Did you notice? As B2B cybersecurity content writers, we love telling our readers what they “should” do.

As in, “Organizations should…” or “CISOs should…” or “You should…”

Sometimes, we push that urgency pedal to the “must” metal. We exclaim that readers or their companies “have to” or “need to” or “must” take certain steps.

As in, “Financial institutions have to…” or “As a compliance leader, you need to…”  or “Enterprises must…”

Sounds a bit helpless, doesn’t it?

So, does it work? Science confirms: it doesn’t (more on that below).

If it did, the world would be a safer place.

We’d be fat and happy, because our readers “should” love whatever product or service we highlight in our whitepapers, blogs, or drip mails.

The truth is: we can’t mandate love - or total security. Most readers are pro-choice, thank you very much.

People don’t want to be told what to do or not to do. Scientists even have a term for it: psychological reactance.

Does your cybersecurity content cause psychological reactance?

Here’s a test.

Next time you read B2B content that stresses what you “should” do, ask yourself:

“What’s my gut reaction to that?”

If the writer or the company she represents is your go-to authority on the subject matter, you may take action.

Or you let it slide, like that unsolicited and non-applicable advice from a friend who means well and only wants to help.

Yet, in many more cases, you’ll not even consider it and simply move on without hesitation. I know I do. This usually happens for mainly three reasons:

• because the writer has failed to establish authority;
• because the content doesn’t speak to the reader’s specific cybersecurity needs, situation, restraints, budget, or priorities;
• because of basic human psychology: who wants to be told?

B2C and B2B content writers underestimate this subconscious pushback at their own peril.

Does psychological reactance explain, at least in part, why we have failed as an industry to increase cybersecurity awareness in a meaningful way over the past years?

Perhaps cybersecurity writers are co-responsible for this failure.

Blame the “must-erbation” approach in poor cybersecurity content:

Meet the cybersecurity content musterbators

The term “musterbation” was coined by cognitive-behavioral science pioneer Albert Ellis (1913-2007). It describes a particular way that people place absolute and unrealistic demands on themselves and others.

“There are three musts that hold us back,” the famous psychologist wrote. “I must do well. You must treat me well. And the world must be easy.”

The language of “must”, “have to”, and “should” people use to that effect is a language of black and white.

Such wording doesn’t take into account the complexities and many shades of gray in how humans interact with each other and the world.

As a result, it weakens the desired outcome or prevents it altogether.

“Should may occasionally give good guidance. More often, it sets unrealistic expectations,” wrote clinical psychologist Susan Heitler in Psychology Today (Should You Use This Word? It Decreases Your Effectiveness):

“Should induces guilt, and decreases your desire to do what you otherwise might want to do.”

That’s an empowering insight to share in a marriage counseling or management coaching session, you may think - but in cybersecurity?

What IT security content writers can learn from marriage counselors

Don’t get me wrong, infusing our message with Snuggle-Plus Language Softener isn’t the solution either.

I’ve been writing about IT, and about information security in particular, for several decades now, first as a journalist and book author, then as a ghostwriter, blogger, and editor.

Considering how little the messaging has changed, all I’m saying is that it may be time to upgrade our communication skills as an industry the same way other security and safety-focused fields continue to improve theirs.

The good news is that we seem to be catching on to the problem. Slowly, but better late than never.

Steve Durbin, the chief executive of the UK-based Information Security Forum (ISF), has noticed this change, too. He pointed out the underlying problem in a recent ISF podcast episode on Influencing Security Behaviour:

“People don’t respond well to being told,” said Steve. “You get my buy-in much better by explaining to me than by telling me.” (TC 08:59 min)

His prediction: “We’re going to see a need for a very much deeper understanding of some of the psychological elements of why people do what they do.”

Until then, what’s the solution? Abandon “should” and “must” and “have to” in cybersecurity content, such as How-to and best practices blog posts, altogether?

Let’s be real. Most of us, including yours truly, use these words on occasion (even if we know better) to signal urgency and create a sense of obligation. We do so on a deadline, to save time, or simply because research says it works in headlines.

A more practical and effective solution than quitting “shoulds” and “musts” altogether in cybersecurity content is to use them sparsely. Can you think of an alternative? Deploy it. More often than not, it will make your content better.

Let’s look at a few such alternatives next.

From “should” to “show”

Instead of dispensing “should” advice or similar, we can choose from several alternatives, depending on the type of content. Here a three of my personal preferences:

• Show how an industry peer solved the problem. In a short customer story or case snapshot, describe why that person or organization took the desired action. One additional advantage of this method is that it provides social proof for what you are recommending.
  
  Enterprise digital rights management company Fasoo used this approach in a blog post about insider threats in tech manufacturing (last four paragraphs).
  
  
  
• Can’t name customer names? It’s a common challenge many are facing in our space. One solution here is to apply a generalization. “Should” betrays wishful thinking - state facts instead.
  
  Talk about those peers or leaders as a group who already took the step you suggest and describe the outcome.
  
  A basic example: Instead of writing “IT security leaders in financial services should deploy [our product or service here], because... As a result, …”, we can use “Throughout the financial services sector, IT security leaders are now deploying [ditto], because… As a result, ...”

• Reframe instances of “CISOs should...” or “Threat hunters must...” (Google search examples) - or whatever the onus is you put on your specific audience persona - to minimize psychological reactance.
  
  A straightforward way is to write in the second person and use verbs in the imperative mood when rendering advice or urging action. This particular method has three additional advantages: 1) It is shorter, 2) it’s assertive, thus reinforces (subject matter) authority, and 3) it removes ambiguity.

Yes, if you are a B2B cybersecurity writer who entered the field from marketing or journalism, the latter style may take getting used to. Military veterans who transitioned to creating IT security content, for example, seem to be more comfortable with it.

That’s at least my experience as an editor. As an aircraft pilot, I’ll use an example from the left seat to show the difference that particular communication style makes.

Short and to the point avoids ambiguity

Let’s say Air Traffic Control (ATC) told the Pilot Flying “You should turn left heading two-six-zero for traffic avoidance, after which you have to descend and maintain six thousand.“ (In the real world, they would use  the FAA-conform “Turn left heading two-six-zero for traffic avoidance, descend and maintain six thousand.”)

That could lead to some serious head-scratching in the cockpit. “Should we? What happens if we don’t, and when? How urgent is this anyway? ATC is really long-winded and nice today. Who’s that chatty intern? Whatever it is, they don’t seem to be so sure either. ”

The point is, you don’t want to find out.

Like with ransomware. This is where words do matter.

The case for cybersecurity content that matters

Granted, words won’t stop ransomware. But as cybersecurity writers, we can make our content more credible and effective with help from science. Credibility, as B2B content marketing research shows, is key to engaging especially new site visitors.

Too many “shoulds” and “musts” in a blog post, email, or whitepaper indicate insecurity. In combination with other tell-tell signs, they can also signal that the content was cranked out by a beginner or a content mill (or by a beginner in a content mill).

It’s one cybersecurity content weakness among many that can reflect poorly on a company. I’ve written about some of the others here. Our communication capabilities as an industry are lagging behind the massive and rapid progress information technology has made over the past three decades, research confirms.

One could argue that B2B content quality, in general, has declined significantly during the same period. And one would be correct.

That’s not a new insight, though. I recommend reading Doug Kessler’s seminal rant Crap: the single biggest threat to B2B content marketing from 2013.

It’s also a lousy excuse if we compare our industry to other sectors where security and safety play a big role. The military and regulated fields like healthcare or aviation learn from each other.

They also draw on interdisciplinary research for continuous communication improvement. Surgeons and nurses, for example, now follow some of the same communication guidelines developed for airline cockpits.

Isn’t it time for information security thought leaders and content creators to follow their example and look at behavioral and communication research for guidance?

So let’s get serious about the words we use or don’t use to influence cybersecurity behavior.

The alternatives presented above make it easy to nip the “shoulding and musting” in the bud, before it can blossom into the unhealthy writing style that is a hallmark of bad cybersecurity writing.

By Robert McGarvey

Breaches are commonplace. There are four significant ones per day, says Van Dyke.

They often affect financial information, such as bank account or credit card data, protected health records, personally identifiable information (PII), or intellectual property.

In 2020, the total number of records exposed in reported breaches exceeded 37 billion, a 141% increase over 2019. This number doesn't even include yet 2020 data breaches reported in Q1 2021.

But what does that mean for individual consumers and their personal data in each case? "The biggest challenge breach victims face," says Eva Velasquez, CEO of the nonprofit Identity Theft Resource Center (ITRC), "is understanding the risks associated with a particular breach, and what steps they should take next."

Data breach press releases from lawyers, for lawyers

Ask any cybersecurity journalist what they do not like about data breach press releases of, say, financial services firms or health care providers, and the answer is: everything.

Such news releases disclose as little as possible and offer few details. Opacity is the hallmark of the genre.

These announcements are mostly made by lawyers, for an audience of other lawyers or state and federal regulators.

Often, they add more to the post-breach confusion than they help minimize the damage.

As a result, most IT security reporters and general news media go through the motions and contribute to the general data breach alarm fatigue. Consumers are left confused, frightened, and wonder how exactly they are impacted, and what they can do about it.

How severe is the data breach? Ask this web app.

Enter Breach Clarity, which puts transparency over opacity because its founders think that makes more business sense.

Screenshot: Free data breach severity score - Breach Clarity Basic

The startup's new web service aims to prevent post-breach paralysis by providing consumers with three actionable insights:

• The tool scores a data breach on its severity, from 1 to 10;
  
• it explains to individuals how they can protect themselves if caught up in a specific data heist;
  
• it offers a score of the user's risk of becoming a fraud victim, with scores ranging from 1 to 100.

The data breach severity scores and custom-tailored corrective steps are calculated based on Breach Clarity's patent-pending algorithms. Action items are specific to a particular breach and to the person who's asking, explains  Co-founder and CEO Jim Van Dyke.

A data breach, for instance, that involves completed W-2 forms, banking information, and HR files exposes affected employees to IRS tax refund fraud.

Where does Breach Clarity get its breach report data?

Van Dyke says that Breach Clarity's consumer research found a surprisingly robust appetite for such tools among Gen Z and Millennials. The researchers also found high interest among Baby Boomers.

Will Breach Clarity, which was acquired by Sontiq in March 2021, be able to give them the answers they are looking for?

Its approach's success depends to a high degree on the quantity and quality of available data breach reports.

A 2017 study indeed found 60% of U.S. data breaches went unreported. But there has been improvement in the four years since.

Privacy experts attribute this trend to the introduction of stricter consumer privacy laws and regulations at state level and of GDPR, the General Data Protection Regulation in the European Union, which also affects numerous US-based companies.

The new regulations are credited with increased self-reporting, especially in regulated sectors such as healthcare and the financial services industry.

Breach Clarity gets its data breach details from the ITRC, whose database is considered a gold standard in the field. Van Dyke sits on the ITRC board.

The nonprofit's nationwide database contains detailed information on the latest publicly reported data compromises that impact consumers and businesses.

Eva Velasquez says ITRC is proud to be a part of a "no-cost solution that brings much needed clarity to the victims of data breaches."

First target markets: credit unions and banks

How will Breach Clarity make money? For now, Jim Van Dyke, whose Javelin claimed many mega banks as clients, is marketing Breach Clarity as a value add for credit unions to offer to their members.

He already claims one customer - BCU (formerly Baxter Credit Union), the nation's 56th largest with around $4 billion in assets.

Jim Van Dyke (Photo: Breach Clarity)

BCU is offering Breach Clarity's premium-level service as a free tool to its members. Nonetheless, Van Dyke forecasts a 5x ROI through a reduction in fraud losses.

That's because financial institutions absorb the bulk of the losses due to data breaches, says Van Dyke. Informed members/customers, goes his calculation, will be better able to take steps early to minimize fraud.

He also expects fewer calls to helplines. After heavily reported breaches, financial institutions are swamped with SOS calls. Fewer calls mean lower costs, which is why Breach Clarity expects growing interest from large regional and national banks next.

More cybersecurity content clarity as a possible side benefit?

Post-breach communication needs to improve on many levels, and Breach Clarity may have a role to play here.

News journalists and B2C content writers can draw on the service to give their readers more specific advice than the basic "check your credit report" guidance.

Organizations that suffer a publicly reported breach can point their members or customers to the Breach Clarity.

Most importantly, they need to be more transparent and clear about what happened, including possible consequences, starting with the first public announcement of the data breach, and follow these:

Three basic rules for post-data breach press releases

• Ditch the opacity. Be transparent about what data was stolen, over what timeframe, and admit what you don't know yet.
  
• Spell out the steps your organization has taken to mitigate the data breach. That doesn't mean giving cyber crooks a road map. Disclose to the public any information that will help restore confidence.
  
• Let cybersecurity crisis communication professionals polish your press releases. Yes, in-house counsel or your law firm will want to have the final say. For clarity and specificity, also involve a skilled PR writer with cybersecurity background.

This post has been updated to reflect the acquisition of Breach Clarity by Sontiq (3/9/2021 announcement).

Cybersecurity Writers guest contributor Robert McGarvey (Twitter: @rjmcgarvey) is a veteran technology reporter who has often covered cybersecurity and data breaches especially in financial services and hospitality. Listen to his half-hour podcast with Jim Van Dyke here.

Established and new cybersecurity podcasts soared in 2020. That doesn't mean IT security professionals stopped reading books and eBooks. On the contrary.

Let's look at eBooks, for example. Research on B2B content consumption changes in 2020 found that eBooks ranked #1 in total views by content format. This includes complimentary downloads of B2B cybersecurity eBooks.

Then there's the growing commercial eBooks market. In the first 11 months of 2020, eBook revenues in the US grew 15.2% to $1.0 billion, according to the Association of American Publishers (AAP).

The report provides only a glimpse of the total market. AAP is tracking roughly 1,300 publishers. Together, they represent less than one-fifth of eBook sales.

The trade association doesn't follow smaller niche imprints. It doesn't track self-publishers and the labels owned by Amazon Publishing, which drive most of the eBook market growth. Statista expects total eBook revenues in the US to surpass the $6.0 billion mark this year.

Granted - cybersecurity publications make up only a minuscule fraction of the book market. Still, infosec tech writers and IT recruiters-turned-authors contribute to this trend and benefit.

Quite a few have turned the 2020 lockdown into an opportunity, or are about to. They have written or are currently writing technical eBooks, manuals, or leadership guides.

Does this sound familiar? Do you have a cybersecurity book in the works? And if so, how will your future readers learn about it?

You've written a book. How will readers know?

Prepare for a crowded field. The good news is, as a newly minted book author, you're not alone.

That's also the bad news.

Get ready to face some stiff competition. More authors will be vying for attention for their cybersecurity books this year. They've been as busy as you were.

The topics your fellow authors are tackling cover a wide field. Some write about threat intelligence and malware trends. Others examine pentesting methods and tools. Career advice for CISOs, anybody? Or accountability strategies for board members?

Someone wrote the book on it.

But wait, there's more.

What about the new cybersecurity podcasts launched in 2020? Quite a few shows focus on career advice, research, and B2B cybersecurity thought leadership.

Some have racked up enough quality content by now to consider branching out. More hosts follow the changed B2B content trends. They are currently seeking to broaden their audiences.

They edit and repurpose their conversations for consumption beyond the podcasting sphere. Executive summaries of webcasts and podcast episodes are one example. More companies are offering them now, courtesy of their corporate sponsors.

Independent consultants and other professionals launched podcasts to advance their careers. They may turn the accumulated content into the ultimate business card.

What a better boost for your personal brand than a book that speaks to your subject matter expertise?

Where to promote your cybersecurity book online?

Guest appearances on industry podcasts are an obvious option. Podcast, book, and eBook PR experts have specialized in reaching out to the right shows.

New authors should find an expert who is familiar with the podcasting landscape in their field. This approach ensures that they get booked for interviews in front of audiences that are a good match.

Industry websites and blogs for the information security community provide another viable venue. Focus on those that publish author interviews or highlight new books for their followers.

They often rely on established cybersecurity journalists or subject matter experts for new book reviews. Such posts have a much longer "shelf life" than podcasts. They also reach a larger audience.

That's important, because avid readers aren't necessarily voracious podcasts listeners. Research shows that listening is less effective.

Cybersecurity podcasts also don't always provide episode notes with links to resources. As a result, even frequent listeners may have to take an extra step to find the book online.

In comparison, most blogs make it easy to order and download the books they mention or review.

New podcasters-turned-authors will face a challenge, though.

You thought building a podcast audience was tough?

Then try getting your cybersecurity book reviewed on reputable blogs and industry portals.

The legwork will make you miss the days of slogging from zero to the first few hundred listeners.

On the plus side, you know now that you have what it takes. The "DIY approach" to book/eBook PR requires more of the same. Think serious time investments, thorough research, determination, resilience - and luck.

Are you ready to take your pain to a whole new level?

To give you a head start, we've put together this overview of

11 Blogs for Authors to Promote Their New Cybersecurity Book

Which blogs reviewed new cybersecurity books or published author interviews in 2020?

The list below is by far not exhaustive. But after reviewing it, you may have a better idea of places to turn to with your new book.

That doesn't mean you're on your own with identifying the "right" reviewers. To save time and legwork, check out the tips at the bottom of this post.

How to find book reviewers in the cybersecurity field?

The key is developing a target list of journalists, bloggers, and podcasters that is custom-tailored to your book. Identify those who cover the  IT security topic or field you write about.

This post can serve as a starting point. Much success with your book launch!

Blumira Blog

IT security firm Blumira invited cybersecurity book author Pascal Ackerman on its podcast. Check out the blog mini-series distilled from the conversation between Mike McCarthy and Pascal Ackerman, who wrote Modern Cybersecurity Practices: Exploring And Implementing Agile Cybersecurity Frameworks and Strategies for Your Organization.

Cybersecurity Canon

Then-time Palo Alto Networks CISO Rick Howard created the Cybersecurity Canon in 2013. His goal: establishing a resource of "must-read books for all cybersecurity practitioners."

The result was a curated catalog with reviews of books from and about the industry. It allows readers to keep up with essential knowledge and developments in the field. In 2020, the Cybersecurity Canon moved to Ohio State University.

Read recent Cybersecurity Canon reviews on the website of OSU's Institute for Cybersecurity & Digital Trust.

Cybersecurity Guide

The Cybersecurity Guide offers a wide variety of specialized education and career resources. It covers mostly online and on-campus cybersecurity degree programs.

Included are associate's degree, bachelor's degree, master's degree, and Ph.D. degree programs. Read the Cybersecurity Guide's expert interview with Matt Bishop, who authored the textbook Computer Security: Art and Science.

The Diplomat

The Diplomat magazine covers current affairs in the Asia-Pacific region. It publishes expert analysis and commentary on events occurring in Asia and globally. This includes cybersecurity developments. One example from the Trans-Pacific View Blog of The Diplomat is Mercy A. Kuo's interview with Georgetown University professor Ben Buchanan, author of The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics.

Government Technology

Government Technology and its sister publications report on IT in state and local governments. Part of the mix are in-depth reviews of publications about IT security in the public sector. A 2020 example is this book review by Government Technology blogger Dan Lohrmann, Chief Security Officer of Security Mentor, of Cybersecurity – Attack and Defense Strategies by Yuri Diogenes and Erdal Ozkaya.

Help Net Security

Croatia-based Help Net Security has covered information security since 1998. Topics tackled include technical security challenges and IT management issues. The portal features a dedicated reviews section. Read news editor Helga Labus' review of Chase Cunningham's Cyber Warfare - Truth, Tactics, and Strategies.

Rift Recon Blog

Rift Recon is a boutique cyber- and physical security firm. It provides consulting, training, and software development services. Read the Rift Recon blog interview with Matt Monte, author of Network Attacks and Exploitation: A Framework.

Secure Blitz

SecureBlitz aims to inform about and expose cyber threats on the internet. It occasionally includes interviews with cybersecurity book authors. Read Gina Lynch's interview with Hugh Taylor, author of Digital Downfall: Technology, Cyberattacks and the End of the American Republic.

Solutions Review

Solutions Review publishes content about Enterprise Cloud solutions on its portal. This includes reviews of publications and tools. In August 2020, tech writer Daniel Hein reviewed The Essential Cloud Security Books for Cybersecurity Professionals.

Strategic Piece

Strategic Piece helps B2B companies unify their marketing, sales, and service efforts. Read founder Matt Bell's interview with Jason Rorie, author of Small Business – A Hacker's Playground: Cyber Security.

Tapad Engineering Blog

Tapad (an Experian company) offers digital identity resolution and cross-device identification solutions. Its resident book blogger is Ben Rothke. Rothke, a founding member of the Cybersecurity Canon, reviewed The Best Information Security Books 2020 on the Tapad Engineering Blog.

Want to save yourself the legwork and valuable time when launching your new cybersecurity book?

Need help with your book launch?

Contact us for a referral to industry experts and publicists who can help with your outreach to trade journalists, podcasters, and bloggers, and sign up below for our newsletter with further tips and insights from fellow authors:

By Robert McGarvey

Hotel groups have mismanaged data security for at least a decade. This negligence has put our data in the crosshairs of cyber criminals.

In the Marriott case, the source of the malaise is Starwood, which Marriott acquired in a merger. With Starwood, the group also acquired a massive data breach. Hotel News Now reported that approximately 327 million guests were affected by the breach.

Why am I re-hashing this sorry affair now, two years after the breach was announced? Because the saddest part is that the industry hasn't learned from it.

Hoteliers suck at data security.

Let's look at the data impacted at Starwood. According to the data breach press release by Marriott International at the time, the information included "some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest ("SPG") account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences."

Obviously, for criminal hackers, that's a valuable trove of data. And so online looters have been feasting on hotels and their data -  on us! - for years.

Thus the roll of shame grows longer. Hotel News Now offers a catalog of the worst offenses going back to 2008 when Wyndham suffered the first of what became three breaches extending into 2010.

What are the lessons learned so far?

As far as consumers and business travelers are concerned, it is only a minor exaggeration to say that if you stayed in a US hotel in the past decade, in great likelihood you are a victim of a data breach.

Guests have caught on. They know: give a hotel your credit card, and you put your finances in jeopardy. Class action litigators rejoice. They can't wait to develop a new revenue stream.

I wish I could say that hoteliers had learned their lesson, too. And that hotels were safer today, because of the negative publicity over data breaches, the fines, and the lawsuits.

But they aren't. And if there are any exceptions, nobody has noticed, because it has not been communicated.

I understand if hotels don't want to advertise to the public the details of preventive measures to protect their guests' financial data and privacy. PR and cybersecurity content marketing professionals would know how to handle the messaging part.

The problem is that more than two years after the Marriott mess, there's no positive change to report. The opposite is the case.

Here are three steps hotels can take to win back wary consumers:

• Commit, for real, to proactive cybersecurity as a critical business expense and not as an annoying drain on revenues that guests never appreciate.
• Commit to full transparency and honest communication about breaches and do it soon after the breach is detected.  Mumbo jumbo opacity is the hotelier norm when a breach is detected. That lowers guest confidence and puts us more at risk as criminals gain more time to use the stolen data.
• Commit to telling the world about the cybersecurity steps you took. Of course not with enough detail so that crooks can dodge them. But with enough detail so that guests can sleep soundly at night.

Where to start? In May, the American Hotel & Lodging Association introduced the Hotel Safe Stay Pledge to safely welcome back guests and employees in the age of Covid-19.

The hospitality business has crawled almost to a standstill this year. From a cybersecurity perspective, this could be an opportunity for hoteliers.

They should take inspiration from their own Safe Stay initiative. Why not use the remaining time before the post-pandemic travel boom to develop and implement a nationwide Hotel Safe Data Pledge?

Robert McGarvey (Twitter: @rjmcgarvey) is a veteran technology reporter who has often covered cybersecurity and data breaches especially in financial services and hospitality.

2020 saw The Podcast Explosion, to quote journalist and podcaster Robert McGarvey. The number of podcasts worldwide doubled. It increased from 750,000 in 2019 to 1.5 million, with over 34 million episodes (December 2020).

This trend didn't favor only podcasts about cults or serial killers. The lockdown year also increased B2B content consumption significantly across industries. The demand for cybersecurity content became almost as strong as for COVID-19 topics.

B2B IT security buyers and customers engage with more content more often. Gerd Meissner analyzed this trend in his recent post Hungry for Cybersecurity Content.

They are especially hungry for podcasts about IT security. At least that's what this year's newly minted cybersecurity podcasters are counting on.

And why should only the established players have all the fun?

The "Class of 2020" podcast hosts in this niche come well prepared to meet the demand.

House-bound enterprise CISOs and senior IT security technologists have joined the podcasting community. Another group well represented are cybersecurity training experts, career advisers, and recruiters.

Of the seven shows introduced below, three focus on cybersecurity as a career. They cover security training, career advice, and leadership skills development.

Podcasts keep the line open

Many new industry podcasts and webcasts in 2020 were born of necessity. Trade shows, conferences, and in-person panel discussions have been nixed pending further notice.

B2C and B2B podcasts help fill the void. The hosts can build and strengthen relationships with buyers and customers or clients. They also use their podcast for networking with fellow and future industry professionals.

A list of the "best cybersecurity podcasts of 2020" would have been too subjective. Best for whom? Instead, we've selected seven newcomers to the field that aim to serve their own distinct audiences:

New Cybersecurity Career and Leadership Podcasts

Cybr Podcast (Cybr Inc.)

Dallas, TX-based Cybr has specialized in cybersecurity training and consulting. On his podcast, host Christophe Limpalair focuses on cybersecurity education and career topics.

He created this program for newcomers to the field. Interviews with CIOs, IT Directors, and other cybersecurity leaders provide valuable insights.

Especially career changers, IT students, and recent graduates will find the Cybr podcast helpful.

Listen to it here: Cybr Podcast. Twitter: @cybrcom

CISO Tradecraft Podcast

G. Mark Hardy and Ross Young created the CISO Tradecraft podcast. The co-hosts designed their podcast to share what they call "the adventure of becoming a CISO."

Hardy founded and runs the cybersecurity consulting firm National Security Corporation. Ross Young is the CISO of the Caterpillar Financial Services Corporation. They offer to guide listeners on their path to become competent and effective CISOs.

Reading is one prerequisite, if we follow CISO Tradecraft recommendations. Three of the podcast's six episodes so far (as of December 2020) deal with leadership concepts. They encourage listeners to dive into the management guides mentioned on the program.

Listen to it here: CISO Tradecraft Podcast. Twitter: @cisotradecraft

Cyber Security Leadership Podcast

Soft skill and leadership development is the theme of this podcast. Cyber Security Leadership is co-hosted by Yaron Levi and Jeff Snyder.

Levi is the CISO at Dolby. Snyder a veteran cybersecurity recruiter and executive coach.

The co-hosts share lessons learned in their careers and invite their guests to do the same. What sets their podcast apart is that both are "active" listeners.

Levi and Snyder aren't afraid of pauses, an exception in the often breathless field. They also know how to tell a story without overwhelming their conversation partners.

Listen to it here: Cyber Security Leadership Podcast. Twitter: @SecurityRecruit

New B2B Podcasts for IT Security Buyers and Customers

Ready, Set, Secure Podcast (Set Solutions)

This podcast was launched by Houston-based cybersecurity solution provider and integrator Set Solutions. CTO Michael Farnum hosts the bi-weekly show. He is joined by Senior Solutions Architect Nick DiPasquale.

The co-hosts invite a diverse variety of guests for each episode to discuss IT security for practitioners. Examples are real-time monitoring in the cloud, Zero Trust implementation, and threat hunting.

The Ready, Set, Secure podcast hosts are also comfortable covering "soft" topics. Two examples are workplace diversity and cybersecurity staffing.

Listen to it here: Ready, Set, Secure Podcast. Twitter: @setsolutionsinc

Security Architecture Podcast (Herjavec Group)

Evgeniy Kharam launched the Security Architecture Podcast together with Dmitry Raidman.

The co-hosts have been around the cybersecurity block a few times. Kharam is the Director of the Solution Architecture Division at the Herjavec Group, Raidman the CTO and Co-founder of Cybeats.

Their background benefits the depth of discussions and the lineup of guest experts on their program. They also had a precise game plan for this podcast from the get-go. And it shows.

The webcast/podcast combo was launched only in July 2020. Yet its 15 episodes so far (as of December 2020) already feature a wide variety of subject matter experts. The podcast guest list features various heavy-hitters like BitGlass, Checkpoint, ForcePoint, and ZScaler.

In Season 1, the hosts invited vendors to discuss their Secure Access Service Edge (SASE) offerings. Season 2 episodes are dedicated to Zero Trust Network Access (ZTNA) remote access solutions.

This podcast features a fair amount of industry lingo and cybersecurity acronyms. However, the hosts make it easy for their listeners to follow. The Security Architecture podcast homepage includes a dictionary of IT security architecture-related terms.

Watch or listen to it here: Security Architecture Podcast. Twitter: @secarchpodcast

New IT Security Research and Threat Intelligence Podcasts

Security Science Podcast (Kenna Research)

Cybersecurity shouldn't be a black box, says Security Science host Dan Mellinger. This fast-paced podcast aims to demystify cybersecurity. Its secret sauce: "education combined with a dose of entertainment."

Over 22 episodes so far (as of December 2020), the podcast addressed a broad range of topics. The host and his guests tackled "A Brief History of Vulnerability Management." They explored "Risk, Measured: Epidemiology for Cybersecurity." And they discussed "Reporting Risk to the Board."

An eclectic mix of topics and guests make for an informative listening experience. Key takeaways" in the form of soundbites are shared with each episode on the podcast website.

Listen to it here: Security Science Podcast. Twitter: @KennaSecurity

S-RM Insider Podcast (S-RM Intelligence and Risk Consulting)

S-RM Intelligence and Risk Consulting is a global risk and intelligence consultancy. Associate Director Lenoy Barkai hosts the S-RM Insider podcast.

She convenes industry experts to discuss a broad swath of subject matters. In 2020, topics included "Organisational Resilience," "Cyber Security & 5G Technology", and "Social Media Investigations."

The S-RM Insider podcast took an end-of-year hiatus. Lenoy says it will be back in January 2021, with several guest speakers already lined up. Topics will include cybersecurity matters, threat intelligence, and regional risks.

Listen to it here: S-RM Insider Podcast. Twitter: @SRMInform

Further mentions go to new cybersecurity podcasts of two industry giants:

Securing Digitalization is "The Siemens Cybersecurity Podcast." Siemens Chief Cybersecurity Officer Natalia Oropeza (Twitter: @NataliaOropezaG and Mirko Ross (Twitter: @Mirko_Ross) are the co-hosts.

Security Unlocked is "The Microsoft Security Podcast" (Twitter: @msftsecurity. Microsoft Security evangelists Nic Fillingham and Natalia Godyla are hosting. Their goal is to explore the technology and people behind Microsoft's security solutions.

Will the 2020 cybersecurity podcasts have staying power?

Do the new cybersecurity podcasts of 2020 have what it takes to see post-pandemic success?

We think that most of them are well-positioned to outlast the lockdowns. They have specialized in cybersecurity content niches where they face little or no competition from their established brethren - yet.

Did we miss a new cybersecurity podcasts that you think should be included here? Did you or your company launch a cybersecurity podcast this year?

Drop us a note and let us know, and we may include it when we publish a follow-up. This post was last updated on 2/5/2021.

New research from content platform provider PathFactory reveals a massive increase in B2B marketing content consumption following the first lockdowns related to COVID-19 in the US.

Average session times, on the other hand, saw a significant decrease. During the same period, the engagement with B2B cybersecurity content was almost as strong on average (4:20 min.) as with COVID-19 topics (4:50 min), which top the list.

The findings, derived from data collected from hundreds of enterprises and mid-market technology companies, are now available in a research report titled Content Engagement Report: How COVID-19 changed B2B content consumption in 2020.

Note the dramatic increase in attention paid to IT security-related B2B content. Market observers attribute this to the shift to remote work and the increase in cybersecurity risks that come with it.

This leaves the question what content asset types actually lived up to the task.

What content types do buyers prefer?

In cybersecurity content marketing, what B2B content formats and assets are worth a second look? The new report provides critical pointers.

According to PathFactory, the most-viewed content asset types during the pandemic include webinars, videos, eBooks, and reports. Like before the COVID-19 crisis, eBooks account for the most significant share of total views.

The content format with the largest engagement increase are executive summaries, according to the PathFactory study.

Engagement with executive summaries was up 256.6% compared to the period before COVID-19. To put that in perspective: B2B landing pages saw "only" a 139.5% increase.

More B2B cybersecurity content. But does it stick?

The most-viewed content asset types during the pandemic include webinars (consumption up 128.1%), reports (up 65.1%), and videos (up 27%), reports PathFactory.

Other noteworthy findings from the report include:

• During the pandemic, 17% more visitors accessed B2B digital content, unique asset views were up 40%, and visitors spent 15% more time reading and viewing what they found.
  
• Site visitors interacted with more B2B content, more often: there was a 42% increase in sessions.
  
• Yet those sessions were 17% shorter for "bingers" (visitors who engaged with more than one asset in a single session) and 38% shorter for "non-bingers".

Source: PathFactory

What do these results mean for B2B cybersecurity content marketing?

How COVID-19 changed B2B cybersecurity content marketing

The cybersecurity industry has ramped up its B2B  content marketing during the pandemic. Your company is focusing on webinars, webcasts, videos, and podcasts? So are your competitors.

At the same time, B2B buyers overall spend less time with more IT security content marketing assets clamoring for their attention.

What are they looking for? "Unknowns looked for content credibility, known visitors wanted actionable next steps," the PathFactory report points out.

The pandemic is putting immense burdens on IT, cybersecurity, and compliance technology leaders. It's fair to assume that this particular group's session times are down by even more than 38%.

That means you cannot rely on them patiently sitting through even the most relevant and instructive webinars, webcasts, videos, or cybersecurity podcasts.

They dip in, dip out, and move on.

Based on the new research data, what content should you custom-tailor for this situation?

One answer almost jumps out from the report: executive summaries of webinars and webcasts.

Increase in content consumption by asset type (excerpt)

Source: PathFactory

How to write executive summaries of webinars for cybersecurity buyers?

Research shows that executive summaries of webcasts and webinars deserve more attention in content marketing. Cybersecurity content leaders, read the signs.

Do you want all the efforts your team put into webinars and webcasts to make a dent? Distill them into executive summaries that are custom-tailored to the needs and tight schedules of IT security leaders and C-level executives.

Repurpose your video, audio, and slides for those time-constrained "non-bingers" on a mission. Help them accomplish their mission faster.

Present them with an executive summary of the recording that condenses 30, 45, or 60 minutes (including Q&A) into 2-6 pages. Provide an at-a-glance overview of the main takeaways that is efficiently structured, easy on the eye, and includes actionable next steps.

As a rule of thumb, reading an executive summary should take no more than 10% of the time it would take to watch the webinar or webcast. For a 60-minute production, plan for a maximum of  1,800 words = six minutes at average reading speed.

So, who's writing it?

How to repurpose digital event content without "cheapening" it

Are your company's content writers over capacity? Before you assign the task to a digital events coordinator or your favorite gig marketplace, a word of caution.

Readers expect this format to save them (or their higher-ups) valuable time. They are looking for a quick and effortless read, concise and to the point.

Writing executive summaries is not a task you want to assign to junior content writers on the team or to a subject matter expert involved with the original presentation or panel.

They may know too little or "too much," respectively, to present the gist of the matter in the language, style, and format that readers expect.

Nor is this task something you want to outsource to a random freelancer or an overseas content mill, given the industry lingo of cybersecurity web events. They often involve technical deep-dives and in-depth cyber threat research discussions.

Source: PathFactory

Industry outsiders frequently struggle to accurately excerpt and capture the essence of cybersecurity audio or video transcripts.

Most transcripts for this purpose are automatically generated. They reflect the infamous abundance of acronyms and abbreviations in the cybersecurity sector, interspersed with misspellings (example: "sock leader" instead of "SOC leader").

Clean-up efforts by writers or external editors who are not sufficiently familiar with the subject area tend to introduce more misunderstandings.

"Unknowns looked for content credibility"

Such mistakes will add to your internal content team's workload or, if you miss them, diminish the content's credibility and leave readers less inclined to take the next step.

As the PathFactory report points out, content credibility is key to engaging new visitors (the "unknowns") with whom dialog has not been established yet.

This is especially true for site visitors vetting cybersecurity vendors for their competence and trustworthiness.

Another recent research report, presented by Hinge Marketing: Inside the Buyer's Brain: How You Can Adapt to Shifting Buyer Behavior, shows what B2B buyers are looking for: In 2020, they put the highest value on knowledge of the industry/subject matter expertise (32.2%), up 56% since 2018 (20.6%).

In cybersecurity marketing, executive summaries of webinars and webcasts are a cost-effective way to repurpose digital event programs with content that highlights core competencies, adds credibility, and builds trust.

Did your company host webcasts or webinars over the past months? Extend their shelf life and increase their impact. Contact use now to convert them into executive summaries:

"Learn the rules before you break them" is time-honored advice. Variations are attributed to Pablo Picasso ("Learn the rules like a pro, so you can break them like an artist") and the Dalai Lama (falsely), among others.

My flight instructor had his own version. It ended with "...and only if required in an emergency to ensure a safe outcome."

Title capitalization in B2B content isn't exactly a matter of life or death. So when headlines are created as an afterthought, it often happens with little or no regard for any rules whatsoever.

Did anyone say "style guide"? Oops.

The problem with headlines that flout the rules is that they look sloppy.

A capitalization mistake jumps out at readers. It violates a familiar pattern they have come to associate with trusted sources.

It doesn't matter if they can't put the finger on it.

Something simply seems off.

Which brings us to:

One title capitalization rule to rule them all

Be consistent. That's all.

Title case, sentence case, AP, Chicago, New York Times: Once we choose a headline style for our title or subheadings, we better stick with it.

If we don't, it becomes a distraction and weakens our message.

That rule applies to blog posts, landing pages, and whitepapers just the same.

Or take the overlay text on social media images, for example. In this case, the visual draws even more attention to capitalization errors.

The tools listed below help you ensure consistency for whatever style you settle on.

Before we get there, let's back up for a moment.

You may ask:

Why should we use headline capitalization at all?

Fair question. Given the variety of distinct title capitalization rulesets and fringe cases, who really has the time?

If your company sells to the federal government, guidance comes from the US Government Publishing Office. It published a 42-page document on Capitalization Rules [PDF] in headlines and beyond.

You may need a break after reading it. Reward yourself and enjoy the flowchart below, courtesy of The Millions:

Please note: The information on the whiteboard is true to the style of The Millions and Publishers Weekly specifically.

Photo: John Maher / The Millions

As for the initial question - should you capitalize your headlines?  - don't expect much more help from the web.

Research: Which headline style do people prefer?

In the US, title capitalization was taught in school. It is expected in book titles and academic writing. All major newspapers, magazines, and other leading news sources used to capitalize their headlines.

This has changed.

Yes, some - The New York Times and The New Yorker are two examples - still do. But many others have changed their headline style rules over the past two decades. That group includes ABC News, The Boston Globe, CNN, NBC News, The Washington Post,  and The Los Angeles Times.

So why do we still use title style headlines on industry blogs and other B2B content, including this one?

Because readers prefer title case headlines, they perceive them as more credible and authoritative.

Or so we learned. Does research really back this up?

When I prepared this post, I couldn't find any current research that would support that assumption. (If I missed something significant, drop me an email; I will amend this post with a link and credit you.)

A few content marketing blogs mention a contributed post from 2013 on the Moz Blog, 5 Data Insights into the Headlines Readers Click. It references a study conducted by marketing firm Conductor.

The agency asked 750 US-based online users about their preferences. At the time, 64% of readers preferred a title case headline ("The 5 Steps to Prepare for the Impending Zombie Apocalypse").

The Conductor study also found that 21% liked to be yelled at in uppercase ("THE 5 STEPS TO PREPARE FOR THE IMPENDING ZOMBIE APOCALYPSE"). Only 7% preferred the sentence case headline ("The 5 steps to prepare for the impending zombie apocalypse").

Mind you, those were responses to a question.

The proof is in the click on the actual headline. Perhaps online advertising experts have more current data?

Test: Headline capitalization in pay-per-click ads

Recent insights come from Pay-Per-Click (PPC) online ads, courtesy of Kristin Palmer. She conducted a test for Clix Marketing in 2019.

The campaign manager wondered if ads with title case would draw more clicks than those with sentence case, or vice versa. Palmer used the headlines of two clients' Google and Microsoft ads to find out.

I recommend reading her post. Palmer published the methodology and findings of her title case test on the Clix Marketing Blog.

The results were decidedly - inconclusive.

Headline capitalization - yes or no?

Where does all this leave us in cybersecurity content marketing?

IT security is a conservative industry. Most cybersecurity blogs and portals continue to capitalize headlines, a glance at feed aggregator platform Security Boulevard confirms.

In most whitepapers and research reports of this engineering-driven community, headlines are capitalized. Such content often reflects the academic style - for better or for worse - of computer science and engineering departments, where capitalizing publication titles is the norm.

Change is underway, though. Influential IT security blogs and websites have found that opting for sentence-case headlines didn't harm their chances with fellow cybersecurity professionals.

Out of 27 sources named on Upguard's The Top Cybersecurity Websites and Blogs of 2020, for example, more than one-third use sentence case in their post headlines.

Bottom line: With quality content, it doesn't matter if you use sentence case headlines or capitalize titles on blog posts and marketing collateral.

What matters is consistency.

Three title capitalization tools that help ensure consistency

Applying headline style consistently matters. It speaks to a company's ability to organize its content as a brand.

Stick to the style your team has settled on. Does that require title case in headlines and perhaps also subheadings on your business blog, for example?

Then it should be applied consistently and in sync with the chosen ruleset for each post.

You may have memorized the main rules. But what about the fringe cases? Sooner or later, you'll need a headline capitalization tool.

Web-based title capitalization tools save time, because they have the rules baked in and instantly apply them to any headline you enter. They help prevent mistakes that could weaken our message and become a distraction for readers and viewers.

Check out my recommendations below. I've picked three free writing tools that offer quick and straightforward help with headline capitalization:

Capitalize My Title

Capitalize My Title pioneered the free headline capitalization tool genre. The site has since developed into one of the most versatile free online multitools for bloggers, writers, content marketers, and educators.

Capitalize My Title is my go-to online tool for headline capitalization. It offers a straightforward conversion form for capitalizing headlines and subheadings based on the APA style guide, the Chicago Manual of Style, the Associated Press (AP) Stylebook, the MLA Handbook, the New York Times style guidelines, Wikipedia's capitalization rules, or a separate ruleset for email (the differences are explained here).

I've mentioned the site before in my short headline analyzer tools overview on the Cybersecurity Writers blog. Conveniently, headline analysis can be applied directly from the capitalization interface.

Title Capitalization

This tool offers a minimalist take on the genre. It also presents a variation of the headline for each major style with a short rules overview on the same page.

Title Case Converter

The Title Case Converter's clean interface enables headline capitalization based on the most-used rulesets - with a twist.

This helpful feature turns the Title Case Converter into a learn-as-you-go tool. Once a headline has been converted, the converter explains why each word was capitalized or lower-cased.

The tooltip tutor enables writers and editors to learn or refresh their command of a selected style while applying it.

Expect further hands-on tips in our upcoming posts and mailings. Are you looking for subject matter experts who plan, create, and promote targeted IT security content fast? Let us know.

Contact Cybersecurity Writers to learn about our process and

“Oh please... ” - that was my first thought when it popped up on my screen this morning. One more blog post from an IT security vendor that began with: “In today’s digital age…”

You’ve seen your share of openings like this, I’m sure. Usually, I would not have taken a second look. Life is too short.

Talking about starting with a whimper and snail-pacing downhill from there. I won’t link to the post here.

That’s to protect the innocent. It’s also because of what I found next.

The blog seemed to target buyers in the retail sector. Maybe they would read past that opening hurdle and lap the rest right up?

Perhaps I’m just too picky, I told myself.

Coffee beats bromide. Until it doesn’t.

Any other day, I would have moved right on. This morning, one sip of coffee later, I smelled a blogging opportunity.

With a more positive outlook, I dared a quick scan. This is what I learned:

For content that begins with “In today’s digital age…”, you cannot set your expectations low enough.

After so many years, I should have known better. It made me wonder, though.

Cliché as a “hook”? Read it as a warning label.

How often does the opening line  “In today’s digital age…” still appear on IT security blogs? Or in other B2B content?

And why? As a warning?

So I googled it. Before we get to the results, a bit of background first.

I’ve written, edited, and broadcast about IT security, data protection, and privacy for general and business audiences since before the term “cybersecurity” or “cyber security” (take your pick) was coined.

To put things in perspective, that’s about as long as professional journalists, writers, and editors have avoided the cliché “In today’s digital age...”

Some have not.

This is where it gets disturbing. According to Google, it’s still a thing in 2020, even in headlines.

In 21st-century cybersecurity content marketing, why is this cliché still a thing?

Look, I get it. We are not writing for an audience of professional writers or editors. But that doesn’t mean it’s okay to underestimate all other readers.

The problem with this particular cliché is the airs it puts on.

It reads and sounds like a heads-up for someone who spent the past 50 years herding camels in the Mongolian desert, without contact with the rest of the world.

The gut reaction of anyone else, especially in IT, to such twaddle: “Don’t waste my time.”

What’s the big deal then, you ask? They’ll not read further, so what? Content marketing #fail. Case closed.

Not so fast. Starting with a non-starter isn’t the only problem here. Let’s also consider the collateral brand damage.

Three reasons to ban “in today’s digital age…” from your content

Here are three reasons why smart cybersecurity companies ban this cliché from their content marketing altogether:

• It’s a throwaway line, one that qualified as a truism already decades ago.
  
  It doesn’t add anything of value for today’s readers. It seems oblivious to their time constraints, treats them as if they were yokels without a clue, and expects them to read on no matter what.
  
  What it signals about the brand behind the copy: “We just want to sell stuff and couldn’t care less about you as a prospect or customer. Now go buy our solution already.”

• It’s a bromide at best and lazy at worst.
  
  The writer could have gone straight to the core of a subject matter or at least laid the groundwork. To deploy the mother of all cyber platitudes instead reveals a breathtaking lack of research and preparation.
  
  What it signals about the brand: “We lack focus and couldn’t be bothered with doing our homework, but hope  you hang in there with us anyway.”

• It’s cheap.
  
  This kind of copy is typically cranked out by freelance writers who lack experience, don’t know the subject area, or both. Sarah Rickerd wrote about it on the Content Marketing Institute’s blog: Why Freelance Writers Aren’t Getting the Results You Want.
  
  Often they are generalists who get paid a few cents per word to create content around SEO keywords.
  
  What it signals about the brand: “We are too cheap for basic quality control and don’t care if our content reflects poorly on our products or services.”

If you are in cybersecurity, those are messages you don’t want to send. So why do some companies still think that this hokum could work as a “hook”?

Perhaps they simply haven’t found an editor yet who knows and cares about such details and how to fix them.

If that describes someone you know, feel free to forward them this post with my email address.

Expect further hands-on tips in my upcoming posts and mailings. Are you looking for subject matter experts who plan, create, and promote data-driven, targeted IT security content fast? Let us know.

Contact Cybersecurity Writers to learn about our process and

Okay, I've fibbed in the headline, but only a bit. There's not just one key. There are several, and they won't magically unlock a secret vault of headlines that somehow will rocket your content to the top of Search Engine Results Page (SERP) #1.

So you still have to come up with your own headline. This becomes even more challenging when it entails a topic that's hot in the industry, such as the cybersecurity risks of remote work.*

Since magic is off the list, let's eliminate the ineffective guesswork involved with B2B headline writing next. Why not use tools that deploy psycholinguistics and inferential statistics instead?

Three of these headline analyzers helped me with the title of this post. Check them out below. Did it work?

You decide. If you've read this far and are an old hand at headline writing, feel free to skip the next two sections and scroll right down to the goodies below.

On a deadline, mind your headline

On a deadline, it's easy to forget that the whole effort's success ultimately rides on the headline.

Will it stand out? Does it "speak" to our audience? And does it address the question on the mind of busy professionals when they quick-scroll through their feed readers or email inboxes and come across your post: "What's in it for me?"

If our headline or subject line cannot answer that last question upfront, they won't feel compelled to click. Only a few hardened souls (thanks, mom!) will read our post or landing page or whitepaper or email.

And forget about them making it anywhere near the call-to-action button. The blog post may be a masterpiece of IT security content marketing, but nobody will ever know without a headline that works. Game over, before it has even begun.

How to improve your headline in under 2 minutes

Science-based headline analyzer apps measure a title's or subject line's potential to grab human readers' attention online. Before we conscript them to serve as our free data-driven copy editors, let's take care of a few basics first.

Does our headline meet essential SEO requirements, such as including a relevant keyword? After all, bots have to pick up on a headline so that people can find and click on it.

B2B headlines that set specific expectations drive more traffic. Options range from including a number to directly addressing the target audience ("...for IT Admins") to promising valuable insights on the fly ("…In Under 3 Minutes").

Can the content deliver on what your headline is promising? Keep in mind that most IT security professionals have no tolerance for clickbait. There's a reason why even Buzzfeed stays away from Buzzfeed-style headlines for cybersecurity topics.

Screenshot: Blog post title score on the EMV Headline Analyzer

Three free tools to adjust your headline in a hurry

Do you have a solid headline draft? Then it's time to run it through one or more headline analyzer apps and use their feedback to calibrate your message.

I selected three of these online tools for copywriters to tweak the title for this blog post. Each of them has its own advantages:

• CoSchedule's Free Headline Analyzer covers the basics. It's designed for quick assessments of a headline's sentiment, word balance, and length.

👍 for the headline "Skimmability" gauge. It marks the words most readers will focus on.

• The Headline Analyzer at CapitalizeMyTitle.com evaluates the headline or email subject based on more than 50 different data points and rates it on a scale of 1-100. It emphasizes readability and SEO impact.

👍 for the built-in weasel word detector.

• The Advanced Marketing Institute's no-frills Emotional Marketing Value Headline Analyzer, the pioneer in this category of copywriting tools, doesn't concern itself with SEO. It estimates the emotional and intellectual impact of word choices.

👍 for how easy the EMV Headline Analyzer makes it to home in on a headline that predominantly appeals to most people's intellectual sphere.

Such headlines are "especially effective when offering products and services that require reasoning or careful evaluation," according to the site, so it's a logical choice for cybersecurity industry blogs, ads, and email subject lines.

To fine-tune my headline for this post, I first ran my drafts through all three tools. Then I let the EMV Headline Analyzer tip the scale when I chose the final title, because I write for people, not (Google) bots.

I've found in the past that an EMV score above 50 means that a headline will fulfill its purpose. Did it work?

You be the judge.

Expect further hands-on tips in my upcoming posts and mailings. Are you looking for subject matter experts who plan, create, and promote targeted  IT security content fast? Let us know.

Contact Cybersecurity Writers to learn about our process and

Have you ever overheard bystanders recount a car crash to the first police officer on the scene?

More often than not, they can’t contain their excitement. With great enthusiasm, such incidental eyewitnesses share a torrent of unstructured and unfiltered details, insights, and observations. Leave it to the officer to sort out what’s relevant and what’s not.

Many IT security firms suffer from a similar affliction when they create content. In my experience, this holds true for startups as well as for the content marketing programs of enterprise-level Software-as-a-Service (SaaS) providers.

Instead of engaging the target audience, it often results in confusion and numbness. Countless cybersecurity blog posts, whitepapers, marketing collateral, even press releases include everything and the kitchen sink*. They are wordy and awash in non-essential, irrelevant information.

Throw in an “APT” here and a “SIEM” there, and we should be good. Wait - don’t forget to mention “Ransomware” in the headline. Making sense of it all? Let’s leave that part to the readers.

How poor writing waters down your message

Cynics will argue that this is not a bug of content creation in the cybersecurity industry - it’s a feature: the verbosity of snake oil traders. I disagree, for mainly three reasons:

1. Unfair generalizations like this underestimate the audience. Most industry readers or cybersecurity podcast listeners won’t fall for empty posturing. Besides, other technology sectors grapple with similar content challenges.
2. Lack of substance isn’t the problem. What weakens the message is the lack of IT security engineers who know how (and have the time) to structure and write impactful cybersecurity B2B blog posts or product marketing collateral.
3. Most importantly, web metrics prove that most cybersecurity professionals have little patience for meandering content. They prefer relevant, straightforward, and actionable pieces that add value and don’t waste their time.
   

For a few examples, check out Feedspot’s Top 100 Cyber Security Blogs and Websites in 2020 For IT Security Pros.

What do the highest-ranking blogs on this list have in common? They attract new readers and turn them into loyal followers with posts that meet these quality standards.

Cybersecurity writers and researchers wanted

Experts who are skilled at planning and crafting such content are much in demand. They are also hard to find. The writers and editors at non-specialized marketing agencies, on the other hand, lack the required subject matter expertise.

How to create a strong cybersecurity blog post or piece of collateral? Start with a clear understanding of the purpose and key target audience. Then structure the content so that it fits the audience and supports the purpose.

A thought leadership post on data protection and compliance, for example, will require a different approach and Call to Action (CTA) than a remote work cybersecurity tip sheet for IT admins or a webinar executive summary.

Expect more detailed, hands-on tips in our upcoming posts and mailings. Does your team need expert help with creating and promoting quality cybersecurity content fast? Let us know.

Contact Cybersecurity Writers to learn about our process and

*Check out this post on another cliché to avoid in cybersecurity writing.