David Bruce is the global security lead for product marketing and the mainframe software division for Broadcom. Bruce has years of experience in the security trenches at both IBM and Broadcom. He’s one of the brightest and most insightful product marketing guys that we have worked with, having sold infrastructure technology early in his career. Bruce has what can be described today as an unusual mix of both sales and marketing experience from which to draw.
David Bruce is full of wisdom and gems of advice that every company in the cybersecurity marketing space can take advantage of. The human factor side of marketing is hugely important and has been consistently ignored during our progress as individual vendors and suppliers within this industry.
Bruce has been in and around the market for years and knows how today’s world is unprecedented in terms of noise levels and competition. There isn’t a market without some competition, but there’s insight as to why many of today’s marketing approaches aren’t quite cutting it.
Noise level is certainly one of the challenges. There’s an insane level of static out there on everything. So many marketers have taken the old catalogue model of just getting everything out the door, regardless of the audience that you know get so much stuff at home. It’s irrelevant to your job, to your desires, to your interests. That kind of a model that you’re getting through noise is a big problem.
In this episode of Cybersecurity Unplugged, Bruce discusses:
- Noise level in cybersecurity marketing;
- How particular product ties fit to a problem;
- Investing a design thinking approach into a problem.
CLICK HERE for a full transcript of the conversation.
This episode has been automatically transcribed by AI, please excuse any typos or grammatical errors.
Steve King 00:13
Good day everyone. I’m Steve King, the director of cybersecurity advisory services here at CyberTheory and today’s episode we’ll explore the current challenges in cybersecurity solutions amid a enormously crowded field that seems to be expanding weekly. And joining me today to discuss all this is David Bruce, the global security lead for product marketing and the mainframe software division for Broadcom. Dave’s had years of experience in the security trenches at both IBM and Broadcom. He’s one of the brightest and most insightful product marketing guys I’ve worked with. And I’ll say that about everybody. And having actually carried a bag and sold infrastructure technology early in his career. Dave has what can be described today, I’m pretty sure it’s an unusual mix of both sales and marketing experience from which to draw. I wish more marketing folks have in fact, had experience carrying bag. So Dave, welcome to the show. And thanks for joining me today.
David Bruce 01:21
Thanks, Steve. absolutely delighted to be here. Terrific. You and I’ve been around these markets for years. And you know, as we’ve discussed several times, today’s world is unprecedented in terms of noise levels and competition. But both of us know that many others are going about it the wrong way. Can you explain to our audience why you think that many of today’s marketing approaches aren’t quite cutting it? Yeah, absolutely. And I think you hit it solidly with noise level, noise level is certainly one of the challenges. I mean, it’s, there’s a, an insane level of static out there on everything. And, and so many marketers, I think, have taken the old catalogue model of just shot getting everything out the door, regardless of the audience, that you know, you get so much stuff at home, you get so much stuff at the office, that is irrelevant, it’s irrelevant to your job, to your desires, to your interests. And that kind of a model that you’re getting through that noise is a big problem. So I think, you know, if if you’re a marketer, and someone is actively researching your product, you’re already on their list, for example, your tactics can probably keep their attention, right, because they’re kind of looking for you. Otherwise, all that new, shiny objects, stuff that’s floating around is continually competing for attention. And unless you find a way to cut through the noise, getting attention is difficult. And I think, you know, there’s another reason that we have to we have to talk about is that a lot of folks tend to separate marketing and strategy. It’s just, you know, we do strategy, and then we build some stuff. And then, and then we hand it off to marketing and marketing does some stuff. And you know, if you think about it, you build new capabilities for your products, whatever they are, you build new capabilities based on a strategy. And then to hand it off the marketing and tell them hey, figure out how to talk about it seems a little strange to me, you know, there’s so many products that sound the same. What you really want to do, I think, is find a way to take what you learned in your strategy processes in your building processes. Pick those differentiators out pick out the reasons, the real strong reasons that you actually built the product and make that marketing work part of your strategy work at Broadcom, we tend to unify those things. It’s not that not that you do them all together all the time. But we have groups of folks that work together and we work with groups of customers that are involved all the way from concept to delivery. So that when you know that when it’s built and then marketed and then sold and then delivered, that it’s actually you know, aligned with the problem that it was it was intended for. A long time ago, first half of my career when I was in sales and sales management I had I had the the pleasure actually of having a lot of brand new sales reps first job out of college, and an inside sales organization and I used to coach those reps about selling based on customer need, versus internal things like product capabilities, and I’m kind of a hobbyist woodworker and so I use drill bits is one of my favorite examples. I’ve never known for example, someone to wake up in the morning with a burning need for a three eighths inch drill bit just doesn’t happen. They need a three eighths inch hole. That’s what they’re looking for. The drill bit is just the way that they get what they need, what they need is the hole. So if we run out the door, you know pounding our shoe on the table about drill bits when they really need holes, we’re missing the target. And I think it applies to our industry. I don’t know anyone who just wakes up one morning and says, you know, I’ve got to have some zero trust in the box software. They don’t do that they have other things, they have identity management challenges, they have other use cases, maybe they have phishing problems on their, on their machines. So when we talk to customers, doesn’t really help them understand. If we just tell them what our product does, we really need to help with how it applies to solve their problems. Yeah, for sure. And I, you know, I was Steve Jobs, I think he famously said that we have very, very little time to, to make an impression upon our prospects and customers. So when we better do is make it clear what we want them to take away what we want them to remember about us. And we would think we’ve, I think we’ve fully frequently forget that message and that lesson. And you know, these days, customers are really, in my mind looking for solutions versus productize approaches that require more work on their part, you know, have you guys turn more toward developing customized solutions to problems versus the selling of 3/8 inch? Drill Bits? Yeah, we have, we have absolutely have, we obviously, we still support customers who show up and say, you know, I need a three eighths inch drill bit, you know, show me the show me your selection. But we really try to make it simple for folks. So. So if you don’t have the skills on staff, or you’re looking for an answer to a problem, versus a particular function, we’ve done a lot to bring our go to market and our product strategy together with a very fine tuned focus on what customers tell us they’re looking for, you know, we we’re in constant communication with our customers, through user groups and councils and, and directly, and it’s important to hear what they’re looking for, and then find a way to give them that answer. And not make them sort through all your data sheets, trying to figure out which three of the 10 products you might have that, that solve that we even go so far as to have planning workshops, will invest 345 days of customers time and our time with our experts to do planning to look at your security needs across the entire enterprise. Right. So if that’s the right starting point, we do that. And if there’s a, you know, a closer starting point, maybe you just need to look at where the gaps are on one piece of your infrastructure. We’ve enhanced our assessment tools to do that. And then we’ve started putting together how to guides, how to do this, that or the other thing, right how to solve for a particular problem. So you’re, you’re getting the, you know, the product information, the data sheets, you’re getting the stakes, you’re getting the support documentation, maybe you’re getting a couple of videos demo, showing you what it looks like. But the idea is to make it really very, very simple for people to do solve a problem and get, you know, get some ROI on that solution, versus spending all their time and analysis. Then of course, we train our sales force to do the same thing. Don’t walk in the door, like you’re sort of a hammer out looking for a nail walk in with, with the idea in mind that you really want to understand the priority problems and bring together the right size thing. You know what a one size fits all model doesn’t even work good for Sox, right? So there’s no real good way that it’s going to work for sophisticated IT technology. The important thing I think is to work with people that have a track record, who understand the difficulties and who will partner with you as a customer. If I were out looking for answers. I want someone who will invest, someone who will get their success will happen when my success happens. So we’re in it together.
Steve King 09:27
Yeah, what I notice and working with as many customers as we do this, that there is a natural conflict here too, because the typically, and you’ve done this you’ve been in the SDR BDR development business and trained these young college graduates and how to how to do sales development for the first time in their lives and so forth and given them enablement tools and a lot of the enablement tools that we see that are being sort of spread among that outbound crew
David Bruce 10:00
if you will, for the first time today our are all about product superiority, feature function speeds and speeds and still not about a solution versus, you know, a particular product ties fit to a problem that we’d like to think you really have. So it seems to me, you know, as CFO, I would, I would want to find folks that can assess what needs to be done in my current stack before I can even accommodate your new product in my mind, you know, mindshare is very valuable these days, we have so much so little of it. What do you do to help your customers assess what they currently have in their tech stack and how each tool applies to, you know, solving today’s threats before you try to sell them? The next cool thing from your point of view? It’s interesting challenge. And I, I tend to agree with you. I mean, you know, being the product expert, I think it’s important for salespeople to be that product expert I, I’ve always measured myself and measured by reps on that kind of a kind of a thing. But I don’t think that that’s the style you use when working on a business problem with a customer buy, that’s what you use to make sure you’re prepared to have the conversation, but the conversation needs to be about the solutions. And one of the key challenges today is the complexity of things, you know, we’ve digitized so much of our lives solutions are extremely complex, making decisions about what to keep what to replace, where to start, that’s all very difficult. And, you know, I think there’s a lot of folks who have that sort of solution, if you will, that is, again, the one size fits all, they want you to throw away everything you got, buy their thing, and then you’ll have exactly what you need. Right? It’s I call it a zero trust, magic pill, right, and it, it just doesn’t, it doesn’t exist. When you do that you’re putting a lot of trust into a single thing. And it pretends to be a one size fits all model. And no businesses today are our you know, clones of one another. What we’ve done with our tools is to try to make our adoption simpler by number one, making sure that we have the right staffing and education programs in place, as well as tools that are aligned to customer use cases. So we’ve spent a lot of time with customers, making sure we’re delivering the right level of information, the right level of staffing, and so forth. But we’ve also tweaked some of our tools I mentioned, an assessment tool, we call it the MRI assessment tool earlier, and that tool was modified what it does, it looks at what you have installed, and then it finds gaps. And it makes recommendations about how to fill those gaps, as well as recommendations on how to improve your configuration to reduce risk even further to tighten up gaps or to tighten up the the security capabilities that you’ve got. We have another tool we call security insights that interprets and assesses the security posture of your mainframe, when it finds something risky, it tells you about it, and it gives you a set of remediation steps. And it it’ll do that ad hoc, it’ll do that on a scheduled ongoing basis. And then of course, I mentioned earlier the what we call a cybersecurity thinking workshop, sort of a design thinking workshop model. And when it’s necessary, when it’s necessary to invest that level of energy to look at the problem, then that’s what we do. It’s all really designed with the idea that you want to modernize and upgrade by taking advantage of what you’ve already purchased. If the answer to every problem is to replace everything you have with something new, you’re going to spend a lot of time working on skills and getting familiar with things, and not so much time doing all the other important things in your business. So we focus on how to do that, as opposed to deploying whatever the next cool thing happens to be. Yeah, and I just want to kind of occurs to me here as we’re going through this that I want to make a side point here for folks that think that you know, maybe this is an advertisement for for Broadcom, and it is not you know what’s interesting to me, you and I have worked together for over a year here and on some fantastic campaign opportunities and with great results and the reason why I wanted to get you on the show was because you’re in a unique situation and that you’ve two things one is you there’s only two competitors in your space the speaker, right? So there’s really three you guys so it’s not like you know, we’re Bringing in, you know, somebody that Gartner thinks is the leading SDR provider and there’s like 28 SDR players. And we’re revealing, you know, all the tricks of the trade of this one SDR provider. That’s not it at all. What is it is that I was very impressed over the last year with your your approach to helping customers solve the problems that customers need to solve versus a productized solution that, you know, solves a problem that you need to solve. And so that’s the reason why I wanted to, you know, I’m comfortable just letting you kind of reveal what it is that works for you guys. So I just wanted to make that clear that isn’t, you know, Steve King’s award show for, for you broadcasts, fantastic ability to market their product. Having said that, the fundamental principles and of course, you know, I’m a big zero trust fan. And I try to push it as much as I can, the fundamental principles that are inherent in the zero trust design all lend themselves to foundational security assurances that result from defining business outcomes. And in designing from the inside out and determining who needs access and inspection and logging and all of all, like fabric and all that stuff. It seems like a no brainer to me that businesses should embrace that model. Yet, we’re finding that the actual adoption curve has been slow. What What’s your view of that whole world, I’m sure audience would like to like to get the benefit of, of your experience in that regard. We hear from a lot of our customers, they want help, that’s a really big challenge. They’re short on staff, the regulatory environment is going just nuts. And they’re they’re having to invest a lot of time dealing with new regulations, the amount of you know, evildoer activity that’s going on out there is crazy. So they’re spending a lot of their time worried about that, and making sure they’ve shored up their security. So, you know, doing something new, even if it’s a smart thing to do, is sometimes hard, right? When you don’t have what you need, they also want to protect the investments they’ve already made. I mean, clearly, there’s there are times when you just want to, you know, throw it out and get a new one that makes perfect sense in some circumstances. But most of the time, they really want to take advantage of investments, because some of the investments they’ve made are, are substantial. And they want to modernize they want to update without having to start over, and they want to plan. So you know, when we sort of show up with a box of parts, that’s not aligned with that at all, we want to think more about beginning with the end in mind, and helping to eliminate, you know, a lot of the confusion. There’s a lot of conversation about zero trust. And and I think, you know, folks who have a piece of zero trust solution, call it a zero trust solution. They don’t call it a component of zero trust. So if you’re not familiar with the idea, and you don’t have time to spend educating yourself on it, it’s difficult to understand why you’d want to do it, I think like you that it is a very crucial step. And our approach to how we get folks to try to understand what it does and why it’s important. And how we can help is to really put a lot of our experts in a direct engagement model with our customers, not only our salespeople, but pre sales and post sales and consulting people and product people and designers and so forth, that all those skills, on complex solutions, all those skills are very important to making sure that you get the right solution defined. And the beauty of that is that if you don’t have the exact right solution, you might identify a couple of things that you want to put in your, your enhancement backlog, right, so that you have it next week, or next month, or whenever you can have it in today’s you know, ci CD kind of pipeline models. I don’t see a lot of companies that partner directly with their customers to solve challenges. As you mentioned it there’s only a few of us in in the marketplace that that I play in. And it’s maybe a little bit easier to do that. I don’t know. But I think direct partnering with a customer helps you to see the challenges, and it helps you avoid giving them the generic answers. So you can talk about why zero trust is important. Right? All the good things that it’ll do, how it’ll take advantage of what limited budget you’ve got, what limited staff you’ve got, how it solves your priority problems, first how it’s aligned with your business model. And I think if We talk to folks about those kinds of things and focus on making the journey one step at a time. Right, the wise man once told me, the very the longest journey always begins with a single step. So let’s start at your biggest problem, your highest priority. And then let’s solve your problems in priority order. And let’s adopt it at your own pace, that I think it’s easier for people to invest. And of course, you have to start up front with an explanation, you know, of what it can do for for people and why it’s important. In fact, that’s one of the reasons we we actually changed our solution licensing. So that we separated the deployment process for a customer from the procurement process. If every time you want to add a new capability, you’ve discovered a, a gap in the you know, in the ramparts, so to speak, you’ve got to go through a procurement process where you’re not going to be very responsive. So we’ve actually built a model that allows people to get everything they could possibly need all in one shot, and then deploy it when they need it. So you don’t have to do that every time it it, because it, you know, it takes a long time to put together these comprehensive solutions. And, and so you gotta want to you do it when you need to do it.
Steve King 21:22
Yeah, and that’s a path away from the the product guys model and toward the sort of consultive solution model as well and enables, enables efficiencies along along the way. One of the other things I feel like I should point out is that, for those that think that the mainframe world is, is old and irrelevant, I would remind everyone that, you know, 90% of the world’s financial transactions occur on mainframes, and they probably will, for many years to come. So if I were going to look to a marketing model that is successful in helping serious customers provide serious solutions for cybersecurity challenges. I think Dave and company here are a great place to start. And as you know, David, you know, we’re big fans of the system’s thinking and design thinking approaches to reinventing the traditional product marketing approaches. And I think you guys have, I’ve noticed that you’ve mentioned Systems Thinking several times, and I think you guys have adopted some of these techniques and approaches. And I’m curious as to what result you’ve seen so far, and how you’ve been able to sort of simplify those concepts so that your customers can better grok the outcome based scenarios that they provide?
David Bruce 22:57
Yeah, I think we’ve, I think we’ve done a really good job with systems thinking and design thinking, when you talk to, when you talk to our development, folks, when you talk to our product management teams and talk, you know, at our customer councils, everybody is on the same page with respect to doing it this way. It really is just a beautiful reinvention of many of the old, more traditional methods that might have might have been used. And I think the results are extremely positive. We’re seeing continual growth, you know, in our business, continual growth in the mainframe market, more and more applications are either moving to the mainframe or staying on the mainframe that the days of looking at it, as you mentioned, like it’s this really old, tired thing or are gone some of the coolest, most extreme technology like fully homomorphic encryption, or, or IBM’s, new Telem processor that lets you do AI in the middle of a transaction. I mean, mainframes are right at the forefront of innovation. And I think we’ve done that in our strategy and marketing and sales as well. We partner with our customers. That’s the number one thing when you talk to our general manager, that’s one of his, that’s one of his his key tenants for, for what we’re in business for. We’re in business to help our customers solve their problems. It’s a partnership approach. We work with them individually, we work with him in councils, salespeople do it marketing people do it product, people do it, development, people do it. And we use systems thinking and design thinking to orchestrate those activities. Our cybersecurity thinking workshops are amazing things. They take people from across the entire specter of infrastructure and bring them together so that they learn from one another and we talk about security problems. We don’t talk about what platform it’s on or what kind of network it’s hooked up to. We’ve made all of our education for customers no cost. So there’s never an opportunity to say, well, I couldn’t afford to learn about that particular thing. And we’ve got a Vitality program that makes sure that we help solve the staffing problems. You know, we’ll hire people for you, we’ll train them for you on our nickel, and we’ll put them in your business working with you for no cost. At the end of their apprenticeship. If you want to keep them, you keep them they become your employee. And if you don’t, they come back to us because we’d love to have him as an employee, because they’re perfectly trained and experienced. We’ve taken all the little things that you can think about, like steaks, for example, we integrated steaks into our, into our tools, we recognize from feedback from customers, that senior executives, a lot of times outpace their knowledge of their infrastructure. They grow into a position without really understanding all the things that they have dominion over. So we built a senior business leaders education program, to help them understand, okay, you’re you’re the new chief privacy officer, Let us catch you up on all the things that you need to know in that, in that role from a technology standpoint, that insights for senior leaders program continues to add strong demand, we’re continuing to tune it, it’s in its second year now. Our customer education has seen a 300% uptick in consumption across 2020 and 2021. We’re seeing more people enrolling in what we call the MTE mainframe technical exchange. And in one of our workshops, this was a nice when there was a customer in one of the workshops that took a look at one of the cigs identified an area in their business that had authorization that was too broad. And by simply following one thing that they saw in the middle of a workshop, they reduced risk by 71% on one control point. So we you know, we see this as a long journey, right? We’re, we’re in it, and our customers are in it for the long haul. And the little little wins like that every step counts.
Steve King 27:23
Yeah. And it’s it’s refreshing. And quite nice, actually, that your metrics are not related to how many deals I closed last week, last quarter last month. And just to be as a reminder, Stig in your jargon is security technical implementation guide, right? Yep. Yeah. So I wanted to make that clear for our audience. And I’m looking at the clock on the wall. And I I think it’s probably time to wrap up your today Dave, though, we could talk literally for hours. So if you were in the future, predicting business, what what are the next five years hold for cybersecurity markets and, and the folks who must navigate those shoals to get to their products to get their products and services into into customers hands from your point of view?
David Bruce 28:23
That’s a fun question. Future predicting business. So, you know, the thing we all know is that the speed of technology and the rate of change today are overwhelming. It’s just a constant. You know, I can’t even keep up with the latest tools in my workshop, let alone what’s happening in the rest of the world. And the thing that I I really reached a conclusion of over over time, both in sales and marketing is that I think focusing on what’s going to come down the pipeline from technology is actually less important than focusing on the humans. The people that use the solution, the people that deploy it, the people that are protected by it. I mean, we know I mentioned that IBM just had a recent announcement on the mainframe, right? The new the new Z 16. And it’s an it’s an awesome, awesome machine, you know, in transaction AI with the Telem chip, quantum safe encryption, fully homomorphic encryption, and they already had very high entropy encryption higher than anyone else in the marketplace, mainframe is is amazing, and all these new technologies that come along, but technology moves fast, and humans don’t evolve at that pace. Humans take hundreds and 1000s of years to make small changes were very slow, much, much slower than technology. And you can imagine, right? We’re not airproof either. So I like to focus on the humans and really stay focused on what problem are they trying To solve and how can I help them do that all the technology that’s coming on, it’s going to come on, right? Because people are going to keep developing it because it’s cool. And it’s fun. And people love a challenge. And as as marketers, I think, we have to dedicate, you know, a couple hours a day towards staying on top of all the new stuff. That’s kind of our job, but, but it allows us then once we understand whatever’s coming, that we get to focus on how to make it serve a customer. That’s the gratifying part. And you know, we’re all inundated, right, with more risk in our lives than ever. Our lives are completely digitized, sold to the highest bidder, you know, I was reading an article about Pegasus, you know, the no click spyware hit and you think about it, that they can get every shred of your life digitized, and package you up and sell you to the highest bidder. So to me, the the future predicting is my future is I want to focus on eliminating that risk. I want to protect the privacy of the people that interest is to do that. And I want, you know, I want to give people and the people who deploy things and who count on things and who are in business to use these things, some peace of mind. So that’s my view of, you know, how I deal with that sort of future predicting I, I assume there will be overwhelming amounts of technology. And my job is to make the explanation of it simple.
Steve King 31:30
Yeah, and you’re doing a great job. Dave, I applaud you and and Broadcom, for, for what you’ve done here. And and you just in this half an hour of folks want to give a real listen to this podcast, I think there’s a lot of words of wisdom and gems of advice here that every company in the cybersecurity market space can, can take advantage of. And certainly, from our point of view, we’re very much direct to human marketers here. So the human factor side of this is hugely important that’s been hugely ignored, to the detriment of the industry, in our progress as individual, you know, vendors and suppliers within this industry. So hopefully, this 30 minutes or so will will provide some some insight that maybe some of us didn’t have before. And I really appreciate you taking the time, Dave, I know you’ve got a crazy schedule. Share your thoughts with us. And I appreciate you being here today. Thank you.
David Bruce 32:34
Well, thank you. And you’re right, schedules are always crazy. But this is the this is the fun stuff. And, you know, I love the opportunity. So I appreciate you reaching out and setting up the time for us to talk and hopefully we’ll, we’ll do it again soon.
Steve King 32:50
Wow, there’s plenty more for us to talk about. And we will do it again soon. And so thank you once again, and thank you to our listeners for spending the time to learn about what’s going on at Broadcom, what’s going on and Dave’s mind and what we think is the proper approach to addressing some of the marketing challenges that all of us face on a day to day basis. So until next time, I’m your host, Steve King signing off and we welcome you back.