Cybersecurity is an epic, ongoing battle in which the good guys are companies and consumers trying to be safe, and the bad guys are the evil hackers, criminals, and nation-state spies. The good guys are led into battle by Chief Information Security Officers (CISOs) and their teams.
To stay ahead of the bad guys, companies are always looking for the next great idea, the next product or the next strategy to stave off their attackers. Vendors are the troops who rush in to fill the gaps in companies’ abilities to defend themselves. This results in many well-funded cybersecurity companies providing tons of products to defeat their clients’ enemies. Consequently, CISOs are overwhelmed from the bombardment of sound-alike vendor marketing and sales pitches – a cacophony of noise that often leads them to shut down and shut out vendors.
Too many vendors make the same generic claims, such as “We’re better,” “We stop more,” or “We’re the cure-all that will let you win.” There must be a better way!
Storytelling to the Rescue
Today’s smart vendors have determined how to break through the clutter, rise above the noise and get attention. These include FireEye, McAfee’s Skyhigh Networks, Israeli startup Vulcan Cyber, identity verification leader Jumio, and others. They use a not-so-secret storytelling approach that’s been around for several decades and is known as The Hero’s Journey.
First articulated by Joseph Campbell in his 1949 bestseller, The Hero With 1000 Faces, and adopted by great storytellers from Disney to Lucas to Speilberg, The Hero’s Journey is as timeless as it is captivating and compelling. When applied to cybersecurity marketing, The Hero’s Journey casts the CISO and his team as the hero, and the vendors’ product as the magic element that staves off the enemy and transforms the CISO’s company to a safer, protected place.
The FireEye story provides a great example. In 2009, FireEye was a small, innovative startup with disruptive technology, a unique approach and a handful of thrilled customers. At the time, the network security market had two distinct segments: firewalls and intrusion prevention systems (IPS). The FireEye team considered positioning itself as “next generation IPS.” But the idea raised three concerns. First, the market was shrinking and most of the revenue was in renewals, not new purchases. Second, the category was at risk of being subsumed by the firewall market, as firewall vendors were starting to integrate IPS capabilities into their firewall. These reasons alone argued against this strategy, but the third reason was by far the most compelling and became the launching point for FireEye’s success.
IPS was designed in the late 1990s and early 2000s to protect against existing network security threats. The primary mode of protection was the use of signatures. However, there was a nascent and growing belief – shared by FireEye’s early customers – that signatures no longer protected organizations from new types of malware-driven threats.
Based on this, and after some primary market research for both discovery and validation, FireEye came up with this high-level story for its new positioning:
The world has changed. Today’s modern malware uses techniques and approaches that are far more sophisticated than anyone may realize. We have exposed this threat for what it is, and those responsible for network security need to address it head-on.
If you depend on today’s network security solutions made up of firewalls, web gateways and IPSs, which depend on signatures and other old techniques to protect you against this modern malware, the malware will evade your protection and you will be at an unacceptable risk of breach and loss.
What if you had a modern, malware protection solution that did not use signatures at all, but used a virtual detection engine, unique in the world, that was able to stop these modern threats by detecting them in action, while protecting you from breach and loss?
At the RSA Conference in April 2009, FireEye launched its “Modern Malware Exposed” go-to-market messaging and initiative. This launch catalyzed a new, billion-dollar-plus market segment that eventually became known as Next Generation Threat Protection, with FireEye heading the charge.
Too many vendors think of their product as the hero – Wrong! The customer is the hero. Your product, however, is the magic ingredient in the customer’s journey. With this positioning, your product stands out like the magical power of King Arthur’s sword or Bilbo Baggin’s precious ring. It becomes the engine of transformation and gain. That’s what it’s all about!
Use this formula to tell your company’s own Hero’s Journey story:
Act 1: Our hero, the customer, is living in a new reality. They may not fully realize it, but their world has changed. In the first part of the story, the hero is jolted from a state of normality into a new reality.
Act 2: The hero faces seemingly insurmountable challenges in this new world. The hero sinks into the depths of despair.
Act 3: The hero is granted a magical power (your revolutionary product), giving them a sure solution to the menacing challenge.
Act 4: The hero returns home and transforms the situation with the magical power that has been granted.
Cybersecurity companies that tell this story well are noticed and win in the crowded market. Then they become magical because they’re so much more meaningful than the noise and clutter from the competition. Hard to believe? Just ask FireEye (multi-billion-dollar IPO), SkyHigh (acquired for nearly $1 billion) and others.
Tell the story that makes your customer the hero. It’s market leadership magic!