Perhaps I should explain.

Each year, members of our security sector make the pilgrimage to San Fran for the RSA Conference, the world’s largest security event.  We go to stay on top of the latest trends in IT and physical security, spend some quality time with our network of vendors, experts and media, and of course help ensure that our clients get the most out of this unique gathering of the security community.  This year, we were also invited to deliver a session titled “Security PR: Best Practices for Brand Differentiation,” and we had the honor of presenting two SC Magazine Awards at the industry’s version of Oscar night.

Overall, registration numbers at RSA 09 were down about 14% from last year, said those “in the know,” but the majority of vendors with whom I talked said that the quality of attendee was actually up, presumably because the boondogglers had been weeded out, so the people visiting booths did so because they truly wanted to learn/buy, and not because they wanted an excuse to attend the Codebreakers Bash or win brownie points with The Man.

That said, there was a fair amount of the “vendors talking to vendors” phenomenon, but that’s the case with most shows, and RSA has been trending that way for years.  My take is that as long as you know that going in, and as long as you understand that you need to have a presence at RSA if you sell security,  you’ll be fine.  Focus on making the most of the show, interact with as many reporters/analysts as possible, and do your best to either secure a speaking slot or actively participate as a member of the audience in panel and P2P sessions.

So with that as a backdrop, let me bring this all back to the title of this post…

Comparatively speaking, the security market is doing extremely well.  According to financial analysts and industry analysts in a few different sessions in the “Business of Security” track (a great idea, btw), the security sector is outperforming the rest of the technology market quite handily.   There are two main factors driving the sector’s growth and accounting for its success:

1. The threat environment – the volume of attacks continues to escalate, with organized criminals launching attacks for profit and nation-state attacks growing in intensity and sophistication (think US Electric Grid and the JSF breach).  The security products/services vendor community is the only thing standing in the way of these attacks and your data, so it’s fair to say that security threats are fueling the success of the security sector.
2. Compliance – government- and industry-mandated regulations continue to drive a big chunk of security spending as well.  Since deregulation took it on the chin over the past several months, it’s safe to assume that compliance-related spending isn’t going anywhere soon.

So while it smarts of schadenfreude, I suppose in a twisted way the security sector should be grateful for all those data breaches we’ve seen over the past several years, eh?

But despite the good news of security’s relative strength, the “arms-race” nature of the security sector – vendors trying to keep pace with the threat environment – creates a whole bunch of PR challenges.

In my session on PR best practices for the security sector, a great group of participants joined me in exploring a few of those challenges and discussing ways to overcome them.  Truth be told, I had pages of challenges and best practices to get through, but we had such a good discussion that we only had time for a couple.  In the interest of keeping this post somewhat brief, I’ll give you a taste of one issue that we talked about for about 30 minutes since virtually everyone in security has had to deal with it at one time or another:

The Challenge:

- Customer references: security customers are notoriously reticent to share their secret sauce with the world and risk exposing themselves to additional attack

Potential Solutions:

- Generate a short list of target customers, reflecting what you see as a realistic outcome, i.e. top-tier media reference, email commentary to reporters only, bylined article authors etc.  Then devise an action plan, potentially consisting of one or several of the following tactics, to make the desired outcome a reality:

• Train the sales team, but forge your own relationships with customers
• Provide customers a PR 101, simply because a lack of education is holding back many who  think they have to reveal technical details
• Demonstrate the value of participating to the individual customer, appealing to their career advancement goals, promotion of their project/company etc
• Provide ROI estimates (at Text we refer to this as PROI)
• Maintain ongoing, regular interaction/dialogue with all reference candidates
• Showcase/market successful instances of customer references in articles, whether through framed articles, Website highlights, handwritten notes, etc.
• Reward references, potentially with contractual considerations

What’s worked for your organization or your client?  What’d you think of this year’s RSA Conference?  What’s your favorite color?  I’d love to hear your thoughts.

PS – if you want to hear more about the PR best practices session, shoot me a note at stevec@text100.com

As Tom Foremski kindly pointed out this morning, it’s amazing how much has changed in our industry and in our business since our founder Mark Adams took a very young (and not quite-so-media-trained) Bill Gates on his first European press tour back in 1982.

We still had a parachute club as a client back then, and had only just vacated our first office next to the Black Lion pub in Chiswick, West London. And now here we are with 525 staff, 31 offices and some of the coolest clients on the planet. How did we manage it all in just 25 years?

Thanks again for joining the celebration with us. Here’s to the next twenty-five!

David McCulloch

Technorati Tags: Bill Gates, Text 100