Author Teresa Rothaar
“How do I get into cybersecurity?”
It’s a perennial question. Usually, cybersecurity pros answer it by talking about things like blue-teaming and red-teaming, becoming a security operations center (SOC) analyst or a penetration tester, or sometimes, getting into the compliance side of the house.
However, there’s a world of opportunity in a part of cybersecurity that doesn’t get much attention: marketing. In addition to acting as a side door into the wide world of infosec, it’s possible to build a fulfilling and quite lucrative career in cybersecurity marketing.
I know. Up until the beginning of the year, I worked as a freelance cybersecurity copywriter before transitioning into a full-time position as a compliance analyst with Keeper Security.
What is a cybersecurity copywriter, anyway?
Everyone reading this, even if they’re brand-new to the security industry, probably has a pretty good idea of what a compliance analyst is. But in my experience, most people have never heard of a cybersecurity copywriter. I spent nearly 6 years being asked, what is it you actually do?
That’s a shame, because copywriting provided me with a path into this industry that I wouldn’t have had otherwise. It literally propelled me from walking dogs and taking cheap Upwork gigs to forging a path as a cybersecurity professional.
First, let’s talk about what a copywriter is
Before you can understand what a cybersecurity copywriter is, you need to understand what a copywriter is – and I’ve found that a lot of people aren’t familiar with that job, either.
A copywriter writes clear, compelling copy for the purpose of selling products, or educating and engaging audiences. Everything you read, not just on the web, but in places like magazines, advertising circulars, billboards, and even the back of Blu-ray boxes, was written by someone.
You may write your own blogs, but companies and busy executives don’t. They hire someone to write blogs, articles, and other written collateral: a copywriter.
At this point, it’s really important to point out that being successful as a copywriter requires a lot more than just having a handle on grammar, punctuation and spelling. The ability to compose a coherent sentence doesn’t translate to being able to write copy.
Many people think that English majors are perfect candidates for copywriting jobs, but that’s not necessarily the case. Academic writing is a world away from business writing – although it can come in handy if you get into writing whitepapers, which I’ll touch on later.
Good academicians aren’t necessarily good business people. Copywriters must be both.
The daily grind of a copywriter
A few years ago, my husband and I saw an article penned by a “copywriter” who claimed to write 10,000 words a day, every day. This would be like banging out an entire season of The Walking Dead every week.
That’s not how this works. That’s not how any of this works.
I don’t know what this person thought they were doing, but copywriting isn’t a race to see how many words you can produce on a daily basis. The actual “writing” part of copywriting takes up only a portion of a copywriter’s day. The rest of the time:
Copywriters work with the rest of the marketing and creative departments to develop communication strategies and ensure consistent brand messaging, including voice and tone, across all communication channels, both digital and print. You don’t want your organization’s social media accounts to sound wildly “different” than your company blog.
Copywriters perform tremendous amounts of research, especially when writing whitepapers.
Copywriters may interview a company’s clients to develop brand case studies, which talk about how the client used a particular product, or product suite, to achieve a specific goal.
Copywriting for cybersecurity companies
Typically, the most successful copywriters specialize in a particular field. I came to specialize in cybersecurity and cloud.
In addition to understanding the business aspects of copywriting, a cybersecurity copywriter must understand the technical aspects of infosec, at least on a high level. For example, if you’re writing a blog about Log4J, you must understand what Log4J is and why it’s a problem, and have some idea of how to mitigate it.
If this is starting to sound a bit like technical writing, it’s because there is a lot of crossover. When I was a copywriter, in addition to marketing materials, I worked with developers and engineers to put together product documentation, as well as to write whitepapers, which are generally more technical than blogs. Whitepapers is an area where extensive academic writing experience comes in handy, because you must know how to properly source references.
However, technical writers focus on product documentation, such as user manuals, not marketing collateral, like blogs and sales sheets. A good rule of thumb is that copywriters help sell products; technical writers help existing customers use them.
Potential career paths for cybersecurity copywriters
Most companies don’t hire full-time copywriters, because they don’t have 40 hours/week of copywriting work. This is why I worked for myself. However, post COVID-19, I began noticing an uptick in cybersecurity companies hiring full-time copywriters – perhaps because there aren’t that many of us, and when a company lands on a copywriter who knows security, they don't want to let us go. (This is why Keeper Security offered me a full-time job. I’d been working with them for over two years!)
You can spend your entire career specializing in copywriting, or you can segue into related areas in marketing, such as product marketer, content director, perhaps even sales engineering. You can also do what I did, and use your writing skills and knowledge to transition into another area of infosec that’s writing-intensive – like an analyst job.
Where you take this all depends on your personality and interests!
How did I get started?
I didn’t wake up one day and say, hey, I think I want to be a cybersecurity copywriter! I fell into this industry entirely by accident. I was a generalist copywriter who sourced quite a bit of work on the Upwork platform. One day, out of the blue, a governance, risk management, and compliance (GRC) software development and auditing firm solicited my writing services. At the time, I had no idea what GRC was, but this company had an ongoing need, and I desperately needed the money, so I started furiously Googling.
I gave myself a crash education in GRC and security. This company needed weekly blogs and other materials, and I quickly built a portfolio. This portfolio caught the eye of a public relations firm that worked with cybersecurity companies, and they solicited my services. One by one, other clients followed. Eventually, I got to the point where I didn’t have to advertise, because people were finding me, not just through my Upwork profile but through word-of-mouth. I connected on LinkedIn with everyone I did business with, and when those people moved to different companies, they referred me to their new employers.
In 2019, I had my best year ever. When the pandemic began in 2020, I thought my business would end – but as everyone and their brother had to secure their remote workforces, my clients’ business exploded, and so did mine. I had to turn work away!
This continued up until I accepted a full-time position with Keeper.
How can you get in on this?
Start with freelancing
As a beginner, your best bet is to do some freelancing to get started. According to Upwork:
36% of the U.S. workforce freelanced in 2021, contributing $1.3 trillion to the U.S. economy in annual earnings, up $100 million from 2020.
Skilled freelancing is growing rapidly! 53% of all freelancers provided skilled services such as computer programming, marketing, IT, and business consulting in 2021, up from 50% in 2020.
Freelancing is lucrative. 44% of freelancers say they earn more freelancing than with a traditional job in 2021.
Build a portfolio
You’ll need writing samples, lots of them, so start a blog and update it regularly. Immerse yourself in cybersecurity news and write about whatever’s going on. Write explainer articles. Compare and contrast penetration testing and vulnerability assessments, or explain zero trust.
I like the Medium platform. Trying to make money on Medium is an uphill battle, but it’s a great platform to promote yourself and what you can do. Medium blogs tend to rank high in search engines. I’ve had clients find me through my Medium blog.
Promote yourself & your services
Promote your blogs on Twitter and LinkedIn. (Facebook isn’t great for this, but you can put them there if you want.)
Put up a website. It doesn’t have to be the world’s greatest website, just something simple so that you have a web presence.
Make profiles on gig sites like Upwork.
Make YouTube and TikTok videos. This was something I’d thought of doing, but I ended up not needing to, because I had so many clients coming my way as it was.
Network, network, network
Be active on social media networks. Get involved in infosec Twitter. Whenever you do business with someone, connect with them on LinkedIn. People in tech move around a lot. If someone is happy with the job you did for them when they were at Company A, they may use you again once they move to Company B. I’ve had this happen!
Bilingual or multilingual?
If you can write well in more than one language, you can write your own ticket as a cybersecurity copywriter. Multinational cybersecurity companies need copy in different languages. They also need copywriters to interview international clients and write case studies in other languages.
The work is out there. Go get yours!
About the Author: Teresa Rothaar spent nearly six years working as a freelance cybersecurity copywriter before obtaining a full-time position as a compliance analyst.