Let me start by saying that I consider Andra Zaharia a very good friend of mine. We share a lot of common stories and backgrounds. We also share our passion for a human-centric approach to cybersecurity – whether this is for marketing purposes or for protecting data and privacy. For those of you that do not know Andra (is there anyone?), she is a stellar marketer, and producer of my favorite podcast Cyber Empathy.
The other day, I had the joy to sit down with her and discuss many things. This article is a summary of our discussion – how can you shrink 45 mins into 1000 words?
Tassos: What was the driver behind the cyber empathy podcast? What made you decide to launch this podcast?
Andra: It is actually a bit of a longer story. It started more than four years ago when I started my first podcast and I was researching and diving into decision making. The more time I spent building my own business, the more I realized that I have been already fighting against stereotypes and the empty words and cliches and other superficial things that get carried and moved forward throughout the cybersecurity industry.
What emerged was that I was doing that business because I felt a deep connection with the audience. I understood their problems. I understood their context. And I tried to put a lot of effort into this constantly to make sure that I am really connected to them. And that happened because of empathy.
And then I realized that this is something that was missing from this space. Not that people are not talking about it, but there wasn’t a dedicated space where everyone who cared about empathy in cybersecurity would be able to discuss it and see all its aspects and how it is applied and who cares about it the most, and why they care about it and what you can do with it and how you can cultivate it.
Tassos: Do you think that lack of empathy is a key concern in cybersecurity? Are we effective at communicating what we are trying to communicate or are we just talking to ourselves without caring who is the recipient of the message?
Andra: I think that there are a couple of things in there that are definitely very true. So yes, there is not enough empathy in this industry. But I do believe that some people care about it more than others, especially people who are organic leaders, not appointed managers or appointed CEOs, but people who actually evolve to become managers or team leaders because they care about the problem that they’re trying to solve. And they understand that the only way to solve it is by working with other people and by helping them to figure out how do we make something great.
But I do think that there is another category. And I will not talk about the detractors, those who only care about technology. I think that there are a lot of people, particularly in technical roles, that really want to help others, but they do not have the emotional intelligence to do so. Not that they do not have any emotional intelligence, but that they have not cultivated it as much as they have cultivated their technical skills, which is something that we can all relate to.
We are very good at some things in our lives because we spent a lot of time on those things, and we are not as good at other things. When you ask yourself, you are going to find that there is some sort of disconnect between what you are trying to say and what people are getting from you. If you care enough about that gap, you can find ways to build a bridge across it. And that is what happens when you start to think of empathy, but also when you find practical ways to cultivate it. So I think that there are many more people who can benefit from a more empathetic approach, but I do believe that they need help figuring out how to do that.
Tassos: Do you think that the complexity in cybersecurity, which is a common problem, is a demonstration of a lack of empathy?
Andra: That is true. I think that there are two types of complexity. There is the technical complexity of the field, and I do not think there are easy solutions to it. It is also the complexity because there are many layers involved in cybersecurity and it is not just technology. It is also geopolitics and social dynamics and human psychology, and all the other things all connected, all interlinked. You cannot disconnect cybersecurity and treat it as a singular thing.
I think that this is one kind of complexity that we must recognize and accept and work with as professionals for the products we create. I believe that many and most of these products are overly complicated because those who make them don’t talk to their customers. Do qualitative research and sit down with people, to see how they use your website and your app. See what they understand from all these things because then you can prioritize what you want to show them. And I think that lack of priorities and lack of focus is what affects products like cybersecurity products every day.
If you don’t find a way to contextualize the product features, connect them, and see how they truly apply to a person’s workflow, you are going to miss out on a lot of potential benefits, and you are going to frustrate a user instead of helping them. I think that unfortunately, we are going to see slow progress in this area because we need more communication people. We need more product people. We need people from other industries who have the experience of making things simpler, more usable, more accessible, and even more entertaining or fun to use. If we just try to alleviate some of that friction and complexity, I think that a little bit goes long way for people.
Tassos: Your background is in PR and communication. How important is communication for corporate success?
Andra: Communication is one of the key differentiators. If you care about your customers, it will be easier to differentiate yourself, grow a company, to grow a team because communication is worth highlighting. Communication is not just external. It is also internal. It is how you talk to employees. It is how you communicate what a company stands for.
I think that communication is key now because you build a community around your company, you earn trust and maintain it. This is essential in crises. So, when you think of crisis communication, first, you need to have clarity and focus. Having a plan for what to communicate, who to rely on, how you are going to be transparent, how you are going to tell people, and your choice of language is crucial. We both have seen in the industry so many times when companies have a breach and people go back to their policies that say, “We take your privacy seriously”, which makes everyone’s eye roll. If there is no humility, if there is no modesty and talk to people like they’re real human beings, you are going to have a much more difficult time trying to get out of that crisis.
Tassos: What are the challenges that we are facing in communicating cybersecurity context?
Andra: I think that there are a few key ones that are very repetitive, and you can see them easily. So, one is using the right language to convey notions and benefits clearly and correctly. Choosing the right language depends on knowing your customer, knowing the product very well, and understanding the customer’s needs, and what they are trying to accomplish using your product which is not usually what companies think.
Another challenge is to have access to the product team and to have someone technical validate your ideas, your direction, and your accuracy. If content people are disconnected from product teams, then they are going to have a much more difficult time creating communication campaigns or whatever type of content you can imagine in a way that is relevant and helpful and different and not just the same old thing that you can find written about a hundred times online.
The third challenge regarding communication is the lack of focus. Trying to speak to everyone at the same time and trying to be everything to everyone is never going to work. You need to understand who you’re talking to. You need to focus. You need to understand who your customer is.
A key challenge as a communication person is that you must understand what your role in the industry is or try to define it as you go along. You are not going to know it from day one, but you must define it. What am I here to do in this industry? Do I want to help? Do I want to advocate for the customer inside of the company? Do I want to help funders build a healthy business? What do I want to do in this industry? If you realize what your mission is, you will be able to connect the dots more easily and you will be able to make more progress. Obviously, there is also the challenge of educating yourself because while there are tons of resources out there, it is not easy to figure out where to start and what to continue with to understand cybersecurity in general.
Tassos: Allow me to focus a little bit on email communication. Email is one of the most used means for communicating messages. Can you share with the readers your success and failure stories about email marketing?
Andra: I believe that an email address earned from a customer, or a subscriber is almost like something sacred. You must treat it with the utmost respect because once they cut you off, it is gone, and you cannot get it back. I like to keep automation to a minimum. I do not like to send automated emails. I would rather spend 10 more hours doing whatever it is that I am doing instead of sending mass messages to people.
One thing that we tried at some point and many companies use is to personalize emails with people’s names. But when you work in cybersecurity, most people will not give you their real names. So, in the spirit of walking the talk, I do not personalize emails that I send. I try to be personal in other ways in the body of the email, simply because this industry has a different kind of people. Automation and mass emails are the worst. Do not do that to people it is really bad for you. It is really bad for them, and it doesn’t work.
On the brighter side of things, I had built a sequence of emails around cybersecurity education. So, you would sign up and get 30 lessons about cybersecurity, one every week. And that project really took off. It did not send you anywhere. The emails were self-contained, the lesson was in the email, and you did not have to go anywhere, click on anything, or buy anything. It was all for free. And I got hundreds and hundreds of email replies from people either asking me for details or giving good feedback and saying how much it helped them, which was extremely rewarding.
Tassos: OK, enough with those serious questions. I now have for you a set of five funnier and more personal questions, so that we can meet Andra behind Zaharia. So, question number one. What is your favorite novel, not a cybersecurity one?
Andra: It’s “The Portrait of Dorian Gray”, which is definitely my favorite book and I have one from 1903 which I bought at an antique shop.
Tassos: Favorite kind of music or your favorite artist?
Andra: Oh, well that is easy. It is electronic music, and it is ATB. It has always been, always will be my favorite. Nothing can change that.
Tassos: Favorite food?
Andra: Anything Italian, anything Greek as well. But I do have to say pizza. I know it’s very cliche, but it is what it is. It is sacred.
Tassos: Favorite place for vacations?
Andra: Oh, you set me up for this one. It is Greece. It will always be Greece because it is magical. It is a special place with a special energy. There is nothing like it. It is unique.
Tassos: if you were not in cybersecurity marketing, what would you like to do?
Andra: Well, this is something that I already do in some capacity. I would like to work with animals whether it is like a pet shop or not. I would love to do something, and I have started to think more seriously about it. I love animals. I have always loved being around them. I think that they are a great source of happiness and that we don’t deserve them because they’re so much better than us humans.
Thank you so much, Andra, for a wonderful and insightful discussion.