InfoSec Has an Image Problem
When most people think of “security,” the concepts of good security hygiene or zero trust are not likely to be the first things that come to mind. It’s more likely the average individual will cycle through a mind mapping session that starts at the door to a bank vault and might end up somewhere near an episode of Person of Interest. In large part due to mainstream media, the idea of security often becomes entangled with fictional concepts of who the people in the world of security are and what the data battlefield looks like.
This is not the security industry you’re looking for.
In taking a closer look at the portrait of security through the eyes of modern media, some themes emerge. The dominance of red and black is no coincidence, nor is the distinctly futuristic tone of most security-oriented visuals. Keeping in mind that film and narrative depictions of hacking, cryptography and the digital network overall were often grossly exaggerated by imaginative minds moved by the potential of “cyber” and the brave new technological world, it is interesting to note that a good chunk of aesthetic choices within the infosec industry appear to have drawn inspiration from those same glamorized concepts found within genre fiction.
The breadcrumbs begin in the mid 70s during the height of network development. As the future of human connection and technological innovation dawned, authors like William Gibson, Neal Stephenson and Philip K. Dick penned genre-defining works that would become synonymous in the mainstream with what the swiftly impending future could look like.
In tandem, special effects technology was evolving, making film a robust medium for giving further shape to the mysterious worlds of those intimately versed with the language of the internet. Data itself could become a character, with code and network activity brought to life through frenetic animation and fast-paced editing.
With the personal computing market booming, the 80s and 90s would produce cinematic cult classics like Wargames (1983), Hackers (1995) and The Matrix (1999) which depicted exclusive, ultra-edgy worlds loaded with social commentary, and wildly imagined tech. While these works of fiction were rarely wholly true (and often painfully inaccurate) to the realities of how IT professionals or cryptography enthusiasts lived and worked, the aesthetics certainly did not go unappreciated by them.
Hacking/data visualizations from left to right: Hackers (1995), Johnny Mnemonic (1995), The Matrix (1999)
Fiction is not alone in influencing the security culture’s distinctive looks. Subscribers to video game, comic and punk subculture were often makers, tinkerers, programmers and cryptographers of various ethical alignments. Through their shared ideologies and curiosity for understanding how things worked, many technology enthusiasts found community and purpose.
This often culminated in the assembly of collectives of like-minded individuals who could learn, play, and tinker together. It is the proverbial love of the game, the thrill of knowledge-seeking, the nostalgia and romanticism of technological obsession, and the old-school pastiche of the 70s-90s that still heavily influences the infosec industry’s image.
But how well does it serve audiences to flavor the fairly mundane activity of protecting digital data with the cyberpunk mystique? Let’s face it—as an activity, security doesn’t look terribly sexy. However, watching Rami Malek decrypt keylogger files to subvert bad guys in under three minutes is pretty compelling. These kinds of depictions of the security world have helped to provide simplified context to modern audiences. It is that cinematic “sexiness” which infosec advertising often utilizes in order to access the attention of wider audiences. This strategy can be helpful because it is difficult not to notice advertising that evokes mystery, secrecy, or danger and alarm.
Because security marketing often errs towards being provocative, it can invite the feeling that everyone and everything is after your data and that an overreactive response is the best response. This strategy can be problematic because while emotion can mean that you are paying attention, it can also mean that you will simply react out of mistrust, doubt or fear. This is where the security industry at large encounters an image problem.
Our Brand’s Approach
At Duo, we don’t believe that using the visual glitz of FUD (fear, uncertainty and doubt) is the most helpful or effective way of evangelizing security. Duo is fundamentally borne from a hacker ethos, but with the challenge of democratizing security before us, we set out to approach marketing security differently, without using the vague mystique of “cyber” or hacker culture as a crutch or invoking any socio-politically inspired feelings of dread.
Our intention is to make security concepts clear and actionable for individuals within diverse tech trades, to emphasize security overall as a holistic utility, and to help educate a growing public audience with mobile, digital lives that are rapidly transitioning to the cloud. Our advertising methodology is a response to Duo’s mission of reimagining security into an accessible and sophisticated commodity and philosophy. We are creating sophisticated, top-shelf products that help to revolutionize how companies secure their data, and we are creating and marketing them with trust, simplicity and integrity in mind.
Taking a pass over Duo products and graphics, you might notice a few things. We champion the concepts of ease, simplicity and cultivating trust, from the Duo Mobile authentication application to the admin panel. This sensibility continues into the DNA of our brand.
What radically sets the Duo brand apart is the design influence which comes from within Duo doors. Our in-house brand team subscribes to the International Typographic Style—better known as the Swiss Style. The Swiss style is an influential design methodology famously adopted by contemporary designers such as the likes of designer/filmmaker Saul Bass or graphic designer Paul Rand.
It not only encapsulates a specific way of designing, but adheres to a core philosophy of visual cleanliness, clear hierarchy and structure. The Swiss design methodology allows complex concepts to be visually stripped down to their core essence, thus discarding unnecessary ornament which communicates nothing, and embracing the stark beauty of brevity. With that reasoning, we find our inspiration for approaching our “reimagining” of security advertising.
A sample selection of Duo’s ebooks, all produced in-house from concept to production.
A collection of Duo posters, adapted from the cover artwork for a number of our ebooks.
Next, you might notice an abundance of green. An unusual color perhaps, set against a landscape of security branding that often comes in attention-grabbing shades of red, yellow and black. Duo’s dominant combo of green and navy intentionally seeks to avoid the red—evocative of fear, danger or denial—that is ubiquitous within the security industry. As the majority of the Duo user experience is the process of authenticating, or using the green “approve” button in our mobile app, the company’s overall appearance is aligned with the same “green means go” sense of trust and approval.
Additionally, by using a cool color palette vs. warm, the visual and psychological correlations become closer to a sense of calm, growth, health, positivity and balance. This intention becomes clearer when looking at other company branding produced in-house, such as Duo Labs, our in-house security research group. Somewhat conversely, Duo Labs boasts sleek monochrome branding which elevates the presentation of content oriented toward a more technical audience, and creates a vibe that is just a bit edgier (without becoming cliche) than the overall Duo brand.
Finally, you may notice that we take a different tone than might be expected when we speak about security. The language adopted by a brand is as important—if not more —to the appeal, perception and inherent identity of the organization as any other visual asset.
Brand language is a core component of winning the hearts and minds of audiences, and as with our design, it is something that we treat very consciously and carefully at Duo. Our messaging and content comes first, therefore it is frequently paired with visuals for a variety of mediums, creating an array of assets that aim to inform and educate.
Duo’s Creative team, comprised of graphic designers, web developers, content strategists and filmmakers, works together closely to ensure that all of our materials are in sync and consistently following the methodologies that help to make our brand of security unique. We maintain an approachable, straightforward tone that avoids buzzwords, cliche and FUD in order to evangelize our work and provide context to current events in the infosec business.
Problem Solving for a Security Image Revolution
As designers within the infosecurity space, we have accepted a unique problem-solving challenge: How do you reinvent the way a concept has been visualized and communicated over so many decades?
Security has historically been designed and advertised for the eyes of infosec professionals, CISOs, CIOs, hackers and tinkerers. Increasingly, the need has arisen to design for security’s greatest untapped ally, the end user, who we hope will be receptive to understanding security beyond the concept of two-factor authentication (2FA) and using unique passwords.
Our challenge as a Creative team for a security company is to address an audience that has always been aware of infosec, but has been consuming a less-than-effective image of what the industry is for a long time. Times and audiences are changing rapidly, and our brand is committed to being responsive.
From inception, Duo has been driven by the problem-solving sensibilities both of programmers, and that of visual designers. We are a company of skilled craftspeople—both creative and technical—who use many instruments to create a bold new imagining of infosec. We hope that more of our peers in design and technology will join us in that effort.