Tag Archives: LinkedIn

In Product Marketing, Strategy Precedes Tactics

I’ve decided to tweak Bredemarket’s public presentation by talking more about strategy. And although I’ve written some new strategy content recently, it’s a heck of a lot easier to repurpose some of the old content I’ve already written.

Such as my July 31, 2025 personal LinkedIn article (separate from Bredemarket’s “The Wildebeest Speaks”…which reminds me, I gotta write another one of those).

Job duties and SMART OKRs

The personal LinkedIn article was called “The Joy of Product Marketing Strategy, or SMART OKRs.”

Let me define the acronyms in the article title:

  • SMART: specific, measurable, attainable, relevant, and time-bound.
  • OKRs: Objectives and Key Results.

Putting it simply, the article talked about the myriad of things a product marketer was expected to do at one company.

Or at any company, frankly. Product marketing job descriptions are fairly interchangeable. Go-to-market. Sales enablement. Competitive analysis. Metrics. Cross-functional collaboration. If you think YOUR company’s product marketing is amazing and different…it isn’t.

The entire list of product marketing duties is a bunch of tactical moves. A brochure here, a battlecard there. It could devolve into a lot of meaningless busywork. (Says the guy who has now written over 2,000 blog posts.)

But WHY are you doing all this junk?

That’s where the strategy comes to play.

Why?

For example, why are you establishing and obtaining approval for this?

“a multi-tiered go-to-market process identifying the go-to-market tiers, the customer-facing and internal deliverables for each tier, as well as the responsible, accountable, consulted, and informed organizations for each deliverable”

Let me list three reasons:

  • To ensure your go-to-market efforts contain the correct deliverables for the tier. Running around like a headless chicken to guess what you need to produce is idiotic.
  • To make sure everybody knows what they have to do. You don’t want a go-to-market effort to tank because the VP of Product won’t approve the customer success internal deliverable.
  • And let’s not forget the biggest reason of all: to allow the product in your go-to-market revenue to get a ton of orders and make a ton of revenue.

Because that’s why you’re marketing products…I hope.

Ask before you act

A helpful tip: before I get into the minutiae (tip your servers, I’m here all week) of a project, I ask a lot of questions first. “Why?” is the first question, but there are more.

The seven questions I ask. One you’ve seen the movie, now read the book.

Speaking of asking, if you want to ask Bredemarket for help with your strategy and tactics for content, proposal, and analysis work, click on the Content for Tech Marketers image below and schedule a free meeting with me.

Stop losing prospects! Use Bredemarket content for tech marketers

Deepfake Recruiters and Invisible Recruiters

Why do scammers target anti-fraud experts? Because sometimes we’re dumb too.

But in this case I didn’t fall for the two deepfake recruiters who emailed me yesterday.

However, I have some concerns about the REAL recruiters that the fraudsters were impersonating.

Deepfake recruiter 1, the Senior Vice President

The first fraudster emailed me early Tuesday morning California time:

Hi John,

I hope you’re doing well. My name is Ethan [REDACTED LAST NAME SPELLED WITH AN “E”], Senior Vice President at Aerotek, a national staffing and recruiting firm.

I’m reaching out regarding a confidential, retained search for a Senior Product Marketing Leader with a real, actively operating company in the identity verification and biometrics space. Your background in product marketing, go-to-market strategy, and competitive intelligence across identity technology firms stood out strongly during our shortlist review.

This role is ideal for leaders who drive product launches, shape competitive positioning, and accelerate growth in B2B/B2G SaaS environments.

If this aligns with what you’re exploring, I’d be happy to share the full role brief.

Best regard 
Ethan [REDACTED LAST NAME SPELLED WITH AN “A”]

When a Senior Vice President can’t spell his own last name consistently, that’s a warning flag.

When said Senior Vice President emails me from ethan.aerotek.desk2@gmail.com, that’s another.

Finding the real recruiter

So because I am a Know Your Recruiter practitioner, (Adriana Linda, Kristen the guy, Amanda the guy, Randstad and Indeed people) I looked up Ethan on LinkedIn.

Turns out Ethan is a U.S. based person employed by Aerotek, with the same picture used in the Gmail account (which I guess qualifies this as a “deepfake”), but he is a Recruiter, not a Senior Vice President.

So I messaged the real Ethan on LinkedIn early Tuesday morning, reproducing the email message above and prepending it with:

Ethan, I received this from a Gmail address

Replying to the fake recruiter

Then I responded to the email from the fake Ethan:

Ethan, I have contacted you via LinkedIn. Please provide your Aerotek email address. Your client will understand.

My final comment probably went over the fake Ethan’s head, but any identity verification company would clearly understand why a candidate would insist on an Aerotek address rather than a Gmail address. Except in certain circumstances that I’ll address later.

And of course Aerotek would be very concerned about fraudsters impersonating real Aerotek employees…or so you’d think.

Back to the fake, who responded a few minutes later. Oddly enough, even though Ethan is U.S.-based, this email indicated that my reply was received in a time zone eight hours ahead of the Pacific Time Zone. Anyway, here’s the fake Ethan’s non-surprising response.

Thank you for reaching out. I’ve been experiencing some technical issues with LinkedIn this week, so I appreciate you continuing the conversation here.

This is the usual tactic employed by scammers. Stay off reputable platforms such as LinkedIn and move the conversation to another platform, in this case email. At least fake Ethan didn’t direct me to WhatsApp or Telegram.

As of Wednesday morning I left both conversations there. I didn’t reply to the fake Ethan’s latest email, and the real Ethan didn’t reply to my messsage.

And that’s a problem.

Concerns about the real recruiter

As I mentioned earlier, Aerotek obviously doesn’t want fraudsters impersonating their employees. And Aerotek employees certainly don’t want fraudsters impersonating them and lifting their facial images for fake Gmail accounts.

But the real Ethan apparently hasn’t checked his LinkedIn account in over 24 hours, and is completely unaware that a fraudster is impersonating him.

Causing damage to him and his employer.

If you’re a recruiter (or any professional) and you have a LinkedIn account, check it regularly. You don’t know what you’re missing.

But let’s move on to deepfake 2: technically not a deepfake since the fraudster only appropriated a name and not a likeness, but worrisome all the same.

Deepfake recruiter 2, the independent and invisible recruiter

The second fraudster emailed me late in the afternoon California time.

Hello John,

I hope you’re doing well.

I recently came across your background in B2B/B2G SaaS product marketing, particularly your work across identity, biometrics, and broader technology markets. Your experience driving product launches, developing go-to-market strategy, and building high-impact content and competitive intelligence frameworks really stood out.

I’m currently supporting a respected technology organization operating at the intersection of SaaS, cybersecurity, and identity, and your ability to bridge complex technical solutions with clear market positioning aligns closely with what they’re looking for.

Given your track record of both strategic thinking and execution (“ask, then act” definitely came through), I believe you could be a strong fit for this opportunity.

If you’re open to exploring, I’d be happy to share a brief overview of the role and why I feel it aligns well with your background.

Looking forward to hearing your thoughts.

Again this person emailed me from a Gmail address, consisting of the person’s name with an appended “8.”

Finding the real recruiter

So I checked out this person also, and discovered a few things.

  • This is also a real person, based in Europe. So she supposedly sent this email after midnight her time.
  • The real recruiter DOES have a Gmail address, but without the “8.” Why? Because the person is NOT employed by a huge recruiting firm such as Aerotek, but is a self-employed recruiting specialist. So it’s understandable that the real recruiter has a Gmail address. But as we will see, not advisable.
  • Her company name is her name with the word “Consulting” appended, according to her personal LinkedIn profile.

So I messaged the real recruiter with the message “Possible scam artist” and the email address (with the “8”) that sent the message.

Replying, and not replying, to the fake recruiter

About an hour later (now well after midnight European time), I received a second email from the fake recruiter that didn’t reference my reply to the first one.

Hello John,

I hope you’re doing well.

I recently came across your background in B2B/B2G SaaS product marketing, and your work across identity, biometrics, and go-to-market strategy really stood out—particularly your experience positioning complex technologies like IAM, biometrics, and AI-driven solutions.

Your track record in product launches, competitive intelligence, and building high-impact content at scale aligns closely with what we’re currently prioritizing.

I’m supporting a respected technology organization that is expanding its product marketing leadership team, and based on your experience, you could be a strong fit—especially given your depth across both public sector (B2G) and commercial (B2B) environments.

If you’re open to exploring, I’d be happy to share a brief overview of the role and why I believe it aligns well with your background.

Looking forward to hearing your thoughts.

I didn’t bother to reply to the second email from the fake recruiter, or to notify the real recruiter of the second email.

Eventually I received a reply to my first email early Wednesday morning…oddly enough, indicating that the fake was in the Pacific Time Zone, not Europe. (Note to scammers: change your computer and software settings so that your time zone matches the time zone of the person you’re impersonating.)

Here’s how the reply began:

Thank you for your message here—and I did see your note on LinkedIn as well. Apologies for the slight delay in getting back to you, I was tied up attending to a few things earlier.

Yeah, sure you saw my LinkedIn InMail.

Anyway, forget about the scammer. Let’s look at the real recruiter.

Concerns about the real recruiter

As I mentioned, the real recruiter has a personal LinkedIn profile and a Gmail address.

And that’s it.

  • I couldn’t find a LinkedIn company page for her consulting company.
  • A couldn’t find a website for her consulting company.
  • In fact, the ONLY reference I found to her consulting company was her personal LinkedIn page.

And that’s a problem.

The fact that she has no LinkedIn posts and no LinkedIn recommendations is another.

Now I’ll grant that many consultants get their business from word-of-mouth. Bredemarket certainly does.

But the only publicly-known way to contact THIS consultant is via email or LinkedIn InMail.

And as of now she hasn’t checked her InMail in over 12 hours.

What if she were to lose access to her LinkedIn account?

If you’re an independent recruiting consultant, own your own website, and don’t depend upon someone else’s social platform.

That’s one reason why Bredemarket offers several ways to reach me, most importantly the contact mechanisms available on my own website, free of the control of Microsoft, Meta, or any other company that could yank my access at the drop of a hat.

But there are others.

Bredemarket’s active platforms as of March 29, 2026.

So if you have content or other needs…such as the need to create content to publicize your recruiting consultancy…why don’t you talk to me?

Bredemarket Social Focus, March 29, 2026

After a month, I expanded things a bit.

Bredemarket is focusing on the channels that matter:

As of March 29

And no, the unsubscribable Instagram is not in my current mix.

The Wildebeest Speaks On Tactics vs. Strategy

So I finally wrote my new edition of my LinkedIn newsletter The Wildebeest Speaks—“On Types of Expertise”—on March 11.

And then found a spelling error on March 12.

Now if this had been client work, I would have quietly fixed it and went on my merry way.

But I’m more transparent when I’m writing for myself.

So rather than quietly correcting the error, I publicly did so.

The Wildebeest Re-speaks.

In addition to preserving my transparency, the episode allowed me to illustrate the difference between tactics and strategy.

When a writer misspells the word “tactical” in an article and freely admits making the error, this is a tactic…not a strategy.

What is the Difference Between “Bredemarket Identity Firm Services” and “Bredemarket”?

I’m putting myself in the shoes of someone reading stuff on LinkedIn or Facebook.

  • At one point, the reader may encounter a reference to “Bredemarket.”
  • At another point, the reader may encounter a reference to “Bredemarket Identity Firm Services.”

Are “Bredemarket” and “Bredemarket Identity Firm Services” two separate entities?

No.

They overlap.

So if your specific interest is biometrics, or secure documents, or other identity factors, visit Bredemarket Identity Firm Services.

If your interests are more general (such as product marketing), visit Bredemarket.

When We Trust No One: Did Substack REALLY Say It Was Breached?

When you’ve been around long enough, zero trust is an attitude, not a technology. Which is how I reacted when I received an email from Substack yesterday and questioned whether it was REALLY from Substack.

The email

How many of you received this email yesterday?

Hello,

I’m reaching out to let you know about a security incident that resulted in the email address and phone number from your Substack account being shared without your permission.

I’m incredibly sorry this happened. We take our responsibility to protect your data and your privacy seriously, and we came up short here.

What happened. On February 3rd, we identified evidence of a problem with our systems that allowed an unauthorized third party to access limited user data without permission, including email addresses, phone numbers, and other internal metadata. This data was accessed in October 2025. Importantly, credit card numbers, passwords, and financial information were not accessed.

What we are doing. We have fixed the problem with our system that allowed this to happen. We are conducting a full investigation, and are taking steps to improve our systems and processes to prevent this type of issue from happening in the future.

What you can do. We do not have evidence that this information is being misused, but we encourage you to take extra caution with any emails or text messages you receive that may be suspicious.

This sucks. I’m sorry. We will work very hard to make sure it does not happen again.

– Chris Best, CEO of Substack

My reaction

My jaded reaction?

“Yeah, right.”

Yes, the email came from “Substack Standards & Enforcement” at security@substack.com, but such emails can be faked, and a few months ago I received an email processed by Substack’s servers that was NOT sent by the Substack account owner.

So last night I went to Substack’s own Substack account @substack to see what it said about the matter.

At the time…nothing.

As far as I was concerned, my email and phone number MAY have been breached, or maybe not. Perhaps some nefarious actor was trying to make Substack look bad.

So I forgot about it.

The article

This morning I revisited the issue to see if any reputable organizations had written about it. Not finding a Washington Post article, I turned to TechCrunch. (I’ve been reading TechCrunch since the Arrington days.)

Newsletter platform Substack has confirmed a data breach in an email to users.

So TechCrunch relied on the same information I had. There was no indication that TechCrunch had reached out to Substack directly to confirm the authenticity of the email.

Then again, TechCrunch printed its article at 6:55 am PST, and it was still up an hour later at 8 am. If the email had been a scam, Substack would have contacted TechCrunch immediately.

So I guess the story is legit.

Three ways to inform users of a breach

The story goes well beyond Substack, since sites are breached all the time. As far as I’m concerned, the issue isn’t “if,” but “when.”

(And yes I’m looking at you, all Workday-using sites that set the app to require account creation. How will you respond when a jobseeker asks you how you will protect their data WHEN your site is breached?)

There are three ways to inform your users of a breach.

[Bitdefender] surveyed over 400 IT and security professionals who work in companies with 1,000 or more employees. Bitdefender found that 42% of IT and security professionals surveyed had been told to keep breaches confidential — i.e., to cover them up — when they should have been reported.

Perhaps even more shockingly, 29.9% of respondents admitted to actually keeping a breach confidential instead of reporting it.

  • Minimally inform them. What I’m calling the Substack method, where a breach is publicized via one easily-spoofed channel, and not on the platform itself.
  • Powerfully inform them. The KnowBe4 method, in which KnowBe4 confirmed on multiple platforms that a North Korean had successfully secured employment with the firm.

How will YOUR firm respond when you are breached?

And So the Scam Begins

I’ve previously noted that one possible sign of a scammer is when they don’t initiate a LinkedIn connection to you, but instead want you to initiate a LinkedIn connection to them. When a scammer is scamming, they can’t blow through a few thousand connection requests every day, so it’s better if the victims initiate the connection request themselves.

I immediately thought of this when I received an email from a Gmail account to one of my odd accounts entitled “Thinking of connecting.”

Um…why not just do it?

Here’s the text with the scammer’s alleged name changed:

“I saw your profile on LinkedIn and wanted to say hello. I’m Melania.

“I’ve always been interested in learning about different professional paths. This is just a friendly intro for the start of the week—no expectations on my end.”

Obviously I didn’t respond. Because I have no idea who the Gmail account holder REALLY is.

A day later, I received a second message that included the following:

“Things are actually pretty smooth and manageable on my end as the Operations Manager at Estée Lauder, so I’ve had some extra time to catch up with my network. I’d love to hear how your side of the world is treating you whenever you have a moment.”

Again, I didn’t respond. I didn’t even ask for “Melania’s” Estee Lauder email address (again, the emails are from a Gmail account).

Then we got to day three. Remember how Melania said she had viewed my LinkedIn profile? This was the next question she asked:

“Is it snowing where you are?”

Obviously she hadn’t read anything, and I was getting bored, so I blocked her from all email addresses.

Which is Harder: Know Your Employer, or Know Your Employee?

Of all the KYx acronyms (Know Your Customer, Know Your Business, etc.), two that interest LinkedIn users are Know Your Employer and Know Your Employee. How do you fight fraudulent employers and employees? And how do your prospects learn about your fraud fighting?

Read my latest article on LinkedIn in The Wildebeest Speaks: “Which is Harder: Know Your Employer, or Know Your Employee?

Google Gemini.