Special announcement: Ethics in Security Pledge
Announcing the Ethics in Security Pledge to encourage ethical marketing and sales behaviors in cybersecurity.
Pay-to-play awards. Endless fear-mongering. Buying attendee lists of large conferences and spamming thousands of emails at once with unsolicited emails. Aggressive cold calling of security leaders and practitioners who never shared their phone numbers with the company. Sponsored whitepapers that insist that the problem can only be solved in one way but fail to disclose who paid for the report.
Cybersecurity is full of conflicts of interest, and questionable, unethical, and sometimes - bluntly illegal marketing and sales practices. I have talked about many of these issues at length before. If we want the industry to evolve, if we want it to look different a decade from now, there is a lot we need to change.
Building a movement of ethical cybersecurity
Today, we are announcing the Ethics in Security Pledge.
We want to change the way cybersecurity looks by encouraging ethical marketing and sales practices in the industry. Ethics in Security Pledge is an easy way security vendors can publicly show their resolve to not engage in unethical, questionable behaviors.
We understand that changes are not inevitable - they happen because people want them to happen. Ethics in Security Change Ambassadors are CISOs, founders, security engineers, security analysts, aspiring founders, incident responders, marketers, bloggers, and others who care about the future of the industry and want to see it evolve. Change Ambassadors talk about the initiative on social media, and champion security companies doing marketing and sales in ethical ways.
Our vision: business of security doesn’t have to be disgusting
We are not naive: security companies need to make money, and the market is incredibly competitive. Simply building a great product is not nearly enough to build a successful company.
We know that enterprise sales, similar to B2B sales and consumer marketing, are hard. Differentiation is hard. Achieving the expected growth trajectory is hard.
Yet, we also believe companies can achieve growth without outright lies, aggressive cold calling, never-ending spam, fear-mongering, and pay to play awards and recognition. If it is possible in other areas of enterprise software, it must be doable in cybersecurity.
We started the Ethics in Security Pledge with a simple mission: to make the industry a bit better. We want to:
1) discourage bad marketing & sales behavior and unacceptable shortcuts that lead to the tragedy of commons in the industry
2) encourage good marketing & sales behaviors that help customers find solutions to their problems while enabling the security industry to evolve and grow
We believe that with enough support, we can all make the cybersecurity industry a better place.
I applaud the idea, which is kinda required since I was involved in writing the first code of ethics for journalists back in 1974, but I have my doubts that it will be effective no matter how many people sign up for it. The practices you mention as abhorrent are common to ALL marketing programs, not just in security. Moreover, the people that create our technology, if they belong to the IEEE or any other professional organization have ethics codes that the companies they work for have been violating for 30 years.
Wouldn't mind getting you on a podcast about the issue.
Love this Ross! Many of us know about the icky nature of cybersecurity sales and try to avoid that same thing when we eventually become sales people at some point. I've been fortunate enough to meet some excellent sales folks and lucky enough to have the courage to be transparent with my clients on any potential conflicts of interest. Before it was sales folks using FUD, now the water is a lot more muddier.