Do you advertise or not advertise your clients in cybersecurity?

Edward Farrell

Earlier this year we had a bit of an interesting predicament; A client had advertised that they’d used our services as a demonstration of their cyber security requirements. Whilst I am humbled by their gratitude towards our services, openly advertising our clients is not something we do. As cyber security firms, I contest the usual www site grab of “look at all our clients” is counterproductive for a number of reasons:

Creation of targets and impact to your reputation

I like to think we’re well established and regarded as are our clients. By listing your clients (or being listed as clients), there is the risk that you or the client will be made a target. Even if you’ve gone down the “100% hacker proof” path, there is still the opportunity to shame, criticise or create drama as a result of the advertisement. My favourite example of this was the HBGary event that is perhaps most entertainingly explained by Stephen Colbert:

https://www.youtube.com/watch?v=xZOpHUG6XOE

What you did vs what you advertised

I tend to find alot of organisations conflate their capability with their confidence and a disingenuous association can be misinterpreted in a number of ways. One of my favourite examples of this was a Sydney based firm talking up their work with the “Department of Defence” with the presentation of a logo when at best they’d resold security software licences whilst sustaining an inadequate and offshore IT team. Wise consumers will spot this ploy right away, probably not want to be associated, and will question trust and judgement. Less savvy operators will find out at the end of their experience that expectations did not match reality, which may not bode well in the long run.

So how do you advertise?

The best advertisement is your satisfied clients, but their word is more powerful than yours. I suggest that in lieu of pushing your own brand, let the quality of work and satisfaction of customers do the sales for you.