One of the most basic principles of OpSec (insofar as it connects to marketing or not; more broadly speaking) are the CALI principles. In short, it is the following:

You must always be alert to the fact that the business (or team) you’re competing against it going to be trying to learn about your business, and then exploit what they’ve learned to their advantage. And there are four basic areas in which they try to learn about. These are the CALI principles:

  • Your capabilities. What are you able to do, and what are you not able to do? How strong are you, really? Or weak?
  • Your activities. What are you actually doing? Or not doing?
  • Your limitations. There are a bunch of things you’re not doing: why? What is limiting you? Note that this is basically the same your vulnerabilities.
  • Your intentions. What are you planning on doing in the future? And what are you doing to prepare for that?

Now, how do these apply to OpSec-oriented marketing?

Basically, by flipping all of these on their heads… and doing the same to your competitors. And then taking what you learn and using it to your advantage. Let’s go through the same list:

  • What are your competitor’s capabilities? How do we make the Internet know about the worst or weakest aspects of his capabilities?
  • What are your competitor’s activities? Are we tracking his capabilities? Are we marketing against each of those in which we are also capable?
  • What are your competitor’s limitations? Now this is where it gets fun: let’s compete with him in the area past his limitations–and make sure the world knows about his limitations.
  • What are your competitor’s intentions? Let’s build the marketing and community around those well before he does.

OpSec, more broadly, is often conceived of as a defensive mechanism. But why not flip it on its head and use it on the offense, as well?