Book a Strategy Call

The Process

Most content teams are still treating AEO like SEO with a new acronym. It isn't, and the difference matters more than people realize.

In SEO, a keyword has one SERP. Ten blue links, roughly the same for everyone, roughly stable across time. That's why keyword-first content works as a model: optimize once, rank once, harvest the traffic.

AEO is not that. Two people typing the same question into ChatGPT get two different answers — shaped by their chat history, their company, the documents they've uploaded, the model's memory of past conversations. The same person asking the same question on a Tuesday and a Friday can get different answers. There is no "rank #1." There is only "did the model pull from your content when this specific person asked this specific question in this specific context."

Which means content has to be written with surgical specificity to a single ICP's actual situation. Not generic best-practices that could apply to any cybersecurity company at any stage. Specific pain points, named tools, named workflows, named decisions. The kind of writing AI synthesizes from when it's trying to give a useful answer.

Most cybersecurity content fails this test. It's written for everyone, which means it gets cited for no one.

I work with a small number of cybersecurity companies — usually two or three at a time — as their outsourced content strategist. There isn't a service menu. There's one engagement, with components, and it's the same engagement whether you're a Series A startup or a public security vendor.

Here's what it actually looks like.

On-site: the content library

The core of the work is building the content library on your own domain — a deliberate map of every angle of your product where an AI engine could potentially cite you.

That map is broader than most content teams realize. It covers your categories. Your specific use cases. The pain points your product solves and for whom. The features that matter and when they matter. Your differentiators against named competitors. The scenarios your sales team has to navigate in real deals. And the case studies that prove you've delivered the outcome a buyer is currently asking an AI about.

Most cybersecurity content teams aren't producing this. They're shipping intro guides and thought-leadership posts pegged to keyword volume. But when a security buyer asks ChatGPT or Claude "what's the best way to handle Kubernetes drift in a regulated environment," no model is going to recommend a brand whose only content is a 101-level explainer on Kubernetes security. It's going to recommend the brand with detailed, sales-conversation-depth content on that exact scenario.

That's the bar I write at — depth of a sales call, not an intro guide.

Three things go into every piece.

The first is topic mapping. Before any article gets written, I map your full universe of content angles: categories, use cases, ICPs, competitors, customer pain points, the specific scenarios where your product wins. The deliverable is a working document — what content exists, what's missing, what to build next, and what order to build it in.

The second is original research. I start with interviews — with your engineers, your DevSecOps leads, your threat researchers, the people who get paged when something breaks at 2am. I mine sales calls and customer interviews for the language your buyers actually use to describe their problem. Articles gets written from that corpus.

The third is practitioner-level depth. The simple test most cybersecurity content fails: could the person who wrote this actually do the job they're writing about? Mine pass. If a senior DevSecOps engineer wouldn't forward it to their team in Slack, it goes back for another round.

Comparison content — "X vs Y," "alternatives to Z," "best tool for [specific job]" — is one part of this. So are technical deep-dives, scenario-specific guides, ICP-specific landing pages, and case studies. The mix depends on what your topic map exposes as the highest-leverage gaps.

Most content teams are still treating AEO like SEO with a new acronym. It isn't, and the difference matters more than people realize.

Off-site: where most cybersecurity brands are invisible

Most content teams miss this: AI doesn't only pull from your domain.

When ChatGPT or Claude answer a buying-stage question about cybersecurity, they're synthesizing from Reddit threads, comparison reviews, podcast transcripts, Hacker News comments, engineering forums, LinkedIn posts, Medium articles, and the long tail of independent blogs. A brand that's only loud on its own domain stays invisible where AI actually pulls from.

The off-site layer of the engagement covers this. It has two parts.

The first is executive thought leadership. Your CEO, CTO, and security leads sit on a goldmine of original thinking — hard-won perspectives on where the industry is heading, opinions too specific for any LLM to generate on its own. I extract that thinking through structured conversations and shape it into long-form LinkedIn and Medium pieces under their byline. Not ghostwritten corporate filler. The kind of post that makes a CISO's DMs light up.

The second is citation outreach. I identify the off-site venues — independent blogs, industry roundups, comparison sites, niche publications — where your category is being discussed, and place original commentary or get your work cited in their coverage. This is slow work. It's also the most underrated lever in AEO right now, because almost no one is doing it deliberately.

Together, on-site and off-site is what builds the actual citation footprint AI engines reach for.

What this isn't

I'm not a content factory. I'm not going to ship you 30 articles a month, and if that's what you need, I'm not the right fit.

I don't do thin SEO content optimized for keyword volume. I don't do AI-generated blog spam dressed up as a content strategy. I don't run a ghostwriter pool for your executives that produces two LinkedIn posts a day at the cost of any actual point of view.

Most AI-generated content scrapes the top ten articles on a topic, blends them into something that reads like a confident average of everything that already exists, and ships. Generic, defensible, citation-worthy of nothing. I've done that work earlier in my career — I'm not pretending I haven't. I know exactly how cheap it is to produce and exactly why it stops working the moment AI can do the same thing in twelve seconds.

The methodology is deliberately slow upstream — interviews, research, primary sourcing — so that the output downstream is fast, specific, and citation-worthy. There's no version of this that scales by hiring more writers.

Who this is for

This works best for cybersecurity companies that have a technical buyer (CISOs, DevSecOps engineers, platform security leads) who reverse-engineers marketing in seconds. Companies whose product is complex enough that "more blog content" isn't the answer. Companies with an executive team willing to spend 30 minutes a month on interviews so the content has something to say.

If you're looking for awareness blogs at scale, link velocity, or any other vanity content metric, I'm not the right fit. Saying so up front saves us both time.

How an engagement starts

The first conversation is a call. We figure out whether the methodology fits what you're trying to do.

If it does, the next step is usually a paid audit — I look at your existing content, your competitor citations, and where you currently show up (or don't) in AI answers across ChatGPT, Claude, and Google AI Overviews. The audit is delivered as a strategy document, and after that we either continue into a full engagement or we don't.

There's no proposal cycle, no SOW back-and-forth, no monthly minimums. It's a working relationship or it's nothing.

If any of this sounds like the kind of content marketing you've been trying to find, let's talk.

Book a call