Operations Security (aka, OpSec) is one of the issues that half the world doesn’t know about; the other half knows about it (although unlikely by name) and makes minor and conventional head-nods towards adhering to its ideas, hoping that will be enough because it’s such an abstract and theoretical idea; and a tiny, tiny, tiny number of people–who tend to remain silent on all important issues (although often talkative on the unimportant issues)–are utterly obsessed with.
Your writer here may or may not be a member of this final group. But even if I were, wouldn’t it be safer to say I’m not a member? Thus, you, dear reader, will never know how truly OpSec obsessed I am. Or am not. Or “am but pretending to be am not” and so forth.
First, let’s define our terms. Wikipedia’s page is as good a starting point as any. In short, it starts with the assumption that people playing on the other team are really, really, really smart. Given that assumption, they’re going to try to figure out what your team is doing in subtle and nearly imperceptible ways. Standard security worries about, say, having 2FA so bad guys can’t get your password, or posting security guards around the building perimeter. OpSec is more concerned with the fear that, say, the VP’s secretary–who knows every detail of what the company’s true weaknesses and true plans–just happens to be a bar and a cute man just happens to sit next to her and strike up a conversation… Yes, it sounds like something out of a Bond movie, but remember that Bond creator Ian Fleming did work for Naval intelligence. (If only life were all dodging bullets and meeting beautiful women, Bond-style!)
OpSec / Operational Security ties into Digital Marketing and Martech in particular in a few ways.
First, you need to assume your serious competitors are doing everything they can to extract every piece of information about what you’re doing–your CALI, as it’s called in OpSecland (your capabilities, activities, limitations, and intentions)–using the most clever and indirect ways. Assuming that, how do you defend yourself? Whom do you trust? Whom do you give access to what? How do you find out who is or isn’t talking to whom? How do you keep under wraps what needs to be kept under wraps? And how do you do that without creating an atmosphere of total paranoia on your team?
Note that if your competitors aren’t doing this, this just means one thing: you haven’t succeeded enough. You’re too small. But that’s not a bug, but a feature: it’s a good thing. You can sleep easy and comfortably at night.
Secondly, you don’t need to only be on the defensive about this, but you can be on the offensive. They’re trying to find out what you’re doing… why don’t you give it to them. That’s dezinformatsiya (дезинформация), usually translated as “disinformation”–of course using the original Russian word, to acknowledge the team who perfected that into an art (for better or worse–don’t think I’m making any statement of support here, not at all!).
This is where things become, for lack of a better word, fun. Lots of fun, indeed. We want them to think something. How do we give off the appearance to them that we’re doing this, and not that?
One answer is: using a lot of the martech tools that the last years have perfected.
We can do laser-like targeted advertising. Why not show our target market ads to convey the message that we want them to think?
We can target ads not at the target… but at those around him. So the people around him can get certain ideas into their minds, so they’ll subtly push their friend into this or that direction.
We want to reach out to a particular person, perhaps in a surprising way? We can prime that person with targeted messaging.
If you’re reading the above and thinking, “Do people really do this? Really??” I would say: if you have to ask: it’s a cute world where sales and marketing happen where you just have a great product and and take out cool, hipster Instagram ads. But back in the real world, indirect marketing is the most effective, and indirect marketing gets at your target in very surprising ways–that’s why it’s indirect. And then success happens with a combination of blood, sweat, and tears. Hopefully with lots of sweat, only a few tears, and no blood.