary data and customer insights to illustrate this problem (that text is nearly identical to one I saw yesterday).

When products lack innovation and differentiation, the bar is lowered for attackers. Suspiciously common engineering begets the same monoculture dangers as the inbred aristocracy of yore. Overcoming them gets progressively easier with each new target. And trust me, monocultures have been the end of empires before.

The spending war in marketing is making it difficult for cybersecurity companies to enter the market without a seasoned and trusted partner. Don’t get me wrong, great creative cannot be overrated but it must be matched with great engineering, product development, and customer development.

Firms of all sizes underfund their engineering and product budgets to pay for conference lanyards (a cool quarter million), slick airport placement ads, and fantastically lavish booths. I saw everything from magicians and pole dancers to laser light shows and small movie theaters on the showroom floor. One company even went so far as to develop a video game of how their cyber product cyber-roundhouse kicks cyber hackers in cyberspace. Cyber cyber cyber…threat threat threat. Terrible.

The Crux Of It

Purchasers of cybersecurity products need to step up. Customers need to push back against companies that are all brand — no product. They need to call out vapor-ware as being simply that.

Firms that spend vastly more on marketing than they do on product development and engineering have created a problem. Spending hundreds of thousands of dollars on ridiculous ploys like viking helmets leads to implosive outcomes.

Companies that raise tens of millions of dollars and put nearly all of it into marketing believe that their customers can be swindled into buying sub-standard products. A particular Viking God-based company raised more than $40 million to develop their flagship “threat map,” which in its live version has the same utility as simply looking at this static picture. It took years for the market to reject this company and, in the interim, they signaled to others that you can fuel a company on vapor for nearly half a decade — scaring off investors from this market along the way.

The Importance Of Excellent Marketing

To be clear, I think marketing is important. It does drive the company, generate revenue, and makes people sit up and listen. Marketing can propel a thesis, a capability, or a company into the world.

Campaigns such as Chrysler’s Imported From Detroit can fundamentally change the way consumers view a company. And there is great marketing and creative in cybersecurity — it just needs to be matched by great engineering. That said, building a brand adds incredible value and resiliency to a firm — and that cannot be minimized.

Here’s the deal though: the full on cybersecurity marketing-gasm is totally and absolutely screwing with reality. It’s making us bad at our jobs by promoting brochure engineering and forcing new entrants to underinvest in product. We need to get back to a reasonable equilibrium between marketing and product capabilities.

Put Up Or Shut Up

One of the reasons why the SecureSet Accelerator exists is to address this problem. We stand for product-focused entrepreneurs as first class citizens. To promote them, we directly connect buyers with innovators. This supports the product development and sales goals of startups and ensures enterprise customers get the capabilities they need to succeed. We invest in product teams and take a principled engineering approach to our investment thesis. In fact, we only accept and invest in companies working to address key problems with novel technology. It is our job to pull out the signal from the noise.

Are we tilting at windmills in some sort of quixotic adventure — absolutely not. The companies doing the coolest and most important work in cybersecurity are also the ones that are most highly valued. Solving actual problems is both great for cybersecurity and business.

So You Have A Cybersecurity Company

Good for you! We support you. But please follow these three simple rules:

Be novel — no one needs another threat intel feed or web application firewall.
Be thoughtful — the market rewards great product.
Be smart — put your money into product first and then build great marketing.

Trust your instincts and build something great. Let the product speak for itself. When it does, then tell everyone about it.

We’ll see you at RSA Conference 2018. #CyberAllTheThings

— Alex Kreilein

I write about technology, cybersecurity, startups, and the human experience. I am also a Managing Partner with the SecureSet Accelerator. If you are building exciting cybersecurity or enabling technology products, come Join Us for an immersive experience where we bring customers into iterative product builds and drive rapid market traction!