Standing out in the consultancy world: Q&A with Sam Erdheim, VP Marketing at GuidePoint Security

Shaped By business director Dave Corlett sat down for a chat with Sam Erdheim, VP of marketing at GuidePoint Security to get the scoop on how you tackle this problem. Sam has been in the marketing game for 25 years and currently works in the very interesting niche of cybersecurity consultancy.

GuidePoint Security is a consultancy-based business, but you’ve been on the software vendor side too. Are there any discernible differences in how you drive brand awareness at those two types of firms?

A vendor might do a handful of things pretty well. But their expertise is going be limited to those things. Ok, they might have people on their staff who can speak more broadly. But from a brand awareness perspective, they obviously want to focus on things that are relevant to their business.

At GuidePoint Security, we sell services and products across every cybersecurity discipline but we can’t go to market on everything on cyber. That’s too pie in the sky. We need to have some focus. So on a quarterly basis, we pick different themes or topics that we really want to focus on. And then the next quarter we’ll pick different ones.

Interesting. And what’s the overarching brand message that you’re looking to convey through all that activity?

Our brand is based on our expertise. That’s what we want people to think of when they hear our name, or someone needs help with something.

That’s reflected in our talent, first. We’re hiring some of the best of the best across different disciplines. We have more generalist experts, but then we also have experts with different products. Disciplines like cloud security or application security. So we’ve made a lot of investment there.

On top of expertise, it’s also trust. We’re not incentivized to sell one product over another. We are agnostic from a product perspective. Our sales folks, our account executives are looking at the customer. What do they need? What’s the best fit for them? It’s a relationship-based approach.

In three customer testimonials that we have on our website, the customers said that GuidePoint Security is like family. I have never heard that in 24 years of marketing. I think that has to do with our approach. Understanding the challenges and the pressures that these folks are dealing with on a day-to-day basis, and trying to help them get solutions that provide the best outcomes.

Thought leadership is something you’ve been heavily involved in throughout your career. To what extent do you have to develop a unique point of view as a thought leader? Or is it more important for firms to simply align themselves with the most pertinent issues, even if everyone else is as well?

That’s a really good question. I think it’s a little bit of both. Obviously, if you have a unique perspective, that’s a way to differentiate. But you want that unique perspective to be sensible and logical. You don’t want to just say controversial things to be controversial. It’s got to be credible.

Also if you’re going to say something that is maybe a little unique, you want data points to back that. That’s not always the easiest thing.

There are so many thought leaders out there. It’s hard to have an opinion that’s totally different, yet not crazy or weird. So what I’ve tried to do throughout my career in security, and especially at GuidePoint since we have so many experts across different areas, is really try to highlight our expertise.

So if a new application vulnerability came out, do we have someone who can provide commentary on the vulnerability itself, and more importantly, what’s the process that should be implemented to minimize such a vulnerability from happening to begin with?

I’m just using application security as one example here. But you want to have your thought leaders provide expertise around not just the information on the threat or the vulnerability or whatever. But also, what are things organizations can do to mitigate that risk?

That’s our brand at GuidePoint. We want to come across as being caring, informative, and educational. Those are the reasons why someone would work with us, as opposed to going to a product vendor.

And on a similar note, cyber brands often wind up looking quite similar to each other. Is a distinct brand identity actually important in cybersecurity? Or are there other more effective ways to differentiate?

To look different and sound different is really hard. You go to any conference, and sometimes like there might be two vendors who don’t even do the same thing, but their message on the booth sounds the same.

You don’t want a brand that is trying to be so different that it doesn’t even resonate that you’re a cybersecurity company. And imagery as well…there’s only so many things you can do to differentiate, especially when you’re talking about thousands of vendors.

So for me, it really comes down to what is your message and what does it mean? What is your company all about, and how are you helping people solve whatever that problem is? Not that the other things aren’t important, but it’s really hard to be someone who’s totally unique and different and not feel like it’s off the wall.

So you won’t fit into a space. You don’t want to create your own space. But you really want to have a message that is clear as to what differentiates “why you?” versus someone else.

What are the key issues facing security leaders right now?

People don’t have the expertise to help them navigate what is a very complex, not only threat landscape but solution and vendor landscape.

I’ve seen tons of charts that analysts put out with, you know, 10 or 20 different categories of cyber and then tons of subcategories. So if you’re a CISO or a VP of Security, how do you research and figure out what you actually need versus don’t need?

And once you get that figured out, which are the right vendors and solutions to do bake-offs with and research before you actually can even get to implementation? That’s a process which takes time and a big investment.

Another one is that every time there’s a new solution, an attacker finds another way in. So you’re always in this battle of catch-up. So you have to change the game in terms of trying to actually get ahead. Make sure you have good hygiene, but then also try to look ahead to what might hit and might be relevant to you going forward. Not just – okay, we’re gonna leave everything as is until something hits, and then we’ve got to react to it. Really changing the culture and the mindset.

And from your perspective, what are the main challenges that cybersecurity marketing leaders are grappling with at the moment?

There’s a LOT of noise in the market. A lot of confusion, and a lot of vendors and terms that all sound the same. This vendor sounds like that vendor…do they do the same thing, or do they do something different?

My take is to try and be as straightforward and credible as possible. Don’t make claims that you can’t back up. In cybersecurity, credibility is supremely important. So if you lose that, you can’t really recover.

How do you stand out in such a confusing, convoluted market? Well, do you have a clear message of what you’re doing, who it’s for, and how it helps? I’ve been at lots of companies that are very feature and functionality-focused. Which is great, but that’s not the first thing. At the end of the day, if you’re going to answer the phone or read an email, it’s because something resonates. “Okay, I’ve got this problem and this is going to help me.” If you can’t answer that in 10 seconds, you’ve lost someone’s attention. Gone.

So I think that’s probably the biggest challenge.

Follow Sam on LinkedIn here, and find out how GuidePoint helps clients with expertise, tailored solutions and services to help make better cybersecurity decisions here.