With new breaches being revealed on an almost daily basis, cyber security is a red-hot topic. For cyber security professional services firm Coalfire Systems, this makes educating potential and current customers more important than ever.
Coalfire has 1,500+ customers in numerous vertical markets, including healthcare and retail, with a high concentration in high tech. We chatted with Patrick Kehoe, chief marketing and strategy officer, about the company’s marketing challenges and opportunities.
CM: What are the major hurdles when it comes to marketing cyber security services?
PK: On the one hand, you’d think it would be easy to market cyber security services but there are nuances and challenges. This is a very crowded and highly fragmented space. In other markets, much of the marketing happens with case studies. But few organizations are willing to share the approach they’re taking to secure because they want to protect their company against breaches.
CM: How do you get your voice heard in such an environment?
PK: Thought leadership is fundamental to our success. Many [B2B buying journeys] start today online, so search, content and thought syndication on digital avenues is a huge success for us. We are very keen to respond quickly when there is something happening in the market, and show not only what guidance we have in the organization but also tailor an ethical message to reinforce our thought leadership on the daily attacks that are happening, and educate stakeholders on what they need to know.
CM: How do you typically generate new leads?
PK: What we’re seeing is that in many organizations, management knows that they need to do something about cyber security, but they don’t know where to turn, so they’re deferring the selection to technical gurus to help them with problems. We want to enable technical people with insights and create awareness. We’re putting tools and resources into open source forums to [help people test] their vulnerability and create awareness. Another big piece is training—we’re trainers at the Black Hat USA conference, which is the biggest gathering of cyber security professionals. Positioning ourselves as trainers helps create demand.
CM: How long is your typical conversion process?
PK: We have a three to six month sales cycle, sometimes shorter if [a prospect] has had a breach. We use drip campaigns to feed information relevant to customers’ areas of interest, and have a lead scoring mechanism using Pardot and Salesforce. We will trigger an opportunity for sales follow-up if someone has engaged with us and have a tight filter on our lead process.
CM: Do most prospects often wait until they’ve had a breach to connect with you?
PK: No, most organizations reach out before a breach. Everyone is realizing that they need to get help. When an organization is starting out, the focus is on compliance—if they need to process credit cards, they nee to meet certain requirements with the credit card companies. In most cases, companies acknowledge that they need to address this issue.
CM: Once you have a customer, what sort of retention initiatives do you have in place?
PK: One of our main techniques is education. For example, a large software company pays us to hack into their software and find holes in their security posture. We also periodic newsletters to customers, and have open rates of 10 to 15 percent.
CM: How do you gauge the ROI of your marketing efforts?
PK: We have an end-to-end capability to understand where [leads] come from and track them through to sale. We report the revenue that a tactic is linked to—in B2B, it’s a multitouch model and we engage many times throughout the sales process. There’s a lot of preparation before people engage a sales rep.