Congratulations Team CloudLock!

by Nathan W. Burke on June 29, 2016

Screen Shot 2016-06-29 at 5.49.35 AMBig news today, as CloudLock was acquired by Cisco for $293 million. From the announcement on TechCrunch:

Twilio isn’t the only company banking on API-based services as the way forward for enterprises. Today, Cisco announced it plans to pay $293 million in a mix of cash and equity to acquire CloudLock, a cloud-based security provider that uses APIs to let enterprises apply and monitor security on documents and other content that they share and store in cloud-based applications.

CloudLock works with Office365, Google Drive, and Salesforce applications, among thousands of other apps and software. Its focus is on offering security and enforcing policies to protect documents, regardless of device used to access it, and allowing for specific controls based on location. In that regard, CloudLock is tapping into another big trend beyond the use of APIs to implement services: that of “consumerization” in IT, where people are using their own (unsecured) devices for work purposes, and in a range of environments from their homes to places where they are connecting by (also unsecured) public WiFi networks. The company has more than 700 customers, Cisco says.

When I left CloudLock in 2013, I wrote the following post, saying:

Though I hope to have thanked everyone individually at CloudLock before the end of the day today, I want to do it here, too. I’ve worked with incredible people at CloudLock and have learned a lot. I wish everyone continued success, and will be following the company closely as it becomes the #1 company people think of when they’re looking to keep information secure in the cloud.

Looks like they made it. Congratulations, everyone!


The first article in my monthly column for DarkReading is now available. The Gamble Behind Cyber Threat Intelligence Sharing looks at how current approaches to threat intelligence sharing are reminiscent of  the Griffin Book or the blacklist used by casinos to identify known cheaters. From the article:

In theory, sharing threat intel makes sense. But in cybersecurity you’re not dealing with known individuals, you’re dealing with anonymous adversaries capable of rapid change.
The U.S. Department of Homeland Security deployed its Automated Indicator Sharing (AIS) system in March to enable the exchange of cyber threat intelligence among private and public organizations. Their motivation is clear: to increase the breadth and speed of information sharing in order to help all types of organizations act more quickly and better defend themselves against emerging threats.

The concept of sharing information to fight common adversaries is nothing new. It’s similar to the Griffin Book or the blacklist used by casinos to identify known cheaters. The casinos share information on shady characters with the gaming board or Griffin Investigations, and they disseminate that information to all casinos so they can identify and ban cheaters. It’s a great idea – share the intelligence and everybody (but the cheater) wins. And in the case of casinos fighting criminals in physical locations, it makes all the sense in the world.

There is almost unanimous agreement among security professionals that cyber threat information is similarly valuable to their organizations. However, digging deeper into the attitudes and implementation barriers to sharing that information unveils myths and significant reticence that make it a lot less simple than it might sound.

The full article is available here.


Today our company announced our Series A funding round with HP Ventures, Ten Eleven Ventures, and YL Ventures participating in the round. From the release:

Hewlett Packard Ventures, Ten Eleven Ventures, and YL Ventures Join in Series A Funding for Security Orchestration and Automation Pioneer Hexadite

$8 Million Investment Round to Fuel Research and Development and Expand Marketing and Sales Worldwide

BOSTON and TEL AVIV, Israel February 10, 2016 – Hexadite, Inc., the leader in security orchestration and automation, announced today it closed $8 million in a Series A funding round from Hewlett Packard Ventures, Ten Eleven Ventures, and YL Ventures, who also invested in Hexadite’s seed round. The company plans to use the funds to accelerate research and development in Israel, expand its marketing and sales operations worldwide, and continue to build momentum for the industry’s first solution that fully automates cyber security incident response, Hexadite AIRS.

The Press Hat

20160210_065558Traditions are important. Back when I was at matchmine, I purchased a very ugly hat which began a tradition. Each time I participated in a launch announcement, I would call on the press hat for good luck. You can see it during the Series B announcement for CloudLock in 2012, and it is now being called upon for good luck during today’s announcement.


There are 3 main points we hope to highlight in today’s announcement:

  1. We’re Going to be Here for a While – With so much heat and consolidation in the cybersecurity space (see FireEye’s acquisition of Invotas), it stands to reason that enterprises are cautious when purchasing security solutions from early stage companies. It’s something Adrian Sanabria from 451 will be covering at RSA in his session “Security Startups: The CISO’s Guide to Flying High without Getting Burned“. Investment from a company like HPE and a VC firm with such deep cybersecurity expertise like 1011 gives customers the confidence they need to work with us.
  2. Security Orchestration and Automation – We’re operating in a space (cybersecurity) that is morphing at the speed of light. Whenever that happens, it takes time for the industry to decide what to call itself. While some say “incident response” and others “endpoint protection”, we wanted to be clear around the fact that we orchestrate and automate. We orchestrate the incident response process by taking input from the devices and security systems you have in place, then automate both the investigation of alerts and the incrimination, exoneration, and resolution of threats.
  3. When We Say Automation, We Mean It – Where other solutions automate the collection of data and hand off instructions to humans, we actually do the work. From alert to full resolution, our definition of automation consists of taking action.

Media Coverage

To me, the day before a launch/announcement is exhilarating. You get a chance to talk to members of the media who haven’t been living in your 4 walls in order to test the theory that your messaging is crisp, clear, concise, and interesting. And while you should be prepared to anticipate a wide range of questions, this is the first time you can test your positioning in the wild outside the lab. You’ll almost always get questions and feedback that would be impossible to prep for in a simulation, and that’s the fun part.

A few highlights:


So…Is There an RSA Attendee List?

by Nathan W. Burke on February 6, 2016

rsa logoIf you’re at a security company and are exhibiting at RSA, chances are you’re getting dozens of emails from list vendors asking if you’d like to buy the 2016 RSA attendee list. In this post, we’ll look at how and why this RSA attendee list spam exists, and we’ll explore whether such a list exists in the first place.

Part One: The Motivation is Clear

With vendors paying between $35,000 and $350,000 for booth space on the expo floor, it’s easy to see the perceived value of the RSA Conference’s attendees. In fact, the RSA exhibitor prospectus claims the following about the show’s 30,000+ attendees:

Screenshot 2016-02-06 15.57.55 Screenshot 2016-02-06 15.57.49

Put simply, you can’t get 30,000 security executives in a room for a few days at any cost. If you’re a company selling information security solutions, you have to be there.

What’s the goal of the show? Aside from the requisite awareness, the goal is always to talk to people that will want to buy your product. Short of actually making the sale at the booth, the idea is to qualify, educate, and then get prospects to take a demo after the show. You scan a prospect’s badge, get their email address, and get in touch with follow-up information to hopefully turn interest into a sale.

So if you’re trying to calculate whether it’s worth spending a minimum of $35K at a show, you’d want to look at the qualified leads you generated at the booth. The data list vendors have a pretty compelling message: not everyone in attendance is going to stop by your booth to get scanned. Why not buy the entire attendee list with contact info from us, and you can then:

  1. Email the entire list, promoting your booth before the show.
  2. Send a message to everyone, thanking them for stopping by your booth.
  3. Focus only on quality when talking to people in-person, since you can email everyone else post show.

From the list vendor’s perspective, you’ve already shown the value of attendee contact info by paying to exhibit at the show. Why not spend a little extra and get the full attendee list?

Part Two: How List Vendors Get Exhibitor Info

This part is easy. You can very easily see the full list of companies exhibiting at RSA here on the conference website. What’s even easier is the fact that each exhibitor gives an email address that is published on their profile page. For example:

Screenshot 2016-02-06 16.13.02

For those with time, simply firing up an excel spreadsheet would allow a list vendor to copy and paste the company name, email address, and phone number to build their list. You could do something more automated if you wanted, and many list vendors will add a few commonly used email addresses like sales@, marketing@, and contact@ to each domain they find.

Once they’ve created their target list, it’s time to craft an email. An example:

Hi Team,

Happy New Year!!!

I was going through RSA Conference 2016 Exhibitors Guide and came across that your Organization will be attending RSA Conference 2016 Annual Conference and Exhibition this FEB 29-MAR 4, 2016.

I’m sure you will be interested getting in touch with these RSA Conference 2016 attendees prior to the conference meet or send an invitation to these attendees for a visit to your booth.

We have over 15,000 attendees list with complete contact information attending RSA Conference 2016.

If you are interested do let me know, so that I can send the details of the counts and commercials related to the same.

Please forward this email, if you think I should be talking to someone else on this.

Susan Miller

Sr. Marketing Consultant

This year there have been so many of these that RSA felt compelled to send the following:

RSA Conference 2016 Exhibitors,

Many of you report being spammed by individuals or companies offering to share the RSA Conference 2016 attendee contact list. These people reach out to exhibitors, attendees, random people and press with offers like “I have the RSA Conference attendee list – you want to buy it”? I’m sure you’re personally spammed by these types of companies for all large events whether RSA Conference, SXSW, CES, Oracle World, Dreamforce, etc. In each instance the vendor claims that their email contacts are those from the attendee list for a given event.

RSA Conference takes the privacy of its attendees very seriously and it does not share any attendee list with anyone, including sponsors and exhibitors at any level. Additionally, no RSA Conference supplier has access to the RSAC attendee contact list. Any official RSAC supplier reaching out to you does so on behalf of the RSAC Event Management team for the purpose of confirming an existing order, or as a customer service courtesy as an order deadline approaches.

Part Three: How The Data Vendors Get Attendee Lists

There are generally three ways data vendors get the attendee lists for an event.

  1. They Buy the List from the Conference Organizer – In this case, it would be very difficult to believe that RSA would sell their attendee lists, but there are other conferences that have no problem sharing their attendee info. Although RSA has caused controversy with its choice of keynote speakers from a TV show and capturing attendee twitter credentials, selling access to attendee info would likely be the end of the show.
  2. They Steal the List from the Conference Organizer – Some conference organizers have lax security measures with open directories and spreadsheets publicly available from a google search. Here’s a good example of the GSA Training Conference and Expo 2011 final attendee list I got from a simple google search:  security conference attendee list filetype:xls

    Another way to steal the list would be from the badge scan company. If you were able to break into their systems and download all booth scan data, you would then have the full attendee list of anyone scanning at any booth. 

    In this case, they’re simply finding an old list, changing the date, and selling it as new. Depending on the level of sophistication, they might even do some social lookups to find people who are tweeting about going to the show, and they may even remove companies that have gone out of business.

  3. They Buy the List from Exhibitors – This is the most prevalent method of acquiring an attendee list. A list vendor will pay part of the cost of an exhibiting company’s booth fee in order to get the full list of badge scans. When this happens, you’ll see a vendor that has an expensive prize that will be raffled off at the end of the show to a lucky winner, giving everyone at the show motivation to scan their badge regardless of interest in the vendor.

    You’ll even see people dressed in crazy costumes running around with badge scanners and iPads soliciting entries for the prize drawing. As their goal is to get every name they can, they don’t generally stay at the booth. They’ll risk getting tossed from the show, as the conference organizer never knows who these scammers are affiliated with.

    Using this method, the data list vendor is simply selling last year’s attendee list with this year’s date on it. They figure a large percentage of attendees will go year after year, and they’re likely right.

Part Four: Let’s Test Our Theory

m_img_71190So far, I’ve offered nothing but wild conjecture at best. However, it would be easy enough to test the theory with a little bit of patience.

Test 1: Attendee registered with email alias, no booth scans – First we need someone that has registered with RSA with an email address they haven’t used before. Best to use an alias. Then, that person can’t scan their badge at all during the conference, thereby testing whether vendors were able to somehow get access to the actual registration list. It will take a long while to see if that email address starts getting vendor emails (maybe).

Test 2: Attendee registered with email alias, scan at just one booth – Certainly not perfect science, but this test would let us see whether there’s a possibility that a vendor broke into the scanner provider’s database and downloaded all booth scan lists. Again, this would only work with an email address that isn’t used other than for this purpose, isn’t something easily guessed, etc.

Test 3: Attendee registered with email alias, scans at multiple booths, not used again – In this test, the address would be used at multiple booths, but wouldn’t be used in the future to register for a conference. That way we’d know that vendors are just selling old lists each year.


Where there’s money to be made and anonymity to be had, vendors will offer conference attendee lists and marketers will buy them.  I can obviously understand spending short money to spray and pray with the opportunity to get a handful of people to the booth, but it just feels wrong and lazy.




Content Marketing Monday

by Nathan W. Burke on January 5, 2016

content-stages Image via BuzzSumo

It’s Monday, and as is tradition since 30 seconds ago, time for a roundup of content marketing resources.

Content Marketing Strategy

50 Things We Learnt About Content Marketing This Year (via BuzzSumo)

3 Content Marketing Assets to Skyrocket Sales (via Content Curation Marketing)

A Marketer’s Guide to the Perfect Headline (via Convince and Convert)

Content Marketing Tools and Templates

2016 Content Marketing Toolkit: 23 Checklists, Templates, and Guides (via Content Marketing Institute)

105 Ideas to Add to Your Editorial Calendar (via Convince and Convert)

Keyword Research

Dialing in on Cheap Keywords for your PPC Campaign (via SEMRush)


Startup Marketing Roundup: 1/2/2016

by Nathan W. Burke on January 3, 2016

A roundup of startup marketing news.

Account Based Marketing

The Best Resources for Account-Based Marketing (via Kissmetrics)

Why Account-Based Marketing Is a No-Brainer (via Kissmetrics)

Content Marketing

Become a More Effective Marketer in 2016: 5 Questions to Answer (via Content Marketing Institute)

Jump-start Your 2016 with the Best of Copyblogger 2015 (via Copyblogger)

Email Marketing

7 Email Marketing Predictions For 2016 (via Marketing Land)

Marketo Data Tells Us: Which Industry Has the Best Email Performance? (via Marketo)

Lead Nurturing

6 Essential Nurturing Workflows For Every B2B Company (via Hubspot)

Paid Advertising and Promotion

How to Effectively Use Remarketing (Infographic) (via Kissmetrics)


How to Earn Free Press for Your Business When You Have No Connections (via Hubspot)


17 SEO Myths to Leave Behind in 2016 (via Hubspot)


different-870x870Until April of this year, I’d always worked at small companies. After being at 4 startups in a row, I made the leap to join an 18 year-old public company that was bringing a new product to market. Billed as a startup within a mature company, the global marketing team alone had more employees than any other business I’ve worked in.

Next week I am going back to the startup world, joining an early-stage security company that is changing the way businesses handle cybersecurity incident response. Before that, I thought I’d take a minute to reflect on the differences I’ve seen as a marketer within B2B startups and at a public company.

  1. There is no better, only different – Working at an early stage startup, it would be easy to say “If I only had the budget and headcount, I’d be able to do so much more.” However, with additional headcount and budget come additional processes and layers of management that can slow progress to a halt. The size of the company doesn’t decide whether there will be marketing challenges, it only determines which set of challenges you’ll have to face.
  2. Clear goals are critical – At a startup the list of things you could be doing is far longer than the time and resources you have. At a larger company, the resources and time can easily be spent on activities that translate to being busy. In both cases, without a disciplined commitment to a clear set of goals, it’s easy to spend 12 hours a day doing things that don’t matter.
  3. Predictability is the answer – Startups can afford to be nimble and experimental, but that can often result in changing focus so often that people don’t know what they’re doing. Frequent changes in direction make people say “why should I work hard on something that will be scrapped in 2 weeks when we change course?”. At a more mature company, it can often take weeks to get a simple campaign off the ground, as coordinating interdepartmental resources is akin to directing air traffic. In both cases, setting reasonable expectations with as much prep time as possible is the only way.
  4. Quality and follow-through beat quick and “one and done” – At a startup with an infinite list of “to do” items, just knocking things off the list can feel like a victory. Similarly, at a larger company with siloed responsibilities and handoffs, doing your own piece can lead to a “I did my part” mentality. While keeping up with the workload is certainly important, losing sight of why you’re doing it and what happens next is just as important.

    Think of any event you’ve ever done. While so much work goes into planning, coordinating, and executing, what happens to the leads after you’ve broken down the booth? Leaving it up to someone is a bad idea.

  5. People want to do great work –  Regardless of company size, people want to do work they can be proud of. Whether that means giving someone the creative freedom to try something bold that may fail or allowing people to specialize in what they’re passionate about, great work is the result of pride. Don’t try to turn people into cookie-cutter, mass production machines. Harness what they love to do, and you’ll get something special out of it.

Although I do believe that startups are a better fit for me personally, I’m thankful for the time I spent at Intralinks. I worked with some truly remarkable people, and learned a lot by being exposed to a larger, global public company.


Can’t Miss Startup Marketing Posts – 11/18/15

by Nathan W. Burke on November 18, 2015

A roundup of relevant startup marketing blog posts, news stories, and announcements.


17 Ways to Guarantee Nobody Misses Your Next Webinar or Webcast – No matter how great the content of your webinar is, though, it doesn’t mean much if there’s nobody there to hear it. So what do you do to ensure people actually, you know … show up? Turns out, there’s at least 17 things you can do to get people aware of, excited about, and attending your next webinar. Here’s a guide to making your next webinar a rousing success. (via HubSpot)

6 Steps to Your First 100 Email Subscribers (The Easy Way)  If you want to maximize your business’ profit, there’s one thing you need to know: email marketing has a return on investment (ROI) that beats any alternative—by a lot. (via QuickSprout)

53 killer tips to boost your Facebook, Twitter and LinkedIn ads – Mastering Facebook, Twitter and LinkedIn ads can be the key to bringing a massive amount of new leads at low costs. While Google Adwords focus is search driven traffic, advertising on social networks opens a new world of opportunities – new audiences, new ways to reach prospects and amazing segmentation options. The goal of this guide is providing easy to implement hacks which can help you reduce your current advertising costs by 80%. (via Oribi)


How to Do Curated Content RIGHT: A Step-by-Step Guide Almost all content marketers curate content in one way or another. One report found that 82% of marketers curate content. Overall, the best marketers create around 65% of their own content and curate an additional 25%. (via QuickSprout)

Creating an Effective Marketing Email (Infographic) So, how can your marketing email stand out in an already crowded inbox? The first step is with the subject line. Because if you can’t get them to open it, then the actual email message doesn’t matter. After that, there is seemingly an endless list of elements to test. (via KissMetrics)

How to Make Every Piece of Content SEO Friendly SEO used to be the realm of experts who worked their dark arts and somehow boosted rankings. Today, there aren’t as many secrets to SEO. And those “dark arts”? They’ll get your site penalized or delisted. (via Content Marketing Institute)

Follow Through

What to Do with All the Business Cards from Your Last Conference (via HBR)


Pre-Order The Secret B2B Marketing Playbook

by Nathan W. Burke on August 15, 2015

You may have noticed the image on the right. I’ve finally decided to dedicate the time to write the missing manual to B2B Marketing I wish I had years ago.

From the description:

Most eBooks about B2B Marketing are a level up from actionable. They do a decent job of covering the philosophy behind B2B Marketing, but provide little advise on what you can do now to put theory into action. The most you can come away with is an understanding of what can be done, but nothing about what should be done and why.

This book is intended to be the manual sitting on your desk on your first day as the head of Marketing at a brand new company. It is full of strategies and tactics you can put to use immediately to create your Marketing machine.

I’ve set the release date for March 14th and the price is $10. At over 100 pages, that’s only ten cents per page!

Pre-order the book here on Gumroad, and you’ll only be charged when the book is available.



writingThe (Retail) Content-Powered Organization

Last week, I had the opportunity to spend a day at the FutureM conference in Boston to hear Marketing innovators share their stories. One panel in particular stuck with me, and here’s a summary of lessons learned. 

Moderated by Michelle Heath from Growth Street Marketing, the panel included Patrick Cassidy, Global Digital Strategy Head at New Balance and Ian Fitzpatrick, Chief Strategy Officer at Almighty.

The theme of the session was to share lessons learned by both agency and client in their journey to create meaningful content that delighted customers while aligning with business goals. Each lesson was presented and translated into takeaways from both the client and agency side.

Lesson 1: Build a culture that obsesses over the basics.

It’s easy to lose sight of basic rules like speaking in the language of the customer, not touting the intricacies of product features, and using internal terminology not meant for the outside world. In many cases, content is created in a vacuum without keeping the consumer of said content in mind.

Brand: We have to be careful about talking to ourselves. ‘Plush leather upper’ said no one, ever.

Agency: Don’t be above anything. As long as it fuels client business results, be open to it.

Takeaway: You’re not creating content for yourself. Always keep the customer in mind, and be open to what works even if it is uncomfortable.


Lesson 2: Treat outside communities as inside communities

Don’t engage for engagement sake.

Brand: We have to think about engagement on a business goal level. What kinds of interactions can we connect to conversion, and what sorts of ongoing interactions will that require of us?

Agency: Great content lives in the margins. Sometimes, our best role is in helping to identify the interesting (and interested) inside the organization.

Takeaway: Find the conversations that are taking place and determine how you can contribute in a way that is authentic, valuable, and meaningful.


Lesson 3: Find your organization’s beginner’s mind.

From Zen Mind, Beginner’s Mind by Shunryu Suzuki Roshi

In the beginner’s mind there are many possibilities, but in the expert’s there are few.

Don’t restrict yourself to the tactics that you’ve always done in the past, be open to trying new things, testing, tweaking, and trying again.

Brand: Iterate doesn’t mean anything if we’re not prepared to test. We can improve conversion if we are willing to do the legwork to find out why people aren’t buying a product (and then develop content to address it).

Agency: Don’t be a means agency. When you can be objective about an approach, you’ll build better partnerships.

Takeaway: Committing to trying new things is great. But simply cranking out new ideas without measurement is activity without knowing its value. Resist the temptation to throw more X at a problem. If you’re an advertising person, it’s easy to say, “let’s buy more ads”, a PR person “more PR”. Just because you do X, X isn’t always the only answer.


Lesson 4: Be very valuable to a few rather than loosely relevant to many.

Personality doesn’t scale to everyone. People aren’t passionate about one-size-fits-all.

Brand: We have to fight the urge to find scale in everything. Determining how we’re going to measure the success of content upfront is key to having small victories.

Agency: From scale limitations, content value. The cost constraints of niche markets allow agencies to flex their strategic and media thinking in exciting ways.

Takeaway: While I tried, I can’t put it better than fake grimlock:

Screen Shot 2014-09-26 at 11.17.16 AM

Lesson 5: Tap what already exists in the culture around you.

Creating, educating, and evangelizing are hard. Contributing to a movement without trying to exploit it is easier. It’s a fine line, but creative brands are able to find their place in the culture.

Brand: Resist the temptation to lead the way when there’s an emerging crowd to join. This isn’t a call to do more crowdsourcing, but rather a call to stay plugged into the cultures in which your brand is immersed.

Agency: Don’t be precious about where ideas come from — be diligent in shaping the where they end up. Embrace the truth that ideas are fungible and value comes from connecting them to business value.

Takeaway: Don’t try to put a net around a market and claim it as yours. Support it organically and provide value.


Lesson 6: Build a proof of concept culture.

Any brand committing to producing creative, timely content has to be nimble.

Brand: Fight the urge to build consensus. Grabbing a camera and chasing an opportunity is often the best way to sell an idea that would die in committee.

Agency: Put skin in the game. Build a relationship that doesn’t constantly hinge on signed SOWs, so you can be part of the spontaneity.

Takeaway: The process of pitching an idea to a committee, creating multiple drafts, running through legal, and finally launching content neuters personality and results in stale content. I’m about to shoot a great ice bucket challenge video next week that should really do well.



Whether you work for a global brand or a small startup, these six lessons are universal. I hope you’re able to apply these guidelines to your own content strategy to create campaigns that have personality, heart, value to your audience, and of course, line up with your business goals.

{ 1 comment }