While thinking about all of the different channels you can access to reach your buyers, it’s also important to start thinking about how to get your brand on the map.
Media 7: Hi Ann, thank you for time to this. Can you walk us through your experience in strategic market leadership and developing pipelines for high-growth firms across different marketing disciplines over the past 11+ years?
Ann Strackhouse: One of the values my parents instilled in me from a young age is that you can never stop learning. That's something I've applied to my career and have found it to be a main seed of growth for me.
I've worked at several startups in various funding stages, and I've also worked at enterprise-sized companies.
Each experience I've had was considerably different from the next. The most valuable roles where I've learned the most have been at earlier stage startups, but it's very hard to succeed in implementing an entire Marketing function if you haven't lived through examples of larger team structures and how things operate behind the scenes. You're essentially inheriting a blank canvas, and there is a world of opportunity for innovation.
When I'm in the job market, there are 3 things I initially evaluate about the company to decide if I want to move forward:
Is the product solving a problem that isn't already being solved?
Are they doing it in an innovative way?
Is there a significant total addressable market to go after?
If the answer to any of these is no, then it's not a fit because I won't be set up for success from the start. When the answer to these 3 is yes, it's a green light, but then the hard part begins.
My key pillars of focus are always lead generation, brand awareness and operations. I've found that operational workflows should be incredibly intricate and strategic, and have often times seen that function of Marketing neglected. It's crucial that the MarTech stack aligns together and is a scalable model from the outset. Marketing budgets are sizeable and there will always be a need to prove the ROI on any spend. Equally important is the need to review Marketing program performance so data-driven decisions can be made. Through experimentation, you should evaluate your programs and their effectiveness and iterate from there -- doubling down on where you see the most traction. Depending on what industry, there will be learnings throughout the process. For example: Targeting Government? Expect to get creative because of the mandates on employees receiving any type of monetary gift for an exchange of service. You can also expect a much longer deal cycle, which leads me to filling the funnel.
Strategically planning the timing of inbound leads is crucial. If you're working at a high-growth start up it's best to front-end your lead generation activities at the beginning of your Go-to-Market launch. From there as you evaluate your programs you can start to see where your conversion rates are high and move to a more even-paced model. While thinking about all the different channels you can access to reach your buyers, it's also important to start thinking about how to get your brand on the map.
This is where my company evaluation criteria come into play. You have a solid product to bring to the market, and then it's about getting your company on the map. Tap into differentiators. What is unique to your company that competitors don't have? This will often lead to 'newsworthy' shareables and an increase in brand recognition. One of the unique features we have at Horizon3.ai is that our rapid response program is open to anyone at our company who wants to comment. Typically, there are only a few leaders who are permitted to comment on industry news. But if you have a group of incredibly skilled individuals, why not open it up to everyone?
It's been an exciting journey full of learnings, successes, challenges and failures. Driving change keeps you up at night. And it should.
Innovative, strategic marketing that's well-executed yields substantial ROI, but it also lifts the brand and all associated with it. Great marketing engages prospects and customers, motivates employees and reinforces the company's mission and product value to investors, partners and other key stakeholders. Exceptional growth starts with a "be great or be gone" mindset and the recognition that great creativity doesn't land without equally strong, programmatic execution. That demands clear planning and integration across marketing and public relations elements, across campaigns, across regions, and across product lines.
M7: In your role as Director of Marketing at Horizon3.ai, how would you prioritize the development of strategic partnerships and collaborative relationships in order to drive business growth and success?
Partnerships are really the circulatory system that moves technology innovation through the market. If you look at cybersecurity for medium-sized businesses as an example, you see it's a major part of the overall opportunity over the next 10 years, but the profound shortage of experienced cybersecurity talent is likely to limit the opportunities for strong cybersecurity solutions that aren't supported by equally strong partnerships. Many of the best emerging organizations will, by necessity, need to tightly define the roles their internal cybersecurity teams play, and instead will turn to integrators and MSSPs as their "forward operations."
This is just one example of the role that strategic partnerships will play, and it's a dynamic that will only strengthen over time because, by virtue of their ongoing experience on the front lines fighting cyber threats, those partners will further consolidate and strengthen their position.
Likewise, the current talent shortage should inspire forward-looking organizations to work with ecosystem partners to drive certain aspects of usability and ease of reporting, particularly when it comes to helping the customer's CISO communicate to and with their senior-most executives, board members, risk officers and regulators.
M7: Please provide a brief description of the products and services offered by Horizon3.ai.
It's likely every organization will be attacked at some point. It's not a case of if, but when. Experts urge (and regulations increasingly mandate) that organizations continuously identify their ineffective security controls and identify the critical, exploitable weaknesses that they must immediately fix.
The situation is further complicated by the abundance of "noisy" security tools that issue false positives, overwhelming security teams and forcing them to chase vulnerabilities that can't be exploited while at the same time overlooking readily exploitable, high-impact threats.
Horizon3.ai's NodeZero pentesting platform is based on the concept of using offense to inform defense. It lets organizations find and fix their vulnerabilities before an attacker exploits them. It can continuously assess an enterprise's attack surface, identifying the ways that an attacker can chain together harvested credentials, misconfigurations, dangerous product defaults, and exploitable vulnerabilities to compromise systems and data. It provides organizations, MSSPs and integrators with a laser focus on the problems and vulnerabilities that can actually be exploited, without wasting their time and resources chasing false positives. NodeZero answers the top three questions that every CISO and security team needs to ask: "What's exposed?" "What needs to be fixed first?" and "How will we do more with less?"
Read more: 'Enterprises that don't leverage AI and ML will likely be at a disadvantage,' believes Miquido's Jerzy Biernacki
Exceptional growth starts with a be great or be gone mindset and the recognition that great creativity doesn't land without equally strong, programmatic execution.
M7: What makes content such an important factor in the marketing of products and services in the information technology industry?
Content is king. This is a widely adapted notion with good reason. It's incredibly important to meet buyers where they are in their journey. Every organization should be doing an ongoing content audit to ensure each phase of the buyer's journey (research, consideration, and purchase) has messaging and content to match the stage they're in. If you have a comprehensive handle on who your personas are, what they care about and what role they play in their buying teams, you're going to see increased email open rates, assistance in closing deals, and higher conversion rates. A continuous nurture stream of relevant content will always help leads move down the funnel.
From a thought leadership standpoint, it's paramount to produce high-quality content that people want to keep coming back for. One of my current goals for our content strategy is to move away from trying to make a sale by promoting our product, to becoming a resource hub for cybersecurity professionals. Attackers only have to get it right once, while cybersecurity professionals have to be on point 24/7. Because the threat landscape is ever-evolving, CISOs and their teams constantly have to stay at the forefront of innovating their security stack, strategy and operations. Due to the high stress of the SOC function, these professionals greatly rely on peer-to-peer references and learnings from like-minded professional's stories on how to maximize risk avoidance and ultimately stay out of the news.
Creating a customer advocacy program will provide the space for these interactions. Cultivate customer champions who will share their story on a webinar and participate in a written case study or a video testimonial.
Communication is the core of effective marketing, and content is at the core of communication.
M7: What do you think are the most significant changes that have taken place in the information and technology business during the past few years?
Without a doubt, the global pandemic drove waves of workers to migrate from offices to working from home, massive upticks in retail and ecommerce, and almost immediate retooling and evolutions of major systems for "pickup at curbside" continuity. We all moved fast to drive the changes that helped meet public needs and kept businesses running, and that wave of change vastly altered and expanded the threat surface, creating ripple effect vulnerabilities. It also newly empowered threat actors in ways too numerous to list here. That seismic growth is also being followed by economic disruptions. And what thrives in disruption and economic uncertainty? Cybercrime.
Simultaneously, the world's threat landscape has shifted, with unfriendly nation state players more determined, resourced, and skilled than ever before.
We're in a different world than we were in just four years ago. The rate of change has been historic.
M7: There is already evidence that criminal organizations use highly automated attack techniques. In your opinion, what do you think is the future of cybersecurity?
The future of cyber threats will run at machine speed – algorithm vs. algorithm – with humans by exception. Attackers have accelerated their attacks using AI faster than defenders can improve their security effectiveness. So it's time for organizations to shift from a business-as-usual to an under-attack cybersecurity mindset.
Committed attackers will invest resources to compromise high-value targets as we saw with the SolarWinds attack. For these organizations – the Global 100, defense companies, critical infrastructure, e-Commerce, healthcare, manufacturing, social, etc. – a "wartime" mindset is critical. They must assume the attacker will get in and focus on actively defending their cyber terrain.
M7: Can you explain Horizon3.ai's approach to identifying and addressing security vulnerabilities and verifying the effectiveness of the solutions implemented?
To understand and address IT infrastructure vulnerabilities before a cyber-attacker can exploit them, organizations have to continuously identify their ineffective security controls and identify critical, exploitable weaknesses that they must immediately fix.
And that's what autonomous pentesting with NodeZero does.It also leverages expertise, data, and insights to build an autonomous defense designed to be automated, with the intervention of humans by exception. That is the advanced level of effectiveness that sets NodeZero and Horizon3.ai apart. Right now, there are less than 5,000 OSCP-certified ethical hackers in the United States, and it takes ten years of hands-on experience to become a senior penetration tester. Meanwhile, demand for security testing has increased exponentially. Until NodeZero, only the most well-funded companies and organizations could conduct such testing. It's why the platform was specifically architected for usability – to help "democratize" autonomous pentesting.
Last year, Horizon3.ai customers ran nearly 7,000 pentests with NodeZero before coming to us, many of these customers could conduct pentests only once a year or, for some, not at all. Today, many constantly verify their security posture by running multiple pentests in a single month, and some prolific users run over 40 pentests a month with NodeZero.- which is well above the often-cited recommendation of one to two pentests a year.
Usability must go hand-in-hand with results comprehension. NodeZero testing yields a graphical representation of the actual attack paths an attacker could use to chain together misconfigurations, vulnerabilities, and weaknesses to compromise their organization. This gives customers the insight needed to mitigate risk by prioritizing exploitable weaknesses with their corresponding fix actions, verifying that each weakness actually has been remediated, and giving the C-Suite and Board a new, clearly understandable lens into the organization's security posture.
Read more: Panzura's Glen Shok explains why file security and military-grade encryption should be applied to all data stored in the cloud
It’s time for organizations to shift from a business-as-usual to an under attack cybersecurity mindset.
M7: Can you shed light on why attackers prioritize obtaining credentials and explain how Horizon3.ai Node Zero tackles this problem?
AS: Compromised credentials are how attackers get in, and billions of compromised passwords and usernames are now available cheap on the dark web as a result of the breaches of the last ten years. Human nature being what it is, people continue reusing passwords and not updating them regularly.
So the big question is: "if they get in, what could they do?" NodeZero answers it. NodeZero was able to compromise a major financial services organization in 7 minutes and 19 seconds in a recent pentest. This customer had purchased best-in-class security tools, yet few alerts were triggered, and defenders could not react fast enough to stop the attack. Security effectiveness is the critical initiative every enterprise should undertake to ensure they are getting the most impact out of their security investments, and the best way to verify that effectiveness is through continuous penetration testing.
M7: What is password spray and how does NodeZero weaponize the technique in internal and external pentests?
AS: In a password spraying attack, a threat actor tries to access a large number of accounts (usernames) on an application by using a single commonly used password, which avoids the account lockouts that happen during other types of attacks, such as brute force attacks. Our customers understand the risks that credential-based attacks pose to their organizations because NodeZero allows them to safely assess their environment against such attacks. In the last year, NodeZero successfully executed credential-based attacks over 6,000 times (out of the 34,000 times in which NodeZero successfully executed an attack compromising at least one host), and to significant effect. For example, when a medical clinic ran an internal pentest with NodeZero, it learned that its systems were exploitable after NodeZero conducted open-source intelligence gathering on the company's name, scraped potential employees from LinkedIn, then conducted password spraying.
Just as an actual cyber threat actor would do, NodeZero chained other weaknesses with the successful password spray to achieve multiple critical impacts. In this case, over 1,600 credentials were captured and used to access services and infrastructure. NodeZero compromised one domain, almost 50 hosts, and two domain users while discovering nearly 50 data stores open to ransomware. NodeZero was able to execute this operation completely safely. It showed proof of the exploit and gave the customer the steps necessary to fix their weaknesses.
M7: Can you tell me about Horizon3.ai's plans for innovation and growth in the coming years? How do you see the company evolving to meet new challenges in the cybersecurity market?
AS: We're best in class today, but we know that threat actors are investing heavily in development of ever more sophisticated threats.
In addition to autonomous testing across premise, cloud and hybrid environments, we're focused on usability. We've just rolled out NodeZero Analytics, a level of usability that empowers cyber pros regardless of their level of experience. Additionally, we're focused on refining usability so that autonomous pentesting is a force multiplier. At the heart of the refresh are detailed attack paths with proof of exploitation, prioritized fix actions, and 1-click verification that the remediation was successful.