Agree & Join LinkedIn
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
Create your free account or sign in to continue your search
or
New to LinkedIn? Join now
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
If customers want cybersecurity vendors to solve a problem, it should be clear how to market the solution. Unfortunately, too many vendors are marketing something buyers really don’t care about.
Check out this post by Patrick Garrity 👾🛹💙 of VulnCheck for the discussion that is the basis of our conversation on this week’s episode, co-hosted by David Spark , the producer of CISO Series, and Steve Zalewski . Joining them is Tom Doughty , CISO, Generate:Biomedicines . Huge thanks to our sponsor, Alteryx .
In a crowded landscape, vendors need to show where and how they deliver value. Faruk U. of CyberSkillsHub Cybersecurity Training offered a framework for sharpening that clarity: “For tight product+marketing fit, use the 3Ms: Moment (where in the kill chain), Metric (MTTR, false positive rate, exposure), Motion (first click to value). If any M is fuzzy, sharpen the product or story.” But adding AI to a product doesn’t automatically create that clarity. Marcel Velica of Eventbrite pushed back on superficial AI integration, noting that “every new startup or board and founder looks like they’re just sprinkling some LLM fairy dust on top of their app and pitching it like it’s magic. Implementation isn’t just about adding AI to your roadmap and thinking your product is done. It’s about owning the complexity that comes with putting it in front of real users, with real expectations, in real time.”
The cynical reality is that buzzword-heavy marketing often outperforms substance-driven pitches, and there’s a reason for that. “Almost always, the people with the purchasing power are uninformed and easily swayed by buzzwords, which is why they work. Moreover, they work better in most cases than selling on actual capability (see, for example, every company racing to adopt Agentic AI for everything),” confessed Nick Carroll of Zscaler . He added that “you’re usually not selling to the people who truly understand the problem space. Rather, you’re selling to people who think they know far more than they do, and those are the people for whom buzzwords are impressive.” Paolo D. of PRIAM CYBER AI has seen this dynamic shift in vendor messaging in real time, saying, “When we started, we didn’t call ourselves any of those names, and we didn’t advert ourselves as such, but now… the first thing they ask is ‘are you agentic-based?'”
External financial pressures push cybersecurity companies toward messaging that pleases investors rather than resonates with practitioners. Thomas Griffiths of TrendAI argued it undermines the credibility of the industry, saying, “It’s a sad reality when blind, investor-pleasing strategies dictate messaging and customer engagement. This reckless approach undermines authenticity and poorly reflects the principles most cybersecurity professionals uphold.” Steve Berkholz of HIROTEC AMERICA, Inc. captured buyer frustration with that dynamic. “We also don’t care how much funding you raised in series 1, 2, etc. We are buying products, not stocks. If you talk more about funding than you talk about what your product does, I’ll just pass you by.”
Marketing cybersecurity solutions involves navigating constraints that few other industries face. Jennifer E. Tisdale of Upstream Security laid out why the role is so challenging: “The hardest job in cybersecurity is marketing. First, cyber/AI/data is a non-visual, abstract concept with layers of meaning and audience variations that are near impossible to capture in a one-pager or sentence. Secondly, they’re often limited by NDAs or by what you should/shouldn’t say to avoid negative perception by desired customers. Damned if you do, damned if you don’t situation.” Her conclusion? “Every tech company needs better storytellers to add to marketing and sales. But marketing, on its own, is a tough gig. Much respect to those tasked with the job.”
Please listen to the full episode on your favorite podcast app, or over on our blog, where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now. Listen to the full episode here.
Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type “Defense in Depth” into your favorite podcast app.
Join us Friday, January 30, 2026, for “Hacking Employee Retention: An hour of critical thinking about how to keep and develop your talent.”
It all begins at 1 PM ET/10 AM PT TOMORROW with guests Andy Ellis , principal, Duha , and Peter H. Gregory , best-selling cybersecurity author. We’ll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we’ll do our meetup.
Register now
You’ve listened to the CISO Series Podcast for years, but if you’ve never joined us for a live show, you haven’t gotten the full experience. We’ll be recording an episode on March 3, 2026, at the Convene conference hosted by the National Cybersecurity Alliance . You’ve got to join us for the fun! Joining host David Spark on stage will be Jason Mayor , deputy CISO at Raymond James Financial , and Pam Lindemoen , CSO and vp of strategy at Retail & Hospitality ISAC . Everything else you need to know can be found here. Huge thanks to our sponsors, Adaptive Security , KnowBe4 , and Zepo Intelligence .
If you’re interested in attending, get your tickets here. Use code CISOPodcast for 15% off!
Our monthly AMA on r/cybersecurity on Reddit has begun! Our topic is “I had my budget cut and still reduced risk. Ask Me Anything.”
For this edition, we’re focusing on a challenge many security leaders face: reducing risk even when budgets are cut. Our panel will share how they managed to keep risk down despite having fewer resources. They’ll discuss what strategies worked, what didn’t, and how to prioritize security when money is tight.
Please ask questions for our participants here.
This month’s participants are:
- Gary Hayslip, (u/Shaynei), vp, senior security advisor, Halcyon
- David B. Cross, (u/MrPKI), CISO, Atlassian
- Nick Espinosa, (u/NickAEsp), host, The Deep Dive Radio Show
- Will Gregorian, (u/wgregorian), former senior director, technology operations and security, Galileo Medical
- Edward Frye, (u/krypt0_ed), head of security, Luminary Cloud
- Dan Walsh, (u/Security_few_sense), CISO, Datavant
Thanks to all of our participants for contributing!
Our LIVE stream of The Department of Know happens every Monday at 4 PM ET / 1 PM PT with CISO Series producer Richard Stroffolino , and a panel of security pros. Each week, we bring you the cybersecurity stories that actually matter, and the conversations you’ll be having at work all week long.
Monday’s episode featured Jason Shockey , CISO, Cenlar FSB , and Krista Arndt , associate CISO, St. Luke’s University Health Network . Missed it? Watch the replay on YouTube and catch up on what’s shaping the week in security. Thanks to our Cybersecurity Headlines sponsor, Conveyor .
Join us again next week, and every Monday.
Subscribe to the CISO Series YouTube channel, for daily shorts videos from CISO Series reporter, Rich Stroffolino. You can find all of the stories he’s covered, plus new content every weekday, at the Cybersecurity Headlines Shorts YouTube playlist.
- “The US just pulled out of three major cyber coalitions. Thoughts on the fallout?” (More here)
- “Researchers found a single-click attack that turns Microsoft Copilot into a data exfiltration tool” (More here)
- “The “SECURITY BEST PRACTICE” you stopped believing in after working a real job…” (More here)
- [01-30-26] “Hacking Employee Retention”
- [02-06-26] “Hacking Analyst Happiness”
Save your spot and register for them all now!
We love all kinds of support: listening, watching, contributions, What’s Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!
Everything is available at cisoseries.com.
Interested in sponsorship, contact me, David Spark.
Oh got to listen to the discussion on AI marketecture!
To view or add a comment, sign in
Today on CISO Series..
Please join us on Friday, January 30, 2026 for Super Cyber Friday. Our topic of discussion will be “Hacking Employee…
Today on CISO Series..
Every CISO will tell you that resilience is the goal of any security program. But how can we be resilient when every…
Today on CISO Series..
In this episode, Peter J Worth Jr, founder, president, and CEO at Athena Security Group, LLC, explains how their…
Today on CISO Series..
In our last Super Cyber Friday, “Hacking Past Mistakes: An hour of critical thinking about what we can do better in…
Today on CISO Series..
LLMs are really good at generating output that looks acceptable. That doesn’t mean it’s correct.
