Ethics in Security Pledge
Pay-to-play awards. Endless fear-mongering. Unsolicited email spam. Aggressive cold calling of security leaders and practitioners who never shared their phone numbers with the company. Sponsored whitepapers that insist that the problem can only be solved in one way but fail to disclose who paid for the report.
Cybersecurity is full of conflicts of interest, and questionable, unethical, and sometimes - bluntly illegal marketing and sales practices. I have talked about many of these issues at length before. If we want the industry to evolve, if we want it to look different a decade from now, there is a lot we need to change.
Building a movement of ethical cybersecurity
We want to change the way cybersecurity looks by encouraging ethical marketing and sales practices in the industry. Ethics in Security Pledge is an easy way security vendors can publicly show their resolve to not engage in unethical, questionable behaviors.
We understand that changes are not inevitable - they happen because people want them to happen. Ethics in Security Change Ambassadors are CISOs, founders, security engineers, security analysts, aspiring founders, incident responders, marketers, bloggers, and others who care about the future of the industry and want to see it evolve. Change Ambassadors talk about the initiative on social media, and champion security companies doing marketing and sales in ethical ways.
Our vision: business of security doesn’t have to be disgusting
We are not naive: security companies need to make money, and the market is incredibly competitive. Simply building a great product is not nearly enough to build a successful company.
We know that enterprise sales, similar to B2B sales and consumer marketing, are hard. Differentiation is hard. Achieving the expected growth trajectory is hard.
Yet, we also believe companies can achieve growth without outright lies, aggressive cold calling, never-ending spam, fear-mongering, and pay to play awards and recognition. If it is possible in other areas of enterprise software, it must be doable in cybersecurity.
We started the Ethics in Security Pledge with a simple mission: to make the industry a bit better. We want to:
1) discourage bad marketing & sales behavior and unacceptable shortcuts that lead to the tragedy of commons in the industry
2) encourage good marketing & sales behaviors that help customers find solutions to their problems while enabling the security industry to evolve and grow
We believe that with enough support, we can all make the cybersecurity industry a better place.