A Cyber Dummy’s Guide to the Galaxy

They say good things come in threes. This is my third content and marketing gig working in tech, but this time it’s different. It’s cyber. Only cyber. Or to be more specific, cybersecurity. There’s no data engineering, JavaScript, manual testing, SQL or business analysis to fall back on. Just scary, unknown, cybersecurity

Everywhere I’ve worked until now, cyber has always been an afterthought. Nobody really got it. My best shot of viral content was grabbing the tech director for a coffee and writing down their “top 10 cyber threats this year.” I’d create a GIF, build a report, send an email, throw it out on social media and hope it landed. It landed. But there was a cyber void. Our competitors weren’t talking about cyber, so no one was. Right? *Insert Britain’s Got Talent X noise*. Wrong.
In fact, there’s a whole community of people writing about cyber. I now work for a publication which talks exclusively about it…But in a cool way. No, seriously.

From an outsider’s perspective, I had so many questions about the cyber industry. Can’t you just download a free anti-virus software and tick the worry of cyber risk off the list? Who manages cybersecurity in an organisation? Is everyone working in the industry techie? And what on earth is ransomware, why is everyone talking about it?

Cyber bootcamp

But that was then, and this is now. That old adage ‘in at the deep end’ came to fruition as soon as I landed at Assured Intelligence. In week one, I found myself navigating the infamous Infosecurity Europe event solo, braving the tightly-packed vendors with twenty-foot stands selling software and services. They humoured me on product basics, but it was apparent that nobody really wanted to speak to the marketing guy. They want decision-makers and techies. With a belly full of free beer and ice cream, I made a beeline for the conference talks where the learning really starts. Sessions on hidden threats, potential exposures, AI, and third-party risks fill the three days. The murky waters of jargon and acronyms washed over me, but trends and topics started to emerge. Everything was geared around threat prevention, protection and preparing for the “inevitable attack.” As one vendor told me, “It’s not if you get an attack, it’s a case of when.”

Week two on the job took me to pastures beyond London Docklands. I boarded a plane to Kaspersky’s data labs in Zurich, Switzerland, chosen for its neutrality, openness and non-political bias. It’s not quite the 49 weeks the Army get in Harrogate, but daunting nonetheless. “Data is the new gold,” was one of the messages drilled into me, explaining why Kaspersky are meticulous about data protection, treating it the same way you would money in a bank. Customers can access their physical data pods 24/7, but to do so requires a military operation past guarded gates and passport checkpoints. They back all the data up in a separate data centre should the original be compromised. The gravity and importance of cybersecurity started to dawn on me.

It’s got to be a business conversation. Otherwise, it becomes a ‘so what?’

After two weeks of cyber bootcamp, reading countless articles, and digesting Kaspersky’s “Victim Discovery report” by Yulia Novikova, the cyber basics are slowly starting to make sense. But it’s making sense because I’ve dedicated real time and effort to this education. I ponder how a busy CEO, responsible for the bottom line of a multi-million-pound business, is going to be able to dedicate the same attention to cyber and therefore truly understand the magnitude of cyber risk.

With this troublesome thought in the front of my mind, I spoke to David Emm, principal security engineer at Kaspersky, to understand how we can get CISOs and CEOs to speak the same language to understand the true extent of the risk.

“The worry is that it always ends up as a technical discussion,” Emm explained. “A lot of people working within cyber forget that a lot of people don’t know the technical jargon.” He hits a home run straight off the bat. We laugh about me mixing up MSP and MFA, but the point is poignant. The language used to articulate cyber risk needs to be language that any Board of directors can understand. How can business leaders be expected to make good cybersecurity decisions if they don’t understand the equation? “There is a real lack of understanding at Exec level, which is one of the blockers stopping it from becoming a mainstream problem.” This is one of the pillars upon which Assured Intelligence is founded upon: we exist to bridge the gaps between tech talk and real talk, the CEO and the CISO, and between the business and cybersecurity risk.

So what does base-level cybersecurity look like for businesses? Is it just anti-virus software as I naively thought? According to Emm, it’s not actually techie at all. “The human aspect of security runs through the whole threat landscape like the lettering in a stick of rock,” he says aptly. “The starting point of an attack is tricking someone to click on [a malicious link], or do something they know very little about.” You don’t need to turn your staff into techies, Emm adds, they just need a baseline understanding of what they should and shouldn’t do.

How is a marketer going to market cybersecurity…well?

The million-dollar question is, how can I take this newfound knowledge and apply it to raising cybersecurity awareness in the boardroom? Traditional marketing techniques would dictate that you rely on pain point awareness. In short, point out your target audience’s pain points, then convince them that your product is the solution to their current or future headaches.”

From an outsider’s perspective, the rhetoric around cybersecurity is hyper-focused on fearmongering and pain point marketing. Social media is littered with content about data breaches and increasing amounts of ransomware attacks. Insert the classic quote from almost any vendor at Infosec: “It’s not if you get an attack, it’s a case of when.” NEDs are being bombarded with fear, but it’s still resulting in a lack of action. “There is a real lack of understanding at executive level, which is one of the blocks stopping it from becoming a mainstream problem,” explains David Emm.

Well, Assured Intelligence is going against the grain. Project fear isn’t working. It’s time for project education. Enjoyable education, believe it or not. In his closing remarks, David Emm provided a thought-provoking one-liner which has stuck with me, influencing the marketing strategy for Assured Intelligence. “Get your mind into the issue and process cybersecurity systematically instead of projecting fear, where you could waste money defending from stuff you don’t know.”

As a member of the Assured Intelligence community you already know we’re in boardrooms, interviewing and educating business leaders on cybersecurity. Continue to follow us as we’ll be scaling this content in a big way. Too busy to read an interview? We’ll turn that into a podcast, so you can get your cyber fix on the commute. Not sure when articles are coming out? (it’s every Tuesday & Thursday by the way). We’ll give you editorially curated newsletters in your inbox monthly. And this is just the beginning…Stay tuned!

So, you’ve read this monologue and still want to get into cybersecurity?

Do it. Shave your head, cut the sleeves of your worn-out TM Lewin shirt, and join the cyber band. (The first two suggestions are entirely optional, of course!) The cyber community is going to keep growing, evolving and welcoming more outsiders into the fray. And if I do my job right, they’ll be greeted with diverse and thought-provoking conversation around cyber risk. Yes, the jargon isn’t totally avoidable (although we do a pretty good job of not pandering to it at Assured Intelligence), but you’ll meet a lot of passionate people all dedicated to protecting vulnerable businesses and individuals.

Oh, and once you pass the induction, if you see any Assured Intelligence stuff floating in the marketing galaxy, please give it a like…. My job depends on it.

Alex Kearney – Assured Intelligence’s newest recruit.