Issue: Attackers are Living Off the Land by using native tools within business systems- and many companies can’t detect them. Attackers are increasingly Living Off the Land (LOL) by manipulating legitimate credentials, tools, data, and…Read More
For this edition of the Forgepoint Field Guide, we caught up with Carolyn Crandall, former CMO and Chief Security Advocate at Attivo Networks. Over a 7-year journey, Carolyn spearheaded marketing efforts from the creation of “deception” and “identity threat detection and response” (ITDR) as a product categories all the way through to Attivo’s recent acquisition by SentinelOne. Prior to Attivo, Carolyn had over three decades of experience leading GTM initiatives and scaling enterprise infrastructure companies including Cisco, Juniper, Nimble Storage, Riverbed, and Seagate. She is now the CMO and Chief Security Advocate at Cymulate, and remains active in our community as a member of the Forgepoint Advisory Council.
Carolyn, thank you for sharing your perspectives in our Field Guide for founders leading early-stage startups.
Congratulations on all your career success, most recently with Attivo Networks! It’s such a challenge to break in with a new product category, especially for a startup. How did you think about category creation and capturing attention from your target market?
When we were just starting out, there wasn’t a category for what Attivo did. The closest thing was “honeypots” which actually brought some baggage since people thought they already knew what those were and often discredited them. We had to establish a new definition into the market around “cyber deception” or “distributed deception platforms”. Nobody was discussing the merits of these topics, and so we needed build awareness so people could learn about our category and get into analyst research so that they would help validate it. Educating the analysts – especially groups like Gartner that are constantly talking to end-customers – was very important for us. Anyone attempting to create a new category will need to rally the market around what it is and why it matters. It definitely takes more energy and creativity than releasing a next gen better, faster firewall.
As an innovator, you can do one of two things – you can let the world set the narrative or you can set the narrative. We chose to set the narrative, to define the category and then demonstrate our leadership within that category. Any company trying to disrupt what has been done before needs to get out there and help people understand what they’re offering and why it matters – all the added benefits and capabilities. As you are doing this, it’s also important to put hooks in so that you can position your company as the leader. This can also be useful for the when prospects think about their needs, and you have established a checklist of requirements that includes certain things that only you do. If the customer says, “I need these five things and Attivo Networks is the only company that has all five things,” you can get to the top of their vendor consideration list or even avoid them talking to anybody else.
You mentioned PR as being a key part of category creation and brand awareness. How do you find the right PR partner to help?
There are so many different PR agencies out there, so I like to ask these five questions:
- How well do they know the space? Especially for a technical market, it’s going to be really hard if they don’t already have the credibility and contacts in the space and are trying to break in. Some of my favorite qualifying questions are “How will you invent or reinvent the market for us?”, “Can you give me an example of a pitch that you gave and what success looked like?”
- What is more important to you – technical press or business press? Both are important, though your needs will likely shift over time. If the only thing that matters to your company is business press, then you should pick a partner who has effectively leveraged those relationships. Though keep in mind that business press doesn’t typically talk about technology and if you are trying to educate the market, getting traction with technical press may take precedence. Asking for a media list with ratings on their relationships with the journalist can also be insightful.
- Does the PR firm have an established program that caters to your specific needs? For example, do you want more than press releases and briefing people, e.g. is there a rapid response or byline program behind it? What about blog and social media support? Each of those things could be weighted differently, but it’s good to understand what it is that you want. It is also important to understand how you will measure success for your programs.
- What is your chemistry with the team and how equipped are they to deliver? Chemistry is a big thing because they are an extension of your team, and they need to be aligned with the style of your company. You will get out of the relationship what you put into it. For example, if you think, “Great, we’ve signed you – go do something for us!”, you’ll likely be disappointed with the results. Conversely, if you have ongoing regular communications and engagement, your agency will also spur new ideas or angles for a pitch.
- And finally, ask your prospective PR partner how they will communicate with you: How will they track coverage? Share of voice? Industry and competitive news? Briefings? Rapid response? Social media engagement? Brand sentiment? Awards? Bylines? And more… How often do you need them to report and do you need board reporting?
Marketing works best when you’re creating leads and generating demand that drives sales. What are some success factors that you think about when it comes to sales alignment?
From my experience, this comes down to driving a successful account-based marketing (ABM) experience in two ways:
One is top-down. The sales team gives you a list and says, “These are the customers I want to get into right now.” There you can do very targeted ABM programs around key prospects, but that’s going to involve sales telling you who they are and continuing to refine the list while driving very customized and specialized experiences.
Now with Attivo we could have very easily taken the Fortune 500 or 1000 as our list. But that would have disregarded many companies that became early adopters of our product because they had pain points they needed to solve more urgently.
So, then you need ABM from the bottoms-up. That’s where you start to look at who’s surfing the Internet for keywords, who’s looking for your competitors, and who’s coming to the website. You need to prioritize and look at the patterns – who has the most propensity to buy and should be the first you engage. As funny as it may sound, you can overwhelm a sales team with too many qualified leads, because it can be very challenging to know where to focus first.
Let’s say your campaign prompts an influx of leads but you don’t have a plan for what to do with them. You won’t get a lot of results in the end. You really need to build out a program for the end-to-end experience – optimizing what happens before, during, and after an event or activity:
- Before: You want to keep a consistent number of leads flowing into the pipeline. Think of this as a waterfall where you need a steady flow to keep the river flowing. Here you will want to work with sales to make sure you are targeting the right companies and buyer personas. Does the event have the right targets attending? Have you selected the right people to target and meet with? Did you send pre-event invitations or correspondence to targets? Did you create a plan to maximize engagement with prospects at the event? Is your event messaging clear and relevant? If I put my hand over your logo, would it be clear who you are and why your company is different? Are your sales development reps prepped for these leads to come in? Is the program set up in your marketing automation system so that you can score, forward, and reengage quickly?
- During: There are actions during an event that go beyond staffing a booth or table. Though, I can’t stress enough the criticality of scanning leads or getting event lists so that you can get people into your database. Additional actions during an event can include having a targeted “hit list”, social media promotion, meals, side meetings, experiences, and more.
- After: An “after” experience would involve ABM integration to aggregate and correlate your cohort data. It means nurturing leads and bringing them along your ideal journey to conversion and customer success. Steps to have in place include:
- Making sure all leads are entered and processed quickly. Setting up engagement metric goals to ensure prompt follow up.
- Event data is provided to the sales team so they can do a warm follow up call.
- Follow up includes a defined understanding of who gets a call and who goes to nurture.
The after program requires looking at the content you have and making sure that the nurture stream the prospect will get is aligned with the event, their interest, and the engagement level of that company. Additionally, once you have a lead / company in the funnel, you start to look for shift or growth momentum such as ROI metrics – of everybody brought in this quarter, what happened to them? Did they drop out because we have a leaky bucket? Or did they go from intent on the Internet to engagement to highly engaged and then into our pipeline? Tracking these growth metrics will help you refine your program and fuel improvements.
Startups need to get from A to Z in the most efficient and effective way possible. How do you prioritize, especially in that middle stage where you need to invest in marketing but may not have all the resources you’d like at your disposal?
Everybody’s out to do the same thing – trying to get the ears and attention of the CISO, CTO, or other top decision-makers. If you just do a little more or are a bit more creative or thoughtful in messaging, you can often cut through the noise. The worst thing you can do is to hammer people with too many things that don’t resonate – that earns you the kiss of death for a marketeer – the opt-out.
As an example, we’ve done campaigns with both DarkReading and Cyber Risk Alliance. They’ve each had different themes and it would have been very easy for us to just collect the leads and check off the campaigns as completed. However, I’ve always challenged my team with a Good-Better-Best strategy:
- Good is getting the leads, scoring them, and sending them to sales or into a nurture stream.
- Better is not only receiving the leads, but also repurposing the content that we had as part of that program. How do we repurpose or reuse a webinar recording? How else can we use the content from the program for more lead gen? Can we run a campaign using this content with our existing database? Can we leverage this for social media or search marketing?
- Best is enabling even more opportunities by bringing in partners. How can we leverage the existing relationships our partners have with these companies to drive a deal? How can we reuse the content and programs for additional activities with our partners?
If you consider the maturity of the funnel – what each cohort is thinking about when – you can curate the content behind it with blogs, training programs, case studies, vendor evaluations, or other things that secure your messaging in their mind. One campaign we did was rethinking endpoint with identity security. This created a cohort of prospects that were thinking about why Attivo and EDR – which helped pave the way for why Attivo and SentinelOne should be vendors of choice, and ultimately an integrated solution.
That makes sense, so you’ve got to figure out how you can get the highest ROI and create an action plan from there.
Yes! Have goals and always look at your metrics to see what’s working, but don’t be afraid to experiment. I love high impact programs that set my company apart from others. An example is our Hall of Mirrors RSA booth that we had put together to help drive the point on how disorienting deception can be to attackers. Our event manager Katie and I designed this booth from scratch by literally taping the floor in our office to create this one-of-a-kind design. Our CEO thought we were a little crazy. Were people going to think it was fantastic to see and experience, or would they think it was dumb? We planned to do it at one show, and if it didn’t work, we would scrap it. Fortunately, it was a huge success and was so believable, we actually had to start putting stickers on the mirrors because people were running into them. We got on Fox News and BBC, and we were in Exhibitor Magazine’s in a multi-page spread. And we got all this awareness for the company and drove our message impactfully because we did something creative and different.
Another year we did a wolf in sheep’s clothing deception theme with a boldly themed and designed booth – including a flock of sheep sitting area. Additionally, we did a little wolf plushie with a hoodie that came over it (Attivo brand on the foot). Everybody wanted one because they were super cute. They were like $3 apiece and we had people standing in line to come to our booth. Not only were they all over the show floor, but we did a “name the wolf” game which got all over social media. We had people that were taking pictures of the wolf around the world, on skiing adventures, on planes, in bars, etc. Creativity is really important to cut through all the noise that’s out there, but it doesn’t necessarily have to cost a fortune.
In addition to Attivo’s CMO, you held the role of “Chief Deception Officer.” Tell us about what that role entailed, the impact it made, and how it complemented your marketing strategy.
As CMO as well as one of the early folks inside Attivo, one of my roles was one of evangelism: building the category for the company and our company’s leadership within. The name actually started at that Hall of Mirrors booth. After an interview with a reporter from Fox News about what the company did and what I did for the company, he said, “So you’re like a Chief Deception Officer, right?” I thought, “Sure, that sounds great!”
The title turned out to be not only an icebreaker but also a wonderful way for me to build a platform for communicating about our product to the market. Often you can get hampered by carrying the CMO title – people assume you’re going to be all spin and marketing fluff. Sometimes there are roadblocks for sales or marketing leaders just because of their title, but I understood our technology and products and could present both in a non-marketing speak way. Also, who wouldn’t want to meet a Chief Deception Officer and understand what that meant?
“Chief Deception Officer” and later, “Chief Security Advocate,” was my way of continuing to have non-marketing handles so that I could do the things that I needed to do for the company. I encourage people, if you’re technical enough in your capabilities, to consider having a special, “extended” title so that you can access more opportunities and originate thought leadership.
Could you talk a bit about the M&A process, starting all the way back from when you started working with SentinelOne, all the way through the acquisition?
Most of the time it starts early with the acquirer understanding the customers, use cases, and whether it’s something that’s a good match for their product portfolio. In this case, it was an excellent match. Since our partnership in 2020, we saw and felt the chemistry and differentiation that we could provide in the market with a robust identity plus deception part of their portfolio.
SentinelOne was very thorough in their diligence. For anybody thinking or preparing for M&A, the more organized you are in your business, the easier it will be to be able to respond to all the questions such as:
- ARR models: What does the subscription business look like? What is recurring revenue likely to be? Given a heavier evaluation of ARR than on perpetual licenses, do you have what the market is seeking not only on the product, but in your business model?
- Marketing: Given marketing is always a cost center, is the way that we were spending money effective? How did we know it was effective? How did we know we influence the pipeline? It’s what you should be doing anyway, but especially for M&A, you need to have the right ROI and tracking in place to know whether what you’re doing is effective and where the points of influence are.
- Partner programming: What are your demand gen activities and your partner’s demand gen activities? How will you message to your partner program community, notify your partners, and handle transitional contracts?
- PR/AR coverage: Where did SentinelOne have coverage and where did we have coverage? Who did we want to keep or was a redundancy? How similar were our PR programs and communications? How strong were our analyst relationships? What did analysts coverage look like?
Of course, there’s a lot of work across the board. Our CFO joked around with me, “This is nothing, did you see what the finance diligence looked like?
Over the course of your career, you’ve had 30+ years of experience at some amazing infrastructure software companies. What’s the key message you’d like to pass along to those earlier in their journey?
I think a lot of people don’t necessarily think about high tech marketing when they first graduate from college. They may be interested in the consumer brands that we see every day instead. There’s not a great infrastructure for cybersecurity education or a natural path from school today, but it’s a really exciting industry and there are a lot of folks like me that are very motivated to pay things forward by mentoring and supporting talent joining the industry. Think about you and your style. If you like structure and process, a larger company will be best. If you are curious and not intimidated by rapid change and experimentation, then a smaller company can be a lot of fun. Also, consider the culture and make sure that it is an environment that you will enjoy.
Don’t be intimidated about jumping in – the cybersecurity world is a great place, and we need more marketing people in it as much as we need more IT and infosec people! I’ve seen a lot of people that do come in, fast track, and do exceptionally well.
This article is part of the Forgepoint Field Guide, an interview series focused on early-stage company building. Questions or comments? Drop me a line at [email protected].
You may also enjoy:
On behalf of Forgepoint Capital, I’m proud to announce our $18 million (€17 million) Series A investment in Lynx with the participation of Banco Santander. When I first met Co-Founder and CTO Carlos Santa Cruz through our relationship with…Read More
Forgepoint Capital is proud to participate in the Santander X Global Challenge: Cyberprotect the Future alongside Banco Santander to advance cybersecurity innovation and investment globally. We would like to congratulate the 6 winning companies…Read More