My journey so far: 10 months, +5200 subscribers, and some amazing new friends

I told myself I would do a lookback blog post when I hit an "impressive" subscriber count. When I first started Detection Engineering Weekly, I thought 100 subscribers was my ceiling as a content creator, which would be a fantastic feat. Boy, was I wrong.

I get asked by readers and other content creators what is the origin story behind this newsletter and how did it get "so big"? I'm happy to explain, but first, I want to give some context on my life right before I started it. If you'd rather get straight to my top 10 lessons, click here. Otherwise, grab a seat, crack open a drink of choice, and come sit with Papa Techy.

What do you want to sell people, a pain pill or a vitamin?

For those that don't know, for whatever reason, I decided to time three massive life events within a 3-month window in 2021:

1. My daughter was born.

2. I started a rigorous and competitive MBA program at NYU.

3. I left a startup after 7 years, where I was the first researcher-turned-Senior-Director and joined Datadog to boot up a greenfield organization and grow a product suite.

Oh, by the way, number 2 started when my daughter was 2 weeks old. So, I obviously had a lot of time on my hands.

With my books in hand and studying nights and weekends, I began my journey as a first-generation grad student in my family. Accounting, Macro/Micro Economics, Finance, Strategy, Statistics, and Leadership courses dominated my life for several semesters. I had fantastic, world-class professors, and the education gave me a unique intersection of my technical background, my experience working at startups, and a more rigorous approach to business. But, one class and general theme throughout the MBA fascinated me: Marketing!

The hacker community distrusts the marketing discipline and likes to meme on it, and you know what? Some of the criticisms are fair. But, without brilliant, disciplined, data-driven marketing, we wouldn't have products we LOVE. There is an art and a science behind it. And one of my classmates, a successful CEO and marketer, had a saying in our Marketing classes that stuck with me:

"Whatever you build, ask yourself this question: are you trying to sell a vitamin, or a pain pill?”

This is important as it relates to my newsletter and security content in general. Let me break it down for you.

In general, it's best to "sell" a pain pill rather than a vitamin when creating products. Netflix and Social Networks make up most of big tech, and you can arguably say these companies solve an unmet need. But we aren't looking to make a Netflix here. We are looking to make a newsletter!

Timing is everything: newsletters and long-form media

Since I spent most of my free time studying, I needed to find clever ways to stay abreast of the latest trends in the threat and vulnerability landscape. Most of this news came from social media. Then came Mr. Tesla, who started to gut everything I used on Twitter. Pair this with the significant departure of "threat intel Twitter" (different from infosec Twitter). I was left with a new pain point: I am in a role that requires daily interaction with new techniques in threat detection and a rapidly evolving threat landscape, but I needed help aggregating the latest trends.

This timing paired with my pain point presented an opportunity:

If my pain point wasn't met by any solution, why not solve it myself? I was subscribed to several newsletters then, and I loved the format: a quick digest of news and blogs curated by experts, sometimes with commentary. They mostly deliver on a weekly schedule, and within 5-10 minutes of reading each issue, I had a list of links I could filter and then read throughout the day.

Much like podcasts 10 or so years ago took off, newsletters were becoming bigger in our industry and within tech. My assumptions seemed reasonable:

• Total Addressable Market: A healthy (100k+) group of infosec people who want to read and learn about threat detection. A quick LinkedIn search for "threat detection" yielded 1000s of people, and heck, even Florian Roth's Twitter has 100k followers. I'm delighted with my results if I capture 10% of that market.

• Pain point: Life after Twitter was easy to imagine because I was in it. So, much like Spotify, people want media curated to their interests and needs. Platforms like Substack provide a social networking angle to long-form content, and they have built-in newsletter capabilities.

• Intangibles: The infosec community likes opinionated personas, and with 10+ years of experience at a various companies, I could serve as that voice. Marketing teams call these "Key Opinion Leaders."

• Networking: I know a lot of folks in this space already, so they could give me feedback along the way

• Fantastic decision-making skills: I definitely have a lot of time to spare with a 1-year-old, a marriage, moving out of state, grad school, a demanding job, and a new kid on the way

And that’s how I met your mother Detection Engineering Weekly was born!

Zack’s Top 10 Lessons Learned

After almost a year of writing a weekly newsletter, thousands of subscribers and thousands of dollars/yr revenue in paid subscribers, I learned several things that keep me motivated and (in my opinion) successful at this. If you want to start a newsletter focused on cybersecurity, consider taking these Top 10 lessons to heart before you begin.

1. Find a need and a pain point you experience, and build a newsletter that helps relieve that pain. If you feel it, chances are the security community also feels it. Humans react to pain much more viscerally than a "vitamin" that enhances something.

2. Claim a niche and become synonymous with it. There is so much nuance in security, so there's an opportunity to capture a greenfield topic, old or new, and then you become associated with it. My goal with Detection Engineering Weekly was to be on the front page of Google when you search "Detection Engineering." Go ahead, Google it, and tell me what you see :).

3. Focus on getting eyeballs and subscribers first, the money and opportunities come after. Getting eyeballs means creating content that readers want to revisit every week. If you try to focus on monetization first, you lose track on solving the pain point you set to solve.

4. Network. Find other newsletter creators and pitch or link your newsletter. It's a small group (and snowballing), but my subscriber count comes from other newsletters referencing mine. I'll reference a newsletter if it'll be useful for my readers, so when you write good content (Tip #3), it makes sense for me to link it. My friend and fellow newsletter colleague Mike Privette of Return on Security added this on while reviewing my draft:

   Always hype up your newsletter brothers and sisters because when they grow, you grow too. By doing so you become a "household name" with the community and that shared word of mouth goes super far in our world, even being on different ends of the spectrum with cyber

5. Consistency. Identify how much you want to write, then RARELY stray from that. I call this newsletter Weekly for a reason. When it stops being Weekly, your reliability as a writer and a creator plummets. Tell your readers when you can't make an issue. They appreciate it!

6. Use other newsletters and creators as a cheat code. Good artists borrow, great artists steal! I've leaned heavily on copying and modifying concepts from other security newsletters that are useful for me as a reader. This includes format, prose, and marketing. This is a cheat code in many ways, as it gets you ahead on certain parts of your newsletter without making and learning from your mistakes.

7. The 365 rule. Ask yourself this question: could you write content for your newsletter for 365 days straight? If the answer is yes, you have the motivation to be consistent (Step 5). If you answer no, you'll need to revisit your topic, motivations, or schedule.

8. Systematize your writing. Every big newsletter you read isn't written in a vacuum. There are systems behind it. For example, I have several sources for content, and some of them are places that the general "security" community doesn't have access to. I need to quickly aggregate engaging links and news, vet the content, and then write a synopsis. I could do this every week with tools like Feedly, Notion, Slack, social media, and Substack.

9. Integrate your newsletter and content creation into your life. My newsletter is part of my daily and weekly rituals. I schedule a time to write every morning and evening, timebox it, and then leave it alone. It's the only way I can make it work with a family and a demanding job.

10. Write the same content as if 10, 100, 1000 or 10,000 people are reading it. Keep focus on YOUR identity and the identity of your ideas. I would write this newsletter the same if I were at 1% of its subscriber count. It keeps me focused on current news and techniques and makes me way better at my job. I'm privileged to say the subscriber count is a bonus.