Content volume is not a content strategy
Kim Brown on what's working in cybersecurity marketing right now

April 9, 2026

I recently had the chance to sit down with Kim Brown, a cybersecurity marketing leader who has worked with Duo Security, Cisco, and Blumira and a friend of mine in the industry for more than 15 years.

From her start leading sales and business development teams to her current role strategizing the acquisition of new leads at the enterprise level, Kim has always had a unique perspective on what it takes to get the right things in front of the right people.

In her interview, she shared her thoughts on how tech marketing has changed, the potential of AI, and how the key to competition is staying human while using machines to tap what makes us tick:

  • Buyers were already sceptical of vendor claims, AI is making this worse
  • Content volume isn’t strategy, it’s usually just noise
  • Buyers self-educate via AI and peers before talking to sales
  • Trust beats polish, communities outperform vendor messaging
  • Webinars and events still drive pipeline when done well

You’ve been in cybersecurity marketing for a long time. What drew you in — and what keeps you here?

Cybersecurity just got its hooks in me. I’ve worked in other areas, including B2C, but once you’re in security, it’s hard to leave. The stakes feel real, the buyers are sharp, and content has to earn its place. It’s always satisfying.

My foundation was at Duo Security. I joined when the company was small and helped build the demand generation and field marketing programs through hypergrowth and the Cisco acquisition. I built the webinar program from scratch, and it became one of the strongest sources of marketing pipeline outside the website. At Cisco, I eventually managed field marketing across 31 countries.

The throughline was always staying close to sales, figuring out what actually converts, and being willing to constantly reassess.

How has the way buyers evaluate vendors shifted, and how must marketers adapt?

People are more skeptical than ever – both in security and the culture at large. AI-generated video and audio have made it genuinely hard to know what’s real, and that cautiousness is bleeding over into how buyers approach vendor content.

Security buyers have always been natural skeptics. They’re trained to poke holes in things. Add shorter attention spans and growing immunity to fear-based messaging, and you’ve got an audience that can smell a pitch from the first slide. The old “expense-in-depth” joke still lands because it still feels true to many buyers.

The bigger shift is that buyers are now doing far more self-directed research before they ever engage with a vendor. They’re on peer review sites, Reddit, Slack communities, and forums you’ve probably never heard of. They’re dropping entire problem statements into ChatGPT or Claude and asking for a shortlist of solutions.

The old sequence of someone comes to you with a need, you evaluate it together, you move through the decision process — that’s not how it works anymore. Vendors have to treat prospects like the intelligent adults they are, with real resources at their fingertips. You can’t force everyone through the same 60-minute product pitch.

Which channels and tactics are actually proving effective for reaching technical security buyers right now?

Peer communities are genuinely hard to break into as a marketer, and that’s exactly why they work.

Whether it’s Reddit, Mastodon, or specific Slack groups, people go there precisely because they’re not expecting to be pitched. A recommendation from someone who shares your pain points carries far more weight than anything a vendor publishes.

I also think webinars are underrated, but it’s important to be upfront about how long you’re asking someone to pay attention. Your audience will be running two screens, so you need to create audio engaging enough to pull someone back in.

The best webinars use two very contrasting voices, ideally your host and a customer who can talk about their pain without it feeling staged.

And then, critically, get derivative content out of every piece you produce. A 40-minute webinar is a huge resource investment. The blog posts, the social clips, and the email snippets should all follow.

When using AI, how do you use it to create content that doesn’t feel like it was written by a robot?

This feels like 1994, and we’re all learning to build websites. The potential is enormous, but most marketing teams are probably only tapping around 30% of what’s available.

The key is to start with something real. When you feed AI a transcript of a webinar, a practitioner interview, or an actual human perspective, you’ve given it genuine material to work with. The derivative content that comes out can actually feel human because the raw inputs are human.

However, when you ask AI to invent something from scratch, you get the telltale phrases. You get “evolving threat landscape.” You get adjectives that don’t belong anywhere near a cybersecurity blog.

I’ve built specific prompt personas for different tasks — one for analysis work, a different one for derivative content — based partly on the most talented people I’ve worked with in those roles. It helps.

Hallucinations are another problem. Sometimes I bat two AIs against one another, just to make sure the other’s right. For example, I ask Claude to do research, then I take everything that Claude tells me and ask Gemini what it thinks. I’ll run it through three different AI tools, checking for accuracy. Just in case.

However, the human layer is still essential. I’ve gone through a 400-word AI-generated piece and pulled out 15 adjectives I hated, one by one. That’s not a tool failure, it’s just the work.

It’s important to stay grounded in the fact that we, as marketers, are still at the helm. They are tools, but it’s a long way off before they can “really” do our homework for us.

That’s where our own personal judgment and years of expertise come in. We need to take accountability for what they produce, as if it were our own work. Because it is.

It’s a bit like zero trust. With AI content, you always verify.

What marketing activities are you confident drive revenue, and what’s still getting budget without really earning it?

The clearest through line to revenue runs through content and programs that generate genuine engagement. The kind that makes someone want to read more, come back, and eventually raise their hand for a real conversation with a salesperson.

Events, when done well, have a real, traceable impact. Webinars, when structured to include real voices and not just a glorified demo, still earn their place. Demand gen programs built around those two pillars consistently outperform flashier alternatives.

On the other hand, gating everything is a mistake. Sure, you will get some valuable data. But you’re also treating prospects as if they haven’t earned access to your thinking and making yourself invisible to AI search engines. If your best content is behind a form, it’s not feeding the LLMs that buyers are increasingly using to do their research.

How can marketing teams build better relationships with product, engineering, and threat research?

Genuine, ongoing communication is the foundation of any good relationship.

You won’t get the insight you need from a quarterly briefing, and marketing can’t tell compelling stories if it finds out about things after the fact. The best marketing assets rely on real visibility into what each team is working on and what they’re learning.

The best way to get those insights is to build personal relationships, not just professional ones. Have 15-minute catch-ups every couple of weeks – it doesn’t even matter if you’re talking about work.

I’ve had experiences where someone on another team had a background that would have been invaluable if I’d known about it sooner — an IT director in a customer success role, for instance, whose perspective could have shaped entire campaigns. You have to know your talent before you can deploy it.

Threat researchers, in particular, have zero time. That’s just the reality of every organization I’ve been part of. So, you have to reduce the friction on their end.

AI can help here — if you have five ideas you want to run past a research team, use AI to model the proposal in a way that respects their context and communicates the value clearly before you even get in the room.

If you had to reallocate 20% of your budget toward the highest-impact initiatives, where would it go?

First, a proper content audit. Most teams are sitting on more useful material than they realize, and a single event or webinar can live and die in 48 hours if nothing follows it.

Map what you have, understand where it sits in the funnel, which personas it speaks to, and then build a world of reusable content from it. If you’ve got a spreadsheet of your content library, you can have a genuinely useful conversation with an AI tool about what’s being underutilized.

Second, real investment in AI tool fluency across the team. It’s not enough to just license tools and let your team loose; you need to help staff get comfortable with them in a way that’s also secure.

In a security organization, you need to be deliberate about what you’re putting into AI tools. Cisco has an internal approved toolset. That model makes sense.

Third, peer review platforms. G2, Gartner Peer Insights, Peerspot — these are increasingly worth the investment, especially as they build out intent signals for paid programs. Buyers read them directly, but they’re also feeding the LLMs. When a buyer asks ChatGPT which identity security vendors are worth evaluating, G2 is often cited.

What’s the uncomfortable truth about cybersecurity marketing that most vendors won’t say out loud?

Most organizations mistake their content volume problem for a content strategy.

They’re churning out blogs, threat reports, webinars, and white papers — and buyers are overwhelmed. They can’t tell one vendor’s content apart from another’s. They’re just looking for the specific information they need, in the moment they need it, and they’re not finding it because it’s buried in a library of thirty assets with nearly identical names.

The vendors winning right now aren’t the ones publishing the most. They’re the most strategic and organized about it. Genuinely useful content, ungated, easy to find, clearly structured, so you know what you’re getting before you click.

The fix isn’t complicated, but it requires honesty about what you’re producing and why.

Your sales team talks to prospects every single day. They know the problems better than anyone. Start there. Follow your competitors’ content the way your buyers do. Benchmark yourself honestly. Ask whether what you’re putting out would make someone want to read more — or close the tab.

Volume is easy. Strategy is harder. Buyers can tell the difference.

Kim Brown is a cybersecurity marketing leader with over 15 years of experience across Duo Security, Cisco, and Blumira. She is currently focused on modernizing content activation and demand generation programs in an AI-driven environment.

About Bora

We’re Bora. We work with security companies to turn complex technical capabilities into clear, credible market narratives.

Get in touch for a free 30 minute consultation. If we’re not the right fit, we’ll help find someone who is.

RELATED

Can We Rely on AI Detectors?

Can We Rely on AI Detectors?

May 13, 2025 | ,

The rise in Artificial Intelligence has raised the need for everyone to use extra vigilance when reviewing any information. In an effort to reduce the job of manually checking this work, tools that purport to check for the existence of AI-generated content have been...