4 Tactics to Market your Product’s E2E-Encryption

Jon McLachlan
4 min readJan 12, 2020
Photo by Jon Tyson on Unsplash

Did you just add E2E-Encryption to your product, and not sure how to market it?

#1 Sell the problem, not the solution.

The problem needs to come first. If the problem your security features solve does not resonate with your audience, then that’s where you need to start. Don’t just jump right into encryption. If you’re in a regulated vertical, this is easy (because missing security features are a show stopper).

#2 Compare your product to your competition.

Pragmatic early-majority markets are only interested in the absolute best whole product. These customers are risk-eliminators. They need help solving hard problems, and expect solutions that will work well and work effectively. They have zero interest in any grandiose visions of the future and might interpret grandiose visions of the future as red-flag.

One of the essential tools to help demonstrate the best value-vs-risk is a direct comparison of your product to your competition. Not only do you need to match what your competition is doing, but you need to exceed the value your competition has to offers your specific target market. Now, let’s not go crazy here. Less is more. But it is helpful to identify two types of competitive products to compare your product to:

Market Competitor: This is the legacy product that already holds market dominance. Often it’s sold by a larger organization that can not move or adopt the latest technologies quickly and efficiently. Often overpriced and clunky, it validates your product’s existence by demonstrating the problem it solves is real. Compared to this product, your product needs to appear new and innovative. For example, integrations with Peacemakr will shine nicely in this comparison.

Product Competitor: This could be any other new product trying to penetrate the pragmatic early-majority markets. A comparison to this product should demonstrate that your product is the most mature and the least risky of all the new emerging products. Here, recent security breaches, regulatory compliance certifications, or performance metrics will go a long way to demonstrate that your product is the most mature (least risky).

See what you did here? You used your competition to look both dashingly innovative and yet, somehow, also the least risky and mature.

Once a pragmatic majority market adopts a single product as the best solution, it sticks, and it spreads. Remember, your aim here should is to be the biggest fish (best product) in a small pond (target market).

#3 Security is a form of Trust. Reinforce that trust by being specific.

There are two types of security expectations: the ones explicitly set forth by the market, and the ones implied by user trust.

Explicit Security Requirements
Addressing explicit security requirements set forth by a highly regulated market is time-consuming but at least straightforward. For example, GDPR in Europe, CCPA in California, HIPAA in the US Health Care vertical, FIPS in the Defense vertical, or CommonCriteria in Financial or other enterprise verticals. You either meet these requirements, or you do not. No middle ground. Just be honest about it.

Implicit Security Expectations
Ok. So these are more tricky. It’s basically everything else. It falls into the “don’t get hacked” category. In security, any threat model left vague is dangerous, because they mean different things to different people at different times. So when you build your new security features, don’t be uncertain about what you’ve built. Be specific! Reference specs and standards. Speak to particular threat models. Reinforce that you’ve achieved your goals by sharing customer-facing Penetration Testing Reports that corroborate your security claims.

#4 Tell a story.

All marking is, is a story. A memorable and visceral experience that inspires a specific target market to action. But even children know: stories can be true, or false. The difference between a crazy person and a genius is that the genius builds upon a sense of trust. The genius reinforces a sense of being part of the “inner circle” of the listener. Language and word choice are crucial, but perhaps most important is your story’s context.

The context is not something you control. It’s something you need to learn and understand for yourself. The conditions of the market exist independent of a product or business. Whether you come off sounds like a crazy person or a genius depends on the context you say it in.

So, what’s the security-related context of your target market? What are the values found in it? Do people keep getting hacked? Is there missing privacy? And why does it matter? I have no idea. You have to ask questions and listen. Listen very carefully.

Once customers learn to trust your story, and your story resonates with the values of your market, your marketing will stick. Growth follows.



Jon McLachlan

Founder of YSecurity. Ex-Apple, Ex-Robinhood, Ex-PureStorage. Lives in Oakland. Athlete.