As the first quarter of 2022 is behind us I want to share some behind the scenes of how we approach content marketing at Chainguard. And as a bonus, our top 5 blog posts from this year!
Know your audience
90% of our posts are aimed at developers or practitioners aiming to make their systems secure by default. We do have a few posts aimed at leadership and Chief Information Security Officers (CISOs) to pull the big picture together and help them work closely with their engineering teams. This talk on Content Marketing to Developers by Danielle Morrill is a timeless classic and influences a huge part of our attitude towards content marketing. Morill says “...more than any other audience, developers want to be treated like people because they are people first of all”.
The types of content we gravitate to are:
- Technical tutorials on how to X with Y: e.g. Keyless Signing on Amazon EKS
- General technical content: e.g. Making Package Signing Useful
- Open source community-related posts: e.g. Why Chainguard joined the OpenSSF
Ship something crappy, incrementally improve and never ever, ever, ever stop doing it.”
- Danielle Morrill
Ship something crappy
The chainguard.dev site was thrown up quickly with the blog’s default styling. Links were invisible in dark mode. It’s no surprise that it wasn’t super clear to folks what Chainguard is all about. Two days after I joined the team, I threw together my first blog post: WTF is Chainguard?. Later, a third-party reviewer would go on to share that the post “feels half-done.” I’m quite proud of that.
Over time we would incrementally improve bit by bit, for example:
- Requiring each blog post to have an image
- Scheduling out 3 tweets per post instead of ad hoc tweeting
- Spinning up a LinkedIn presence
- Introducing tags to help categorize tweets
Have fun experimenting
We don’t have a preset content calendar but do capture ideas for blog posts. Software security can often be a very dry subject area. We like to experiment with different formats for fun and to see what works and what doesn’t. For example:
- Infographics in this NIST post
- Blog series on NIST and SLSA
- We published our first whitepaper in March
- Quickly followed by a slew of April Fool’s memes!
Bias for speed
Once a draft post is shared folks jump in internally to give feedback. However, we don’t follow a style guide yet nor do we have each of our posts copy-edited. Mostly we review for clarity. That means some posts ship with spelling mistakes and errors. I’m ever so grateful to folks who message us to let us know when something needs fixing!
Chainguard’s voice is everyone’s voice
Probably the thing I’m most proud of is that the Chainguard blog has posts by 15 different authors. Folks take the time to stop, write, and share what they are working on—which as we grow has become essential to keep up with all the activity happening in the company straight from the lion’s mouth!
What’s working? (And our top 5 posts)
While we do keep an eye on metrics we also evaluate qualitative feedback. So far so good. It is especially gratifying when we have a call with customers and they mention or reference one of our posts.
Here are the posts that have had the highest number of views this year:
- What an SBOM can do for you
- Introducing apko: bringing distroless nirvana to Alpine Linux
- How Citi is building the secure software factory with Sigstore and Tekton
- Zero Security Debt for Container Images Is Possible
- Automatic SBOMs with ko
Never ever, ever, ever stop doing it
So far we have met our target of at least one blog post per week. Hopefully, as things get busier we can still manage to keep this up and keep helping folks on their journey to more secure software supply chains.
A big shoutout to all of our readers and especially those who help share and promote our talks, including these awesome community newsletters which have featured our posts: