How can you differentiate your security product in a competitive market?
A Q&A with Melinda Marks, marketing executive-turned-cybersecurity analyst
For Melinda Marks, success is all about setting metrics, making detailed plans, and helping people solve problems.
That’s a lesson she learned working as a marketing executive, which has continued to serve her well in her current role as a senior analyst at Enterprise Strategy Group (ESG). While her career path hasn’t been a straight line, it’s representative of the routes taken by many women in tech.
Through the many conversations she’s had as part of her Women in Cybersecurity webinar series, she’s discovered that the majority of the women she’s interviewed have a few things in common: they’re committed to following their passions and have a desire to help more women do the same.
But Melinda’s decision to lead a series that solely highlights women wasn’t so simple. She shares a perspective that many of us have — women should compete equally with men, and want to be recognized for their accomplishments, not just because they are women. Read on to learn why she ultimately made the decision to start the webinar series, the challenges and successes she’s had throughout her career, and her advice for aspiring cybersecurity professionals.
What do you enjoy most about being a senior analyst at ESG? What’s the most challenging part?
There are so many things I enjoy – the team, my coverage area, getting briefings from the vendors in the space, helping clients tell their stories, helping them with research and data points. The most challenging part – regularly filing my notes because we take so many briefings and I want to make sure I can reference past meetings and track progress.
What was it like to transition from strategy and marketing executive roles to your current analyst role?
The last role I had was unique in that it was a marketing and strategy role. I liked both, and for most roles, you do one or the other. If you take a marketing role, you don’t always get to lead for business strategy, and in the past role that I had in strategy and competitive intelligence, I was frustrated to not work on marketing. At ESG, I get to conduct market research and get to know the vendors in my coverage area, but I also get to help clients articulate their stories and emphasize key differentiators. I had worked with ESG in the past and really liked the team and their services.
What inspired you to launch the Women in Cybersecurity webinar series?
A colleague on our research team told me that a previous female analyst at ESG had come up with the idea and had some plans, and asked if I might want to pick it up. I had mixed feelings because I strongly believe women should compete equally with men. But because we are underrepresented and could benefit from others hearing our stories, I wanted to make a simple format where we could interview and spotlight women in cybersecurity. For example, some episodes focus on CSOs or CISOs, some focus on researchers. I wanted to include a range, including CEOs/founders, sales leaders, marketing leaders, VCs. Some of the shows have featured my friends whom I know have great stories to share, and then I’ve also enjoyed recommendations and introductions for amazing women to feature.
I had mixed feelings because I strongly believe women should compete equally with men. But because we are underrepresented and could benefit from others hearing our stories, I wanted to make a simple format where we could interview and spotlight women in cybersecurity.
What have been some of the most rewarding moments of the series so far?
It’s been rewarding to let women tell their stories of how they got into cybersecurity and why they love our field and their jobs. I get inspired hearing about their experiences and achievements. They also all share advice and resources, and I leave it open for them to share anything about challenges they’ve faced and how they’ve overcome them.
Have you noticed any trends about the various career paths of the women you’ve interviewed?
Yes, we’re all used to making our marks in a male-dominated field. A lot of the career paths have not been straight; we like to follow our passions. We all want to see more diversity and help more women into the field and also help them advance.
What are some of the biggest challenges that women face in the cybersecurity industry today, and how can we address them?
The biggest aspect is that we’re in the minority. It can be intimidating to be on a team with all men, or attend a technical conference with mostly men. What is inspiring is that many of the featured women have created training programs and resources to increase the number of women in our field.
So today my goal is to be a top industry analyst even though it’s dominated by men. All of the women I’m spotlighting on the show are impressive for their accomplishments, and we get to share how they are excelling in our field dominated by men.
For example, my first show featured Vandana Verma, who created InfosecGirls, a training program collaborating with colleges to help women gain the technical training and skills to join our field. We also have successful women, including founders/CEOs, who want to share their advice and learnings with other women. Conferences also often include networking events for women so we can connect. Another challenge is that we face systemic stereotypes about our abilities or inclinations. There are people who don’t think women can be technical or don’t think women have authority for leadership positions. Some assume that women are more focused on raising their families than on their careers. One interesting aspect for me when I was in marketing was that it was not as male dominated, but there were fewer women in executive roles. So highlighting our capabilities and achievements, sharing our stories, helps in these areas. Also, I think it’s helpful for men to listen to these stories to become more aware of our experiences.
Do you have a mentor or role model who you look up to in the industry?
I have a number of mentors and role models, but earlier in my career, at VMware, Diane Greene inspired me for her commitment to delighting customers with technology and her achievements building the company. I also liked her view around being competitive. She made a point of gaining recognition for her abilities and accomplishments – not as a female CEO, but for her accomplishments as a company leader and innovator. So today my goal is to be a top industry analyst even though it’s dominated by men. All of the women I’m spotlighting on the show are impressive for their accomplishments, and we get to share how they are excelling in our field dominated by men.
Are you part of any groups or associations that you would recommend for other women in tech?
Yes, EWF is a wonderful group for women in cybersecurity. They have a yearly conference and other events to share knowledge and network, and they offer many resources and scholarship programs.
Based on your experience working with two startups during IPOs, what did you learn about developing successful communication strategies throughout those periods?
It’s all about setting metrics, having a detailed plan, and then executing on it to get to that pay off of a successful event, launch, or IPO.
It’s all about setting metrics, having a detailed plan, and then executing on it to get to that pay off of a successful event, launch, or IPO.
I am obsessive about prepping and planning. The fun part for me has been meticulously planning everything in advance with a long runway, quarterbacking a team to execute against the plan, and then I’m very motivated by knowing that once all the work is done, it will pay off, and it’s fun and rewarding to get to enjoy the results.
What are some of the strategies that you’ve used to help customers understand a security product’s unique value proposition compared to competitors?
The best way is to work with customers or prospects to understand their pain points and work to solve their problems, or see how they are using your product to solve their biggest problems. Then you can learn about what benefits they are getting, how it helps them with their jobs, what they can do now that they couldn’t do before, what they could do with your product that they can’t do with other products they’ve tried. When you work at a company, it’s easy to focus on how the product is built and its features and capabilities and intended usage, but you have to validate that by talking with customers who are trying the product to see how they are using it and the benefits they are getting. Then you can use those points as the key value propositions. Another powerful strategy is to let your customers share their own success stories with prospects. Tech buyers are skeptical of marketing and sales messaging, and cybersecurity audiences are even more so. But they listen to their peers.
Let your customers share their own success stories with prospects. Tech buyers are skeptical of marketing and sales messaging, and cybersecurity audiences are even more so. But they listen to their peers.
What are some of the most common misconceptions that organizations have when it comes to cloud security?
There are so many but I think a lot of the misconceptions around cloud security have to do with getting out of traditional security mindsets that just don’t apply to cloud-native. You don’t want to just add more testing tools or scan things to increase your coverage or find more security issues and fix them because that will slow things down or overwhelm teams with remediation tasks. You have to remember that cloud-native software development processes are continuous instead of linear. Instead of a lifecycle that just progresses from left to right, going from build to release, it’s continuous – you build, release, and then continuously build and update. This requires a different security approach. You can’t add siloed tools at different points for different teams; it’s about incorporating security into development tools and processes, and leveraging the full tech stack, including CSP features and integrations, and integrations between security tools, in ways to drive efficiency in setting controls and remediating critical issues in time to prevent incidents.
Cloud-native development is all about enabling efficiency and collaboration, so security needs to work the same way so that we’re building security into the workflows instead of disrupting them.
For a period, we had investments in developer tools that focused on testing early in development (a misconception that “shift left” meant investing in more testing on the left side, the build side, of the SDLC). And then security teams were monitoring workloads on the right, in runtime, to catch and fix issues. It didn’t work because it wasn’t efficient; security didn’t have visibility into what developers were doing, and there were too many security issues deployed to the cloud, so going back to developers to fix the issues was painful. But now we’re evolving to the better approach, where security is working with development throughout the SDLC. Cloud-native development is all about enabling efficiency and collaboration, so security needs to work the same way so that we’re building security into the workflows instead of disrupting them.
If you could give yourself one piece of advice when you were first starting your career, what would it be?
Look for the jobs with the right managers who see your potential and will help you and inspire you.
Follow us for more insights from women making history
For more insights from Melinda, check out her Women in Cybersecurity webinar series for ESG. At Lacework, we created our Secured by Women initiative to bring visibility to more of the fantastic women like Melinda who are making history in cybersecurity.
Follow us on LinkedIn for more stories like this!
Suggested for you