In my career, I’ve observed with horror security dismissed as “those techies in the basement” and something for projects to work around. The policing image that’s so prevalent of us constantly makes me cringe, and I hate nothing more at a party than when people ask what I do and hear their immediate response as “Oh, you’re the one who deals with viruses and worms." Ugh! (Note to self: find a more glamorous title to talk about at parties.)
Happily this image slowly but surely is going away as security moves onward and upward in organizations. And what if we, as security professionals, can do our bit in changing this image within the organizations that we serve? What if we actually wake up and start running security as a business? And what business runs successfully without marketing of its products and communication skills?
Look at our security vendors – they work very hard to define and create their product and services and to sell them to us. And all other things being equal, we generally prefer to do business with people that we get along with and who provide us with great service. We cannot dismiss the importance of strong communications.
So why do we shy away from words such as marketing and communications in security? Why are there so few (if any) “security communications managers” in internal security teams? As I discuss in my report, there are methodologies that can be used to create effective and inclusive communications and marketing activities – we just need to start. The marketing of security is a journey – not a miracle.