GregoryFCA blog: Stop sucking your thumb and start getting your people in the media 

Ever wonder why some cyber security firms are constantly in the news? Do they offer a better solution? Know more than their competition? Do the heavy-lifting research that differentiates and substantiates their spokespeople in the minds of the media? Could be.

Or it could be that your spokespeople simply aren’t savvy enough to win media interest. In cyber security, expertise means a lot. But so does the ability to deliver powerful and memorable sound bites on breaking or trending news while empathizing with the interviewer to give the media what it wants (without a sales pitch!).

The process begins with carefully selecting your spokesperson and then educating and grooming them to deliver a message that simultaneously entices coverage while still reflecting favorably on the reputation and expertise of your company.

Start with the audience. Are you shooting for general business media or the technical, vertical media? If you’re looking for coverage in the New York Times or on CNN, then you want a spokesperson who can speak at a 30,000-foot level about how an attack or topic impacts a business, family, or person.

The trades? Well, they want someone who can get into the weeds and explain the precise technical shortcomings or trap doors that a hacker or fraudster is exploiting.

Who in your organization could speak to one or both sides of the coin? Make the call and then train them to understand: 

1. Media coverage is not about sales or lead gen. Rather, it’s about leveraging third-party credibility to establish thought leadership. Great spokespeople know how to quickly size up the direction of an interview and give the reporter new insights or understandings, information they can’t get elsewhere to propel their stories forward and get them filed and into print.

2. Reporters and producers want interviewees who understand the media rules of engagement. A great interview is a bit like jujitsu. A reporter comes at you from a position or angle. You need to be ready to take the barrage or use the momentum to deflect and disarm. It’s a learned skill, and one that will never be mastered without preparation and training.

3. Media interviews don’t waste time, they leverage it. Thought leaders lead by sharing and engaging with a community. There’s no more powerful way to share and engage than in leveraging the reach and credibility of the media. Building a media presence doesn’t take away from a thought leader’s job. Rather it advances it, along with the goals and objectives of their employer.

4. Charisma counts and it can be learned. Not by our spokespeople, you say? They are too nerdy, too techie. Ironically, there’s nothing wrong with getting your tech on if you’re speaking to the right audience and understand some of the rules of engagement espoused here. A 23-year old nerdy ex-hacker often conveys more authenticity than some slick, paid corporate spokesperson. The key is to harness that nerd-dom and put it work educating and engaging with the media in a real and compelling manner.

5. Sound bites matter. It’s not spin. It’s not hyperbole. The media love short, pitchy sound bites that they can use to convey meaning in a few words instead of paragraphs. “It’s ridiculous that 140 million Americans had their data stolen because a single person failed to install a patch.” You get the point. Develop those sound bites for your spokespeople before each interview and you will dramatically increase the impact of your media coverage.

Some people are naturals at speaking to the media. Most aren’t. But it is a skill your spokespeople can learn and practice before they ever talk to a reporter. The PRCoach website has a bunch of clips illustrating common interview mistakes, and has other helpful resources too. And this document lists the mistakes spokespersons make with consumer media, such as not staying on topic or losing control over the interview, or taking too long to make your point and not speaking in sound bites.

Use these five points as the backbone of their training as you shape them into go-to media sources. And maybe you can develop your own version of such security rockstars as Troy Hunt, Tavis Ormandy (who is from Google), Cris Neckar of Divergent Security and Chris Vickery that are often breaking news and being quoted by the security trade press.

FIR B2B podcast #92: TechTarget CMO John Steinert on the science of ‘intent marketing’

John Steinert joined TechTarget as CMO two years ago after a decades-long career in B2B technology at companies that included Pitney Bowes and SAP. So why join a tech publisher? Steinert actually doesn’t see TechTarget as a publisher, and in this recent piece he explained why he was so excited about the opportunity: product, purpose, people and potential. In this interview we discuss the differences between publishing and content marketing, how intent marketing can help provide insights into impending technology purchase decisions and how marketers can make their content more effective and targeted. 

TechTarget’s not-so-secret weapon is its lead generation and tracking mechanisms, which permit the company to see exactly what kinds of content is crucial for their visitors. Steinert describes what data is collected — with visitors’ permissions of course — and how it can be used by their advertisers and sponsors. He also distinguishes between visitors who are just looking to snack on information versus binge consumers, who are likely closer to purchase.

This all makes a difference in what kind of content is created and how keywords are chosen to bring in the right visitors. “You have to have strong SEO, people have to find your stuff and it has to be cross-linked and judged popular and valuable,” he says 

TechTarget’s distinction has always been its portfolio of microsites focused on technologies products or categories — such as But you’d be hard-pressed to find the names of those sites on the company’s home page today. That’s deliberate. Far from being a publisher, TechTarget is today a data company.

Incidentally, both Paul and myself have had a long connection with TechTarget: Paul was the company’s sixth employee and I have been a regular freelancer for numerous websites of theirs.

There is a lot of wisdom in what Steinert says, and he is worth a careful listen to our 25 min. podcast here.

FIR B2B podcast #91: All About Influencer Marketing with Marshall Kirkpatrick

Marshall Kirkpatrick leads influencer marketing at Sprinklr.  He and I worked together at ReadWrite long ago, and he subsequently started Little Bird, an influncer marketing platform that was acquired by Sprinklr in 2016. Since then, he has helped augment the combined platforms for the enterprise.

Marshall has been active in understanding how social media influence is acquired and measured for more than a decade, and likes to talk about this pyramid, in which influence is just one of several steps toward providing real insights into how a brand is understood in various media forms. While our discussion on this podcast is mostly about Twitter and measuring its influence and effects on marketing B2B brands, we also talk about how to find people within an organization that are more inclined to tell your story.

One key data point is to look at when someone started using social media networks: the earlier they did, the more potentially influential that person could be. It isn’t just about counting raw numbers of followers, Marshall says; an influencer has to be picky about who they follow. There are ways to suss this out. Social media is more about finding quality than quantity. 

You can listen to Paul Gillin and I talk about this here.

When to think about a cyber security do-over

This is a piece that I co-authored with Greg Matusky and Mike Lizun of Gregory FCA. 

Imagine you’re on the precipice of greatness, some victory that will define you or your enterprise for eternity. Something important, game-changing, like going public, executing a merger, or something even bigger, like winning your first ever Super Bowl after 50 years of frustration.

And then it’s all lost. Stolen in the dark of night by someone who hacks your system and steals the secret sauce. Maybe it’s your IP or some market advantage. Or maybe it was simply the plays you plan to call that now will be used against your organization. ​

A lot of football fans, players, and coaches believe that is exactly what happened in 2005 when the New England Patriots beat the Philadelphia Eagles in Super Bowl XXXIX.

Even during that game, Philadelphia coaches knew something was amiss and tried to change set play calls. Every time the Eagles’ defensive coach blitzed, Tom Brady knew it and made a quick outlet pass. Two years later, the Patriots were fined $250,000 and draft picks for getting caught videotaping and the stealing the play calls from the New York Jets. A U.S. senator opened an investigation and found New England had been wrongly videotaping and stealing opponent play calls since 2000.

This year, after the Eagles beat New England, there’s been a lot of scuttlebutt about secret security measures the Eagles deployed to thwart any and all intrusions. One story holds that Philadelphia ran a fake practice the Saturday before the game, running plays and using a play call system they had no intention of using. Whether it happened or not, you gotta believe the Eagles weren’t going to be robbed again. Something did work. New England didn’t have a clue as to what the Eagles were doing on offense. They didn’t know about their calls and the result was Philadelphia putting up 538 total yards of offense.

Not every business gets to have a do-over like the Eagles. And in most cases, when it comes to cyber security and data breaches, hindsight is always 20-20. As an example, look at this recent Ponemon survey of 1,200 IT professionals. It found that the majority of them aren’t satisfied with cyber threat sharing tools in terms of timeliness, accuracy, and the poor quality of actionable information. Some of this has to do with a johnny-come-lately realization that threat intel could have been used to prevent a previous attack. Even UK-based telecom provider BT is now sharing its threat intel with its competitors, to try to stem attackers. So maybe the tide is changing.

There are lots of other cybersec lessons that could be learned from the latest Super Bowl matchup and what organizations can do when they get a second chance at defending their networks. They involve the role that revenge can play in motivating ex-employees, deliberate attempts to confuse attackers, and using specific traps to flush out intruders and confuse adversaries.

First, let’s look at revenge attacks.

These happen when insiders or former insiders get motivated by something that they experienced, and want to take out their frustration on their former employer.

The classic insider revenge scenario dates back to 1999, when Vitek Boden was applying for a job for the Maroochy county sewer district in Australia. He was a contractor for the district and the county decided not to hire him. To seek revenge, he caused thousands of gallons of raw sewage to be dumped into the local waterways, using a series of radio commands. He was eventually caught by a police officer with various RF equipment. What is important to note is that Boden had all this insider knowledge, yet never worked for the agency that he attacked. He was able to disguise his actions and avoid immediate detection by the agency IT department, which never had any security policies or procedures in place for disgruntled employees.

Ofer Amitai, the CEO of Portnox, has a more modern revenge tale. One of his customers is a big food company that didn’t pay attention to who was connected to its WiFi network. It had one employee who was fired, and came back to the vicinity of the plant with his own laptop. He changed temperatures on the refrigerators and destroyed hundreds of thousands of dollars of merchandize in revenge.

From these two examples, you can see it pays to be careful, even if a former employee never steps foot on your property or even if you never hired your potential attacker. Certainly, you should better screen insiders to prevent data leaks or willful destruction. And businesses should always monitor their wireless networks, especially as it is simple for an intruder to connect a rogue access point to your network and access data through it.

What about ways to obfuscate attackers?

Like in the Super Bowl, teams are now more careful about how they call plays during the game and practice times. Teams now use an array of sideline ruses to confuse prying eyes, everything from placards with pictures of Homer Simpson to using as many as three decoy sideline play callers.

That’s not too dissimilar to planting special “honeynets” on networks. Typically, they consist of a web server and a stripped-down operating system with tracking software that registers when a hacker tries to compromise the system. These servers don’t contain any actual data, but appear to be a target to a potential attacker and can trap them into revealing their location, sources, or methods that can help network defenders strengthen their security. Honeynets have been around for more than a decade and have an active development community to make them more life-like to confound attackers.

“There will always be timely weaknesses during such events that hackers can exploit,” says Dudu Mimran, the CTO of Telekom Innovation Laboratories in Israel. “Public events such as the Super Bowl present an opportunity because many people will be using digital devices and posting pictures and opening emails around the event. Defenders need to understand the expected sequence of actions around these events and create pinpoint defenses and guidelines to reduce the expected risks. There needs to be a series of layered defenses coupled with user education and better awareness too.”

Good luck with your own do-overs.

FIR B2B #90: Learn the secrets of social media marketing from London’s top-rated restaurant today!

A social media firestorm has erupted over a fake restaurant that briefly became London’s top-rated eatery on TripAdvisor. But the restaurant never actually existed. This video explains how the Shed at Dulwich rose to the top of more than 18,000 restaurants over a seven-month extended campaign. While Paul Gillin and I don’t condone fakery, we commend journalist Oobah Butler (shown here), who pulled off the stunt, for using good social media marketing tactics to make it work.

There are lessons here for B2B marketers about how to use social media and appropriate word-of-mouth marketing to promote their own legit brands and products. In short, take the long view and frame your message from the start, sticking to key talking points and repeating them to reviewers who might be inclined to review your products and services. You should also concentrate on the most appropriate social networks to match your market; the Shed used Instagram and a series of carefully prepared food photos, since that is what resonates on that network. Butler understood the value of a good photo in his promotion, and that the look of the plate can be more important than the actual ingredients, which in many professional food photos is often inedible.

The Shed never cheated anyone, and the prank wasn’t intended to steal money. It was intended to show up TripAdvisor, and it succeeded masterfully. Butler did end up serving a meal to a few select folks, but didn’t charge them. He had a certain graceful charm that is appealing. The experiment demonstrates the value of knowing your market and being trendy but not going over the top. It also shows why having some fun with your social media accounts doesn’t hurt. You can listen to our 11 min. podcast here.

FIR B2B Podcast #89: Fake Followers and Real Influence

The New York Times last week published the results of a fascinating research project entitled The Follower Factory, that describes how firms charge to add followers, retweets, likes and other social interactions to social media profiles. While we aren’t surprised at the report, it highlights why B2B marketers shouldn’t shortcut the process of understanding the substance of an influencer’s following when making decisions about whom to engage. The Times report identifies numerous celebrities from entertainment, business, politics, sports and other areas who have inflated their follower numbers for as little as one cent per follower. In most cases, the fake followers are empty accounts without any influence or copies of legitimate accounts with subtle tweaks that mask their illegitimacy.

The topic isn’t a new one for either of us. Paul wrote a book on the topic more than ten years ago. Real social media influencers get that way through an organic growth in their popularity, because they have something to say and because people respond to them over time. There is no quick fix for providing value.

Twitter is a popular subject for analysis because it’s so transparent: Anyone can investigate follower quality and root out fake accounts or bots by clicking on the number of followers in an influencer’s profile. Other academic researchers have begun to use Twitter for their own social science research, and a new book by UCLA professor Zachary Steinert-Threkeld called Twitter as Data is a useful place for marketers who know a little bit of code to assemble their own inquiries. (The online version of the book is presently free from the publisher for a limited time.) David has written more about his book on his blog here

Paul and David review some of their time-tested techniques to growing your social media following organically, and note the ongoing value of blogs as a tool for legitimate influencers to build their followings.

You can listen to our 16 min. podcast here:

Researching the Twitter data feed

A new book by UCLA professor Zachary Steinert-Threkeld called Twitter as Data is available online free for a limited time, and I recommend you download a copy now. While written mainly for academic social scientists and other researchers, it has a great utility in other situations.

Zachary has been working with analyzing Twitter data streams for several years, and basically taught himself how to program enough code in Python and R to be dangerous. The book assumes a novice programmer, and provides the code samples you need to get started with your own analysis.

Why Twitter? Mainly because it is so transparent. Anyone can figure out who follows whom, and easily drill down to immediately see who are these followers, and how often they actually use Twitter themselves. Most Twitter users by default have open accounts, and want people to engage them in public. Contrast that with Facebook, where the situation is the exact opposite and thus much harder to access.

To make matters easier, Twitter data comes packaged in three different APIs, streaming, search and REST. The streaming API provides data in near-real-time and is the best way to get data on what is currently trending in different parts of the world. The downside is that you could be picking a particularly dull moment in time when nothing much is happening. The streaming API is limited to just one percent of all tweets: you can filter and focus on a particular collection, such as all tweets from one country, but still you only get one percent.That works out to about five million tweets daily.

Many researchers run multiple queries so they can collect more data, and several have published interesting data sets that are available to the public. And there is this map that shows patterns of communication across the globe over an entire day.

The REST API has limits on how often you can collect and how far back in time you can go, but isn’t limited to the real-time feed.

Interesting things happen when you go deep into the data. Zachary first started with his Twitter analysis, he found for example a large body of basketball-related tweets from Cameroon, and upon further analysis linked them to a popular basketball player (Joel Embiid) who was from that country and lot of hometown fans across the ocean. He also found lots of tweets from the Philippines in Tagalog were being miscataloged as an unknown language. When countries censor Twitter, that shows up in the real-time feed too. Now that he is an experienced Twitter researcher, he focuses his study on smaller Twitterati: studying the celebrities or those with massive Twitter audiences isn’t really very useful. The smaller collections are more focused and easier to spot trends.

So take a look at Zachary’s book and see what insights you can gain into your particular markets and customers. It won’t cost you much money and could payoff in terms of valuable information.



The best way to get more social media influence is to grow your own

The NY Times published the results of a fascinating research project a few days ago. Entitled The Follower Factory, it describes a firm that gets paid to add followers to your Twitter, Facebook and other social media accounts. Shocking, right? What is interesting and new about this report is how far a scam artist will go to replicate real users data profiles, such as their face, background images, user name (with homographic substitutions to make it harder to distinguish from the original account owner), and biographic data to make the purchased followers seem more legit. Many celebrities – or would-be ones anyway – have bought massive follower lists in the attempt to boost their own brand. It doesn’t work, and most of these efforts ultimately fail.

The NYT piece goes into detail, showing how different automated bots can be used to create seemingly human Twitter accounts. While most of them aren’t worth the electrons that are consumed, there are some useful Twitter bots such as those that can detect emergency situations or track other newsworthy events. The piece also describes a dissatisfied employee from the original scammers who left to start his own venture, copying his former employer’s tactics. On the Internet, no one knows how low you can go.

Real social media influencers get that way through an organic growth in their popularity, because they have something to say and people respond to that over time. There is no quick fix for providing value. If you buy a bunch of followers, the “real” followers will go elsewhere. If you try to game the system, ultimately the folks who are just creating solid content will show these con artists up.

Sadly, this is nothing new. My podcasting partner Paul Gillin wrote about this more than six years ago about the flaws in Klout scores, which was a darling back then. But the link between people who spent a lot of time massaging their Klout data and higher scores troubled him then, and still does. There are more recent metrics to try to measure social media influence, but they are just as flawed. Let’s try to forget that we can distill influence into a single metric, and instead look at what the best influencers are trying to do. Interestingly, Gillin wrote a book on the topic more than ten years ago.

Marshall Kirkpatrick also long ago wrote a blog post about ways to add value in online communications. They are still relevant today:

  1. Be first. If you can be the first place someone sees some valuable information, people will notice.
  2. Say it best. If you communicate more clearly, effectively, or insightfully about a topic of general interest, that’s a big value add.
  3. Bring multiple perspectives together.
  4. Have a unique perspective.
  5. Be funny.

Notice what is different about this list? Everything you can do here doesn’t cost money, but it does take time and you need talented people who aren’t just cutting-and-pasting from across the Interwebs. Too bad that message isn’t clear, years after the web and social media first became popular.

FIR B2B Podcast #88: The Decline of Trust and New Twists on End-of-Year Research

This week, Paul Gillin and I examine the results of the 2018 Edelman Trust Barometer, which shows a remarkable drop in the overall trust from the public. Some alarming results from the annual survey:

  • Sixty-three percent of respondents say they do not know how to tell good journalism from rumor or falsehoods or if a piece of news was produced by a respected media organization.
  • Chinese citizens trust their government more than U.S. citizens trust theirs. 
  • Technology remains the most trusted industry sector of them all, with a trust rating of 75% (whew).
  • CEOs are becoming more trusted sources and are increasingly being asked to address public policy issues.
  • One-quarter of respondents said they read no media at all because it is too upsetting. 

In the second part of our discussion, we look at some examples of annual trends/reports in the security field that I have been studying for this post. For example, Kaspersky’s “story of the year” was about the rise of ransomware, and this set of predictions from ServiceNow are short and sweet, which is a nice break from the norm. Watchguard has been posting a series of predictions to its blog using short videos. All are noteworthy. We suggest B2B marketers review these tactics and see if they can apply to their own media relations efforts.

You can listen to our 17 min. podcast here:

FIR B2B podcast #87: A LinkedIn Exec’s 2018 Sales and Marketing Predictions

We spoke to Justin Shriber, Vice President of Marketing for LinkedIn Sales and Marketing Solutions, to start off the new year. He put together a series of predictions for the year ahead, and in this discussion he explains them and the role that LinkedIn will play in advancing B2B sales and marketing in 2018.

Smart, quanitative driven marketers will still be in high demand, but the pendulum will start to swing back toward marketers that have a qualitative eye for good stories.

— Brands will re-evaluate the platforms on which they post their content, favoring those that have gone on record saying that user trust is a priority for them. Brands want platforms that give them control over affiliations and customer IDs, where they show up, and the audiences to which they’re exposed.

Sales will be the new awareness marketing channel. Sales used to be the direct connection to prospects, but we will see sellers start to build awareness through direct advocacy programs.

Marketing will gather more intelligence around the reach employees have on the sales side. There will be formal processes that make it possible for employees to easily decide what shareable content speaks to them so they can maintain their own individuality while also benefiting the company. 

LinkedIn Sales Navigator will play an increasing role in this unification of marketing and sales efforts. 

Sales and marketing alignment will continue to improve. Organizations need to engage both sales and marketing in a concerted way from awareness through conversion, rather than having marketing take the front end and sales the back end.

Listen to our 21 minute podcast here.