That title is from a quote from Thomas J Watson, the founder of IBM. And it's one of those statements that many of us try our hardest to ignore: we think that we can start by building an incredible product and THEN worry about selling. (It's the W.P. Kinsella strategy - if we build it, they will come)
This relates back to my rant about User Awareness Training, and most specifically around the tying of security awareness training to marketing. Alex, in his usually clear style, drives home a lot of the ideas about how awareness is a marketing function on his blog, but very few have thought about the other side of the marketing coin.
When I asked a friend of mine about how marketing success is measured recently, she said: "sales increase."
In security, we're obviously not selling product when we're doing user awareness training. But we are selling the increase in security of the enterprise. And we can design metrics that can show us whether or not what we're doing is actually working. That's the real key to the success of awareness training: knowing what success is, and measuring whether you're getting closer or farther away from success with each step.