Community marketing for security companies

Security people can smell a campaign from across the room, and then they leave. The companies that win their attention do the opposite of marketing at them. They show up in the community, they contribute, and they earn a place in it first. That’s exactly what I help security companies do.

Why normal marketing fails in security

Security buyers are professionally skeptical. It’s their actual job not to be fooled, so they distrust anything pointed straight at them. A booth, a gated whitepaper, a cold email sequence: none of that builds trust with people who spend their whole day spotting manipulation. In this market you earn trust in the community. You don’t buy it in a campaign. The longer argument is in stop doing marketing like everyone else.

What I actually do

I help you build a real presence in the community you’re trying to reach. The events, the conversations, the contributions that get security people recognising your name for the right reasons. That means a strategy grounded in how the community actually works, content practitioners respect instead of skip, and a way of showing up that leads with contribution rather than a pitch.

Who it is for

Security companies that need the community to trust them, whether you’re after customers who’ll buy from you or the talent you’re trying to hire. If your buyers and your future hires are the same skeptical security crowd, and in this field they usually are, this is built for them. The talent side has its own page: community employer branding.

Why it works

Because it’s the only thing that reliably does. Community is slower than a campaign, and it compounds. A name the community trusts opens doors no amount of paid reach ever will, and it keeps opening them long after a campaign would have run out. Earn that trust, and you effectively take your competition out of the room.

See all my community marketing services.

Frequently asked questions

What is community marketing in infosec?

It is earning a genuine place in the security community you want to reach, through presence, contribution, and trust, instead of running campaigns aimed at it. In a market this skeptical, it is what actually moves buyers and candidates.

Why do security buyers ignore normal marketing?

Because their job is to not be fooled. They have seen every tactic and they distrust anything pointed at them. Trust in security is built in the community, not bought with reach.

Is this for customer acquisition or for hiring?

Both. The security people you want as customers and the ones you want to hire are the same crowd, and a strong community reputation serves both at once.

What do you actually deliver?

A community strategy grounded in how the security world really works, content practitioners respect, and a contribution-first presence in the places your audience already spends its time.

No cookies here

Notice there’s no cookie banner here.
That’s intentional and the site is still GDPR-compliant. I chose to avoid cookies and stick to basic, privacy-friendly stats.
My analytics are cookieless: self-hosted Plausible (EU) and PostHog in cookieless mode, with your IP anonymized. No cross-site tracking, nothing that identifies you.
The one cookie I can set does the opposite of every other cookie: it tells my stats to ignore you completely, and you only get it if you ask.

Everybody wins.