Stuck in the middle
Perhaps I should explain.
Each year, members of our security sector make the pilgrimage to San Fran for the RSA Conference, the world’s largest security event. We go to stay on top of the latest trends in IT and physical security, spend some quality time with our network of vendors, experts and media, and of course help ensure that our clients get the most out of this unique gathering of the security community. This year, we were also invited to deliver a session titled “Security PR: Best Practices for Brand Differentiation,” and we had the honor of presenting two SC Magazine Awards at the industry’s version of Oscar night.
Overall, registration numbers at RSA 09 were down about 14% from last year, said those “in the know,” but the majority of vendors with whom I talked said that the quality of attendee was actually up, presumably because the boondogglers had been weeded out, so the people visiting booths did so because they truly wanted to learn/buy, and not because they wanted an excuse to attend the Codebreakers Bash or win brownie points with The Man.
That said, there was a fair amount of the “vendors talking to vendors” phenomenon, but that’s the case with most shows, and RSA has been trending that way for years. My take is that as long as you know that going in, and as long as you understand that you need to have a presence at RSA if you sell security, you’ll be fine. Focus on making the most of the show, interact with as many reporters/analysts as possible, and do your best to either secure a speaking slot or actively participate as a member of the audience in panel and P2P sessions.
So with that as a backdrop, let me bring this all back to the title of this post…
Comparatively speaking, the security market is doing extremely well. According to financial analysts and industry analysts in a few different sessions in the “Business of Security” track (a great idea, btw), the security sector is outperforming the rest of the technology market quite handily. There are two main factors driving the sector’s growth and accounting for its success:
- The threat environment – the volume of attacks continues to escalate, with organized criminals launching attacks for profit and nation-state attacks growing in intensity and sophistication (think US Electric Grid and the JSF breach). The security products/services vendor community is the only thing standing in the way of these attacks and your data, so it’s fair to say that security threats are fueling the success of the security sector.
- Compliance – government- and industry-mandated regulations continue to drive a big chunk of security spending as well. Since deregulation took it on the chin over the past several months, it’s safe to assume that compliance-related spending isn’t going anywhere soon.
So while it smarts of schadenfreude, I suppose in a twisted way the security sector should be grateful for all those data breaches we’ve seen over the past several years, eh?
But despite the good news of security’s relative strength, the “arms-race” nature of the security sector – vendors trying to keep pace with the threat environment – creates a whole bunch of PR challenges.
In my session on PR best practices for the security sector, a great group of participants joined me in exploring a few of those challenges and discussing ways to overcome them. Truth be told, I had pages of challenges and best practices to get through, but we had such a good discussion that we only had time for a couple. In the interest of keeping this post somewhat brief, I’ll give you a taste of one issue that we talked about for about 30 minutes since virtually everyone in security has had to deal with it at one time or another:
– Customer references: security customers are notoriously reticent to share their secret sauce with the world and risk exposing themselves to additional attack
– Generate a short list of target customers, reflecting what you see as a realistic outcome, i.e. top-tier media reference, email commentary to reporters only, bylined article authors etc. Then devise an action plan, potentially consisting of one or several of the following tactics, to make the desired outcome a reality:
Train the sales team, but forge your own relationships with customers
Provide customers a PR 101, simply because a lack of education is holding back many who think they have to reveal technical details
Demonstrate the value of participating to the individual customer, appealing to their career advancement goals, promotion of their project/company etc
Provide ROI estimates (at Text we refer to this as PROI)
Maintain ongoing, regular interaction/dialogue with all reference candidates
Showcase/market successful instances of customer references in articles, whether through framed articles, Website highlights, handwritten notes, etc.
Reward references, potentially with contractual considerations
What’s worked for your organization or your client? What’d you think of this year’s RSA Conference? What’s your favorite color? I’d love to hear your thoughts.
PS – if you want to hear more about the PR best practices session, shoot me a note at firstname.lastname@example.org