Brand Statements Tell Your InfoSec Story

Thursday, January 17, 2013

Steven Fox, CISSP, QSA


Listening to bad brand statements is like sitting through a bad movie or comedy skit. Well, not quite, since you can leave the theater in those cases without feeling too guilty. Yes, I am among those who stand politely as a vendor tries to sell me something without bothering to determine what I actually care about. At least I get to learn about bad brand stories!

Thankfully, there are projects that either blazed bold avenues of market penetration or made subtle yet fundamental changes to the way things are done. These stories featured common themes of conquered challenges, customers satisfied, and a unifying purpose discovered and pursued passionately.

What made these brands so different? Their impact started with simple, relevant stories that connected with the needs of others and expressed a bold promise for a brighter future. A great branding statement is a story in miniature that promises to address your customer’s needs.

According to Seth Godin, “Stories communicate a message, its context, the actors and actions influenced by the message, and the resolution of a conflict that compels us to hear its ending.” Conflict is the thread that holds a story together, because this state elicits a sense of interest and attention. Consider both classic and contemporary stories with which you are familiar; they all feature a conflict that the hero fights to resolve. It is in the struggle and resolution that we find the purpose of the story.

Crafting the Brand Statement

Given our earlier definition of a brand statement, its composition must reflect elements of story telling. Below are three elements critical to an effective brand statement.

1. Effective brand statements target a specific audience.

As I mentioned in the first installment of this series, understanding the needs of your target customer is crucial to telling a story in which they are the hero. No, this is not a typo – the customer must be the hero of your story. This seems simple on the surface, but people tend to focus on their own accomplishments rather than their contribution to the success of others. For example, one of my branding clients is a security consultancy who focused on their cutting edge tools, highly experienced consultants, and numerous expressions of their work ethic. Unfortunately, stories illustrating their client success stories were few and buried below content that focused on the wrong things. To borrow from journalistic parlance, they had buried the lead message of the service.

This company shifted their branding focus to their clients. This allowed the company to differentiate themselves through the results to which they contributed and the relationships they forged.

2. Effective brand statements are consistent and authentic.

How does your security team see itself in the context of the organization? While the team culture will differentiate it from other functional groups, the team should be connected with its customer through a common mission. Unfortunately, the relationship between security and business professionals can become dysfunctional.

A common refrain in these situations involves contempt from both sides. This friction informs a brand that it is inconsistent with the higher business mission. For example, the former IT security manager of a financial firm employed duplicity, political intrigue and deceit in order to position himself to take over the role of IT Director. The negative impact on internal and external team dynamics was reflected in the team’s branding. The result was a lack of trust that did not resolve itself until a year after this manager was replaced.

3. Effective brand statements make bold promises.

Every brand contains the promise of something better than the customer experiences currently. Given the way we perceive the status quo, this promise must be bold in order to get our attention. This persuades us be part of the journey to that new world. Interestingly, these promises focus on the fundamental purpose of their mission, not the incidentals of how that mission is accomplished. Consider the branding statement of Ford Motor Company, “Ford Motor Company is focused on creating a strong business that builds great products that contribute to a better world.”

Ford Motor Company contributes to a better world? This is a bold promise that touches on the purpose of their work and invites us to be a part of it. Notice that their product line is absent from this statement – their products and services are only an expression of a driving principle that informs their decisions.

Is this true of your branding statement?

Putting the elements together

One of my clients serves as an advisor to multiple project teams in the public sector. Their mission is to validate that initiatives satisfy compliance requirements securely. Unfortunately, their customer relationship had been tainted by interactions where security was expressed to be more important than business needs. This quickly framed the advisory group as being out of touch with business priorities and to be consulted only when necessary. Conversely, the customers were viewed increasingly as being ignorant of the threats associated with their initiatives and dismissive of security recommendations.

Realizing that all their customers wanted was to capitalize on opportunities, I recommended that this be the theme of the new brand. The advisor function would be reframed within this context but remain consistent with their mission. Lastly, the promise of the team had to be expressed boldly. The end product was, “Our advisory services allow our customers to transform risks into opportunities.” Like Ford, the team focused on the promise of a new state of affairs rather than how it gets there.

Despite all our work, it is our customer that determines how our brand is perceived. The last installment in this series will examine how the security team can influence this position. Until then, stay tuned to @McAfeeBusiness for tips on branding the security function.

Cross-posted from the McAfee Security Connected blog 

Possibly Related Articles:
Enterprise Security
Service Provider
Marketing Infosec vendors
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.