Five Ways Security Marketing Teams Can Make A CISO’s Job Easier
In 2022, Gartner predicted that by 2025 70% of CEOs will mandate a culture of organizational resilience to endure cybercrime. That prediction, plus the White House re-classifying ransomware as a national security threat in 2023, reveals that having robust cybersecurity processes, policies, and solutions — and therefore, good security marketing — are more critical than ever to not only staying ahead of threats but also keeping up with the times.
Who here is leading the charge? Chief Information Security Officers (CISOs). They have a wealth of knowledge on the latest technical and business needs. Their expertise, insight into the technical sides of the business, and way of closing the gap between techies and stakeholders make them invaluable to marketers aiming to write technical content that security practitioners actually want to read.
But here’s the difficult truth: CISOs are already overwhelmed with their laundry list of duties. Often the last priority on their plate is making time for a 30-minute or longer interview with the marketing team.
So, when do CISOs feel inclined to prioritize time for writers and marketers in their organization? When they trust you’ll take their insights and use them wisely to help the business.
Here are five strategies you can leverage to win CISOs over and make their jobs (and their lives) a little bit easier:
Sign up for Dear Wattson, our weekly newsletter, where all content conundrums are answered!
1. Understand What They Care About
This might seem obvious, but we’re putting it here because it needs to be said. Coming to CISOs with at least a foundational knowledge of their concerns is critical. You wouldn’t ask the President of the United States to recite the pledge of allegiance if you only had 30 minutes with them, so why should security marketing teams effectively do the same with CISOs?
Plus, according to a 2022 survey by Heidrick & Struggles, 60% of CISOs identify role-related stress, and 53% of CISOs identify burnout as a major personal risk. Asking super high-level questions during the little free time CISOs have will only contribute to their stress, and it will make you one of their least favorite people to talk to (which means you can say goodbye to future requests for content). So, security marketers must come up with specific, thoughtful questions for the sake of both your content and CISO.
One key way to stay up to speed with CISOs is to read what they read and listen to what they listen to. Here are some reliable resources to start with:
- The U.S. Chief Information Officers Council’s CISO Handbook: If you’re really starting from scratch (AKA still flip-flopping between pronouncing it “See-So” and “Siss-So”), this federal guide is a great place to start. It gets down to the nitty-gritty of basic job expectations for CISOs and how their role plays into national cybersecurity concerns. You’ll also get a brief overview of cybersecurity frameworks that most, if not all, CISOs should be familiar with, like NIST.
- CSO: This popular security blog covers the latest news and trends that are top of mind for CISOs navigating the current digital landscape. Find info on anything from CISA funding to Gitpod flaws (and other CVEs) to the federal device TikTok ban.
- CISO Series Podcasts: If you’re in a pinch and don’t have the time to buckle down and do some reason, there are tons of podcasts from CISO Series that you can tune into on-demand. These podcasts cover various topics, including the hottest debates in cybersecurity, navigating relationships between CISOs and security vendors, and balancing technical endeavors with business needs.
2. Get To Know Them As People
They may seem superhuman, but CISOs are people too, which means each CISO is unique. While a 2022 Marlin Hawk survey found that 84% of CISOs majored in computer science, no one person’s pathway to becoming a CISO is identical.
Before you jump into sending email invites for interviews, you should:
- Do a bit of (healthy) LinkedIn stalking: This is especially great for educational and vocational background information. Do a little digging into their alma mater, where they’ve worked in the past, who they’ve consulted for, and who their mentors were.
- Connect on media: Does the CISO you know love Marvel? Ask them who their favorite Avenger is. Maybe they’re a big console gamer. See if they’ve checked out God of War yet. Investigating personal interests is also a great way of developing a creative angle for the content you create with CISOs.
- Share hobbies: Never judge a book by its cover. The CISO you just met could be a masterful crochet artist. As it turns out, you are too. Talk about it. No information you learn is useless information. A talented writer could translate those hobbies into a cybersecurity metaphor that helps your content cut through the noise.
Trust us; your CISO friends will appreciate this. Those light-hearted conversations can help CISOs avoid feeling like a piece of meat feeding a content farm. Make them start feeling like someone you not only respect but also a person you enjoy being around.
That helps alleviate some of the daily pressures of their job, build trust, and — most importantly — shows respect for their limited time.
3. Interview Other Security Practitioners (Not Just CISOs)
This might sound counterintuitive. How are you building a trusting relationship with CISOs by not talking to them? It all comes back to getting prepared before your chat and coming in with the right knowledge. Security marketing professionals can learn from other experts, not just CISOs.
So who else should security marketing professionals be chatting up? You can start expanding your list of go-to contacts by looking for:
- Information Security Analysts
- Security Architects
- Cybersecurity Program Managers
- Cybersecurity Engineers
The most helpful of these folks usually share a few characteristics, like:
- A background in cybersecurity or computer science
- A wealth of hands-on, practical experience with common cybersecurity challenges
- A hunger for pursuing cybersecurity certifications, like CCISO, CISM, and CISSP
Plus, relying on these folks can provide you with a solid alternative if the CISO is not available — which is, unfortunately, often the case. That way, your pipelines don’t have to slow down, and you can diversify the knowledge you’re pulling from to make outstanding content.
Building relationships with other subject matter experts can also help bridge a relationship to the CISO. If you’re a CISO, who are you going to trust more: the team you’ve never heard of that keeps spamming your inbox or the marketers who have chatted with other security professionals under your purview? And who knows, maybe those security analysts and architects you talked to will become CISOs themselves in four or five years.
***
You might also like:
Tech Marketing Leader Profile: Brian Gladstein, SVP of Marketing
***
4. Respect Their Time and Energy — And Always Say Thank You
Remember how 60% of CISOs identify work-related stress as a major challenge? Much of that comes down to feeling underappreciated for and overwhelmed by their intensive list of duties. In fact, excessive burnout amongst CISOs has led to a high turnover rate. According to The Enterprisers Project, the average tenure of a CISO is about 18 months. That means content teams have only a year and a half to:
- Learn who their CISOs are and what they care about
- Show CISOs the value of working closely with marketing teams
- Build trust and close the gap between the marketing and technical sides of the business
Ultimately, whether or not a CISO stays on board for the long haul comes down to factors outside of content makers’ control. What can security marketing teams do to help combat the CISO fatigue epidemic? Say thank you — that one small act can go a long way. Some other steps security marketers can take to wrangle in wayward CISOs include:
- Being considerate of their schedule: If Friday afternoon meetings are your pet peeve, chances are they also bother your CISO. When carving out time to mine CISOs for insights, consider how your interview fits into the rest of their day. Don’t just assume any blocks of open time work for them — ask them their preferences.
- Getting used to the “no”: There will come a time when a CISO, as much as they may want to help you, will have to decline your invite. Don’t take it personally, and don’t hold any grudges for this. This is the perfect chance to investigate and lean on those other types of SMEs we talked about earlier.
- Being vocal about your appreciation: Did your CISO just lead a really cool webinar on an innovative cybersecurity practice? Let them know you watched it. Maybe they just published a guest article in a popular security magazine. Reshare the article and tag them on LinkedIn. These little acts of recognition can add up to making your CISO feel like both a valued and respected leader in your organization and let them know you’re paying attention.
5. Aim to Produce Helpful Content — And Remember, CISOs Hate Marketing For A Reason
At the risk of sounding like a broken record, we’ll emphasize again how important it is for CISOs to see your content teams as an invaluable resource. What will make you stand out from the crowd in a sea of digital content about the threat landscape, big breaches, and malicious attacks? Serving up something completely different.
There’s a reason that CISOs typically cringe when they look at marketing. It’s because sometimes we marketers can tend to be a little indulgent. What’s most valuable to CISOs isn’t the flashiest, most creative content. It’s the content that can give them real, practical tips on how to solve real, practical problems.
That’s why it’s critical for security marketers to develop content that strongly benefits security leaders without expecting anything in return. Experiment with creating industry-agnostic, leadership-focused content such as:
- Interviews with other CISOs
- Tips for working with lean teams
- Best practices for securing cybersecurity budget
Here’s another golden resource for CISOs: case studies. They’re short, to the point, and chock full of numbers and results — all ideal qualities for CISOs looking to push new strategies or initiatives with key decision-makers. And the more you can illustrate risk (the crown jewel of a CISO’s argument), the better.
It All Comes Down To Respect
CISOs are a great resource for your next blog, eBook, or whitepaper. But security marketers can also be an excellent resource for them if you prioritize creating content relevant to their unique goals and needs, learn about their background and what matters to them first, and — above all else — respect their limited time.
Living by these five methods will set your security marketers apart — and quickly turn your CISOs from a hard-to-reach SME into your greatest ally. Believe us, the CISOs you know will thank you for it.
So its up to you to create the next ground round of cybersecurity content for your organization. Need some tips on where to start? Contact us today to learn more about our content services.