CMO Q&A: McAfee’s Cybersecurity Marketing Challenges

alison cerra cybersecurity
McAfee CMO Allison Cerra

One of the top concerns for all marketers in the digital age is cybersecurity. Chief Marketer recently chatted with McAfee CMO Allison Cerra about the challenges of promoting cybersecurity products, how she looks at marketing ROI, and the gender gap in the industry. Cerra, who joined McAfee in 2015 shortly before the brand was spun off from Intel, is the author of the new book, “The Cybersecurity Playbook: How Every Leader and Employee Can Contribute to a Culture of Security.”

CHIEF MARKETER: What’s the biggest challenge to marketing cybersecurity? Is education and content a big part of the equation?
CERRA: Yes. I think there’s a really strong appetite for cybersecurity. It’s a really strong market and it is growing. The challenge is not so much explaining why customers need cyberdefense. The challenge is more that there are 3,000 vendors on any given day that will offer some form of cybersecurity and the [market] is noisy and overwhelmingly complicated. Really trying to differentiate and distinguish yourself against thousands of competitors is where I think the challenge and opportunity is, rather than trying to create demand for the [product] itself.

CM: What are the main channels you use to connect with and engage customers?
CERRA: We have a diverse integrated marketing mix. We do a lot of digital, as you might imagine, but we also do a healthy percentage of trade shows, events and conferences to get our message out there. Then, we also do traditional things like dimensional mail, in a targeted way as part of ABM to break through clutter and compliment the digital sequence. We really try to exercise as many motors of the engine as we can to reach the customer throughout their buying journey.

CM: The cybersecurity space and the types of threats out there are constantly evolving. How do you communicate those changes to your audience?
CERRA: There are a lot of business line leaders who have a role in cybersecurity. Often, marketers might not even realize they have a role to play. Unfortunately, because cybersecurity is complex, most marketers are loathe to go talk to their information security officer and create a relationship, to understand how they can insert themselves [into the process]. Cybersecurity will never be the main part of their job, but it needs to be part of their remit, in a way that doesn’t overwhelm them but empowers them.

There are a few ways marketers can be part of cybersecurity, one of which is having a recovery plan. You need to get with the chief security officer (CSO) and understand [what is happening], because not all breaches are created equal. Maybe your data and systems might not be compromised, but your brand could be. What would you do? On the other end of the spectrum, what if personally identifiable  information is compromised? Now, what does your disaster recovery plan look like?


You May Also Enjoy:

CM: McAfee had a social media breach of its own a few years back. How did you cope with that situation?
CERRA: We had just spun out from Intel about two weeks earlier, and I got a text on Easter Sunday from our chief HR officer to go check our social media page on a prominent platform, because it was bad. I was confronted with a page completely defaced with the most inflammatory racist, sexist, homophobic derisions directed at just about every walk of life. The moments that followed were panic stricken, as we tried to figure out what to do.  We reached out to our CSO to make sure that our systems were good, even though this was a third party [site], to make sure a hacker hadn’t thrown this up as a smokescreen while they did real damage somewhere else. Our systems were fine, our intellectual property was fine, our personally identifiable data was fine.

Then, it was a matter of working with the social media provider, because we had been locked out administratively from our own account. We struggled for hours to get control back, to restore our social media page. In the aftermath, we learned several lessons. I and my team could have been much more on our game to be on the lookout for potential hackers. We should have a tighter relationship with the social media provider, we should have had [arrangements] in place for such an occurrence. We should have been more on top of this, and candidly, we weren’t. Every function—product development, marketing, HR—needs a playbook for when we find ourselves in the crosshairs of an adversary.

CM: Marketer didn’t need to have these types of skills in the past. How have the types of skills you and your team need changed?
CERRA: It used to be a one way street – you controlled the message, the channels, the feedback loop from customers. The entire marketing paradigm changed. Buyers started to change the way they communicated with brands, which made us change the profiles and skill sets we had as marketers. We couldn’t just rely on the broadcast channels any more. We had to co-own the brand with customers, realizing their voice mattered more than what we were trying to tell the market about our unique selling proposition.

Now, you’re starting to see that waterfall to other functions. Sales is starting to feel that and be disintermediated by digital channels. They saw it later than marketing, because we’re at the top of the funnel and they’re about closing it. Things have changed. The martech stack has changed and continues to change. We’re learning how to create this integrated sequence that has hundreds of touchpoints that you have to manage. This is a different completely set of challenges than what I encountered when I entered the workforce and marketing 20 years ago.

CM: Given all these changes, has it evolved how you think about ROI for marketing?
CERRA: Absolutely. There are certain functions of marketing that you can clearly measure—demand gen is the easiest one. But I would also argue that there are many measures that have nothing to do with ROI. When we’re doing brand building, it would be impossible for me to prove ROI for basic awareness generating campaigns. I could try, but I would be surprised if a smart CFO didn’t call me on whether those campaigns drove awareness versus a whole other host of conditions that you have no control over in the marketplace. So it becomes about how you measure awareness consideration and how you look at that over time, to figure out where mindshare is changing.

CM: Beyond marketing, is staffing an issue in the cybersecurity industry? Is there a gender gap?
CERRA: It is a huge issue. Cybersecurity is a unique industry in many ways. It is the only industry that I’ve ever worked in that has a zero unemployment rate. There is a global talent shortage that will persist for the foreseeable future. The gender gap is pervasive. It is 85, 90 percent male. There are very few females in cybersecurity, and there are similar issues with minorities. We need all hands on deck. We need to stop the unconscious bias questions not only in this but other industries. We need more people from other industries to come into the ranks, because there are not enough bodies to fill positions. We need to make sure that we are gender and minority neutral, to make sure that people with skill sets that are transferrable into the pipeline.