Creating demand for your security analysis and insights is fundamental in turning the role of information security from a “bolt it on after the fact” approach and one where you are engaged more frequently and invited to a seat at the table much earlier.
Finding your ideal customer is a critical part of any business model, including the Business Model of Security. Instead of a taking the Field of Dreams approach (“Build it and they will come”), we advocate a customer or user-centered design method. Just as our shoemaker must create the styles and colors of shoes that his customers want, so should you create the products that your customers want.
We see this approach often taken with web-based software start-ups. They build a Minimum Viable Product (MVP) then release it to market in an attempt to further understand their customers as they use it. Tweaking the product to fit the needs of their customers as new releases are deployed.
This has the dual effect of increasing loyalty and retention, while ensuring that the product stays true to the core customer base. This approach is also cumulative in that the customers become raving fans of the service and generate more demand.
Only by deeply understanding who your end consumer of security information is, can you tailor your work product and deliver it in a fashion that will ensure its consumption and raises your role’s value to the enterprise.
Next to religion, no other human construct has the ability to alter individual and group behavior more than Marketing. From celebrity endorsements to billboards, marketing is driven by getting more potential customers (prospects) exposed to the product in the hope that they will feel an affinity for the lifestyle it promises to create or the problem it solves.
The next crucial step is to have a means by which those prospects can gain access to that solution or lifestyle, and this is the Sales side of the equation.
You absolutly must make it easy for your stakeholders to acquire your solution once they have determined their desire for it.