When normies think about Opsec – well, they don’t since they’ve never heard of it; but if they, say, read the Wiki page or knew the one-sentence summary of what the hubbub is about – they might be inclined to think that you just need the right set of tools, and then ensure they’re used, and voila! Put 2FA everywhere and ensure everyone uses it; use encryption; https/ssl; etc; and voilà – we’re secure!
Sadly, OpSec doesn’t work that way. (“Sadly” only because it would have been a much simpler world if it did!). Yes, tech mechanisms are important – but just one piece of the puzzle.
Here’s a hint: most OpSec attacks don’t involve technology. They could involve what old-school “hackers” (hi, 2600!) called “social engineering”: calling up the secretary and pretending to be tech support to get the naive secretary to share the password, for a classic example.
And from there, it only gets stronger. Picking people up in bars – who can resist someone cute trying to pick you up? And from there… let your mind wander as to what happens next!
Now, let’s apply this thinking to the digital marketing universe.
First, you need to make sure your marketing team is not only paranoid about OpSec, but applies its core principles with every interaction.
Second, one particular point at which this breaks down is in what we could call “outsourcers outsourcing” scenario: a 90% trusted team hires someone else they trust 90%, who then hires someone else they trust 90%, and so forth. And suddenly you go from 90% trust almost 70% trust which is much easier to find a hole in!
Third, you need to make sure you trust not just the leadership & management of the team, but the rank and file soldiers, too. Talk to them yourselves and, for lack of a better word, smell them.
Fourth, don’t only think about OpSec in a defensive way, but in an offensive way, as well. How can you use OpSec marketing to your advantage? To use a classic sports saying, “the best defense is a great offense”: so how do you get at your competition before they get at you?
And one answer to that OpSec challenge is: via clever marketing. And that, ladies and gentlemen, is precisely why we need to marry OpSec and marketing.
Morgan Friedman has been building and running Display campaigns on top of GDN Network of Adwords, err, he means "Google Ads," for almost 15 years. Friedman is, by nature, an obsessive optimizer, and has been A/B testing every obscure option, configuration, strategy, and tactic on Display Ads. Oh and search ads, as well as figuring out how to grow companies and politicians from just the seed to hundreds of thousands of users, or voters, as well. His favorite number is eleven. Morgan enjoys writing about Managed Placements.