Cybersecurity marketing is a mess, and it's hurting everyone

A dive into everything that's wrong with cybersecurity marketing, and how we can fix it.

Before we dive in, a bit of context.

I come from a technical background in cybersecurity: consulting, red teaming, that sort of thing. I also come from a marketing background, specifically in the music and entertainment industry. Four years ago, I decided to combine those two worlds and started a marketing agency that only works with cybersecurity vendors and service providers.

Since then, I’ve worked with a huge range of cybersecurity orgs: solo consultants, scrappy startups, publicly listed vendors, and a couple of Fortune 100 giants. And if there’s one insight that’s consistent across the board, it’s this:

Cybersecurity marketing is a mess.

I don’t say that to be negative. I say it because it’s true, and the first step to fixing any problem is calling it out for what it is. So here it is: all the reasons why cybersecurity marketing is broken, and what needs to change.

The Best Offerings Have the Worst Marketing

There are a ton of technically underwhelming vendors out there who are printing money. Why? Because they know how to market themselves.

At the same time, I see brilliant cybersecurity products and services built by passionate, highly skilled engineers quietly sinking into obscurity because nobody ever hears about them.

This leads to four types of companies:

  1. Great marketing, weak product → Getting rich, but at the world’s expense.
  2. Great product, weak marketing → Solving real problems... for no one.
  3. Bad at both → Dead in the water.
  4. Great at both → Rare, respected, and successful.

If you're building good things but not investing in marketing, you’re letting inferior offerings dominate the conversation, and that’s a net loss for the entire industry. The world needs your solution, but you’ve gotta give people a reason to notice it.

Marketing People Aren’t Cybersecurity People

This is the core of the problem.

Most marketers didn’t grow up port scanning telcos or hacking their school’s Wi-Fi. They’ve never been called in at 2am to respond to a ransomware attack. They haven’t slogged through a billion SIEM alerts trying to work out why Bruce from HR was exfiltrating docx files to a server in Shenzhen over the weekend.

They’re not bad at their jobs, quite the opposite. Most of them are great at marketing. But they lack context.

When marketers don’t deeply understand the tech, they can’t tell the story properly. The best sales copy evokes emotion, but not just generic FOMO. It’s the deep, specific kind.

Too Much Focus on "Decision Makers"

If you want to feel popular, just put “CISO” in your LinkedIn title. You’ll be flooded with DMs from appointment setters promising magical time-saving, breach-stopping, budget-boosting software.

Here’s the thing: yes, CISOs are often the ones who sign contracts. But they don’t operate in a vacuum. They rely heavily on the opinions of their technical teams. And those technical teams don’t care about your buzzword salad landing page. In my experience - CISOs are also getting more technical as time goes on.

Stop spamming execs and start earning trust. Publish genuinely useful content. Get known in the community. When you become the vendor that practitioners admire, trust from the top comes naturally.

A Game of Corporate Telephone

In many orgs, the marketing team isn’t even allowed to speak directly with customers. Instead, they get filtered summaries from sales, customer success, and product teams, each with their own agenda. Then they turn those summaries into ad copy or blog posts, often without fully understanding what they're writing about.

It’s like playing Telephone. Only the message gets mangled by people with competing KPIs, and the final version is published for thousands of prospects to see. No wonder the messaging feels cringey!

"You Don’t Need to Understand the Product to Market It"

This mindset is surprisingly common, especially in large orgs.

You don’t need to know how XDR works to optimize a paid ads funnel. You don’t need to understand SAML to create a webinar landing page.

But if you want to create messaging that resonates, content that educates, or campaigns that convert, yes, you do need to understand the damn product. And the audience. And the problem you’re solving.

That takes time, effort, and often, support from the company. Sadly, most marketers are expected to stay in their lane. I’ve seen folks leading cybersecurity content production who had to pay out of pocket for certifications or technical training. And by the end of the training they want to quit marketing and work in tech!

Outsourcing the Problem

To save time, many large orgs outsource content and creative to agencies that also don’t have any cybersecurity experience.

What do you get? Generic, keyword-stuffed fluff articles and cringey social media posts that clearly weren’t written by anyone who’s ever touched a terminal.

The in-house team, overwhelmed and understaffed, rubber-stamps it because it checks a box. Another “good enough” campaign goes live. Another opportunity to connect with your audience wasted.

Demo Desperation

My last gripe is the obsession with short-term numbers.

Instead of nurturing trust, building community, and educating their market, companies just crank out campaigns aimed at driving demos now. Even if the person isn’t ready. Even if they barely understand what the product does.

So what you get is this:

“Hi CISO, we can save you $1M in breach costs and reduce alert fatigue by 83%. Book a demo?”

It’s the marketing equivalent of proposing marriage on the first date. It doesn't work, and if it does, you've landed yourself in some serious trouble.

Final Thoughts

Cybersecurity marketing doesn’t need more automation tools, or AI-generated blog posts, or SDRs sending cold DMs at scale. It needs empathy, context, and credibility.

It needs marketers who understand the product, the pain points, and the people they’re talking to.

It needs security companies to stop treating marketing as a checkbox and start treating it as a critical component of product success.

And most of all it needs builders with great products to stop hiding in the shadows.

The world doesn’t just need a solution. It needs your solution. But we can’t buy what we don’t understand, and we won’t trust what we’ve never heard of.

So please — do the world a favour.

Tell your story.

Also... hire HackerContent. We are marketers who deeply understand cybersecurity.