Organizations around the globe are struggling to overcome the challenge of the cybersecurity workforce shortage, and filling this gap has become a top priority as cyberthreats continue to grow. Overcoming this challenge can be addressed by applying different marketing strategies to strengthen the cybersecurity practice from within the organization, whether the practice refers to a team, a department or a program. Cybersecurity teams can leverage basic marketing principles not only to attract the right talent to join their cybersecurity team but also to educate the whole organization and strengthen it from within.
Branding and Identity
How do employees perceive your cybersecurity practice? Do they associate it with risk, policies and fear or with innovation, dedication and fun? Does it look like an attractive place to work? To build branding and identity, it can be beneficial to:
- Establish a unique brand for your cybersecurity practice by associating it with a logo, slogan and even personas to convey the true aspects of your practice.
- Associate your practice with high-tech, glamorous and professional words such as "defense" and “guardians" rather than the traditional "compliance" and "protection."
Value Proposition
In a marketing context, a value proposition is a statement that clearly identifies what benefits a stakeholder will receive from an offer. You can leverage value proposition to:
- Highlight the potential growth in the domain considering the high demand and current workforce shortage in cybersecurity.
- Communicate your cybersecurity training calendar across the organization, demonstrating the professional certifications and accreditations you are offering.
- Demonstrate how exciting and challenging the domain is; conduct organization-wise hackathons, ideathons and Capture the Flag events.
Promotions
Promote your cybersecurity practice using different channels to increase overall awareness (e.g., emails, blogs, stickers, posters, videos, workshops), and celebrate your success by illustrating how your cybersecurity practice is contributing to overall organizational objectives. Some examples include:
- Start a poster-based campaign showing monthly achievements such as the number of distributed denial-of-service (DDoS) attacks prevented, spam emails filtered or phishing campaigns stopped.
- Publish a use-case comparison of how peer or competitor organizations were impacted by attacks already avoided by your team.
- Enable, promote and reward employees from other departments to champion security awareness and act as cyberambassadors within their functional units.
Feedback and Communication
Providing feedback and communication within your cybersecurity team and throughout the entire organization is crucial. Some examples for communicating include:
- Leverage the organization’s internal communication channels to enable employees to reach out to your team and provide feedback, observations and suggestions.
- Ensure recommendations and ideas are acted on and promote visibility to ensure continuous feedback.
- Reward employees for their suggestions, improvement ideas and good security behaviors.
Social Responsibility
Demonstrate your accountability toward employees and their families’ safety, security and well-being. Some examples of doing this include:
- Conduct security awareness trainings and sessions for employees’ families. Topics such as “Safe and Secure Internet for Children” and “Securing Hom e Wi-Fi” are good examples.
- Provide employees with free (or discounted) antivirus solutions that can be used to protect personal devices.
Conclusion
Marketing principles and tactics can be useful for any security practice when employees are treated as valued customers to achieve a higher awareness level across the organization. This can help attract talented non-security-focused employees to join your team in a time where there is a global shortage of such potential cybersecurity talents.
Editor’s note: For further insights and examples on this topic, read Abdelelah Alzaghloul’s recent Journal article, “Tips for Strengthening Organizations from Within, The Tom Hanks Way,” ISACA Journal, volume 1, 2021.
Don't forget—Members can earn free CPE from ISACA Journal quizzes!