ViewPoint

Mar 06

Flip the Script on FUD

By Maria Varmazis

The IT security industry is littered with fear-mongering marketing messages designed to scare the bejesus out of potential buyers. But, savvy IT security professionals have heard it all before, and these communications strategies often fall flat with, or worse insult, its intended audience.

With the RSA Conference now in our rearview, Maria Varmazis, V2 agency friend and IT security marketing and content queen from Rapid7 and Sophos, shares her insights on effective communications strategies to break through infosec market noise — without defaulting to fear-mongering tactics.

In the information security industry, there are plenty of three letter acronyms to go around, but there’s one that’s particularly notorious: FUD (fear, uncertainty, and doubt). In an industry that seemingly peddles in dealing with preventing—or cleaning up—worst-case scenarios, it may seem appropriate to highlight your customers’ biggest fears to get them to evaluate or purchase a product; however, FUD is often the kiss of death for effectively communicating or marketing in the information security industry.

To see how much FUD is used as a crutch in our industry, you often need look no further than the vendor floor at RSA, the yearly mega-conference in San Francisco. RSA is notorious for firms using FUD-y pitches to get bodies into booths, and every year without fail egregious examples are lambasted on blogs and social media by security practitioners who’ve grown weary of this practice.

This highlights a key problem with relying on FUD in infosec communications: Much like using the oft-maligned “dark figure in a hoodie” stock image to represent an attacker, it signals that you don’t really understand or respect your audience. Whether your target audience is the C-level executive, a seasoned security pro, an entry-level practitioner, or all of the above, they know full well what’s at stake in their day-to-day—arguably much better than you do.

If they’re still in the field, they’re doing the work every day and see first-hand what kind of threats their organization must deal with, and they are grappling with tough challenges in balancing resources while trying to keep their organization secure. If they’re higher-level, they’re already incentivized to mitigate corporate risk while managing a tight budget. This industry doesn’t stand still, and anyone who takes their job seriously is constantly researching new defense tactics and strategies all while the ground beneath them constantly shifts, and attackers invent new tricks to infiltrate defenses.

As much as those of us who work to message or market to infosec would like to believe it, there is no silver bullet solution in security and your customers know this well. That’s why it’s incredibly patronizing to attract attention with something that boils down to: “Buy our solution, otherwise your organization will be breached and you’ll get fired.” Aside from being insulting it’s simply not true, so no wonder many in the industry don’t take kindly to this kind of messaging.

Security professionals are savvy media consumers, some of whom will not hesitate to publicly criticize vendors for reliance on FUD. Instead of trying to get attention by playing to industry fears, be an ally instead. Your prospects know quite well that there are evolving threats out there and gaps in their defenses, with attackers constantly devising new attack methods—you’re not telling them anything new by repeating that.

For more effective infosec communications, flip the FUD script: Instead of fear, uncertainty and doubt, emphasize confidence, certainty and empowerment.

— How can you empower your prospect and their teams, make their jobs easier, help them do more with few resources?

— What kind of certainty can you provide that they’re stopping threats more effectively, catching intrusions more quickly, investigating incidents more effectively?

— How can you give them more confidence in the job they’re doing, the data they’re gathering, the trends they’re reporting, the intelligence they’re using?

With this approach, you’ll find your prospects far more receptive and interested in learning what you provide and how it can help them combat the threats they face.

Maria Varmazis is a Boston-based content and social media strategy consultant and blogger. Connect with her on LinkedIn, say hello on Twitter, or drop by her website

Back to All
  • Thank you for your interest.

    To download from the Version 2.0 case studies library, please tell us a little bit about yourself. Upon completion, you will be directed to the case studies.
  • This field is for validation purposes and should be left unchanged.
  • Thank you for your interest.

    To view this video from the Version 2.0 highlights library, please tell us a little bit about yourself. Upon completion, you will be directed to the video.
  • This field is for validation purposes and should be left unchanged.
  • Thank you for your interest.

    To download from the Version 2.0 highlights library, please tell us a little bit about yourself. Upon completion, you will be directed to the highlight.
  • This field is for validation purposes and should be left unchanged.