If customers want cybersecurity vendors to solve a problem, it should be clear how to market the solution. Unfortunately, too many vendors are marketing something buyers really don’t care about.
Check out this post by
Patrick Garrity 👾🛹💙
of
VulnCheck
for the discussion that is the basis of our conversation on this week’s episode, co-hosted by
David Spark
, the producer of CISO Series, and
Steve Zalewski
. Joining them is
Tom Doughty
, CISO,
Generate:Biomedicines
. Huge thanks to our sponsor,
Alteryx
.
The 3Ms of product clarity
In a crowded landscape, vendors need to show where and how they deliver value.
Faruk U.
of
CyberSkillsHub Cybersecurity Training
offered a framework for sharpening that clarity: “For tight product+marketing fit, use the 3Ms: Moment (where in the kill chain), Metric (MTTR, false positive rate, exposure), Motion (first click to value). If any M is fuzzy, sharpen the product or story.” But adding AI to a product doesn’t automatically create that clarity.
Marcel Velica
of
Eventbrite
pushed back on superficial AI integration, noting that “every new startup or board and founder looks like they’re just sprinkling some LLM fairy dust on top of their app and pitching it like it’s magic. Implementation isn’t just about adding AI to your roadmap and thinking your product is done. It’s about owning the complexity that comes with putting it in front of real users, with real expectations, in real time.”
Buzzwords work because buyers aren’t experts
The cynical reality is that buzzword-heavy marketing often outperforms substance-driven pitches, and there’s a reason for that. “Almost always, the people with the purchasing power are uninformed and easily swayed by buzzwords, which is why they work. Moreover, they work better in most cases than selling on actual capability (see, for example, every company racing to adopt Agentic AI for everything),” confessed
Nick Carroll
of
Zscaler
. He added that “you’re usually not selling to the people who truly understand the problem space. Rather, you’re selling to people who think they know far more than they do, and those are the people for whom buzzwords are impressive.”
Paolo D.
of
PRIAM CYBER AI
has seen this dynamic shift in vendor messaging in real time, saying, “When we started, we didn’t call ourselves any of those names, and we didn’t advert ourselves as such, but now… the first thing they ask is ‘are you agentic-based?'”
Investor pressures distort messaging
External financial pressures push cybersecurity companies toward messaging that pleases investors rather than resonates with practitioners.
Thomas Griffiths
of
TrendAI
argued it undermines the credibility of the industry, saying, “It’s a sad reality when blind, investor-pleasing strategies dictate messaging and customer engagement. This reckless approach undermines authenticity and poorly reflects the principles most cybersecurity professionals uphold.”
Steve Berkholz
of
HIROTEC AMERICA, Inc.
captured buyer frustration with that dynamic. “We also don’t care how much funding you raised in series 1, 2, etc. We are buying products, not stocks. If you talk more about funding than you talk about what your product does, I’ll just pass you by.”
Threading the needle
Marketing cybersecurity solutions involves navigating constraints that few other industries face.
Jennifer E. Tisdale
of
Upstream Security
laid out why the role is so challenging: “The hardest job in cybersecurity is marketing. First, cyber/AI/data is a non-visual, abstract concept with layers of meaning and audience variations that are near impossible to capture in a one-pager or sentence. Secondly, they’re often limited by NDAs or by what you should/shouldn’t say to avoid negative perception by desired customers. Damned if you do, damned if you don’t situation.” Her conclusion? “Every tech company needs better storytellers to add to marketing and sales. But marketing, on its own, is a tough gig. Much respect to those tasked with the job.”
Please listen to the full episode on your favorite podcast app, or over on our blog, where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now. Listen to the full episode here.
Huge thanks to our sponsor, Alteryx
Subscribe to Defense in Depth podcast
Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type “Defense in Depth” into your favorite podcast app.
Join us TOMORROW, Friday [01-30-26], for “Hacking Employee Retention”
Join us Friday, January 30, 2026, for “Hacking Employee Retention: An hour of critical thinking about how to keep and develop your talent.”
It all begins at 1 PM ET/10 AM PT TOMORROW with guests
Andy Ellis
, principal,
Duha
, and
Peter H. Gregory
, best-selling cybersecurity author. We’ll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we’ll do our meetup.
PREVIEW: CISO Series Podcast LIVE in Clearwater, FL 3-3-26
You’ve listened to the CISO Series Podcast for years, but if you’ve never joined us for a live show, you haven’t gotten the full experience. We’ll be recording an episode on March 3, 2026, at the Convene conference hosted by the
National Cybersecurity Alliance
. You’ve got to join us for the fun! Joining host David Spark on stage will be
Jason Mayor
, deputy CISO at
Raymond James Financial
, and
Pam Lindemoen
, CSO and vp of strategy at
Retail & Hospitality ISAC
. Everything else you need to know can be found here. Huge thanks to our sponsors,
Adaptive Security
,
KnowBe4
, and
Zepo Intelligence
.
If you’re interested in attending, get your tickets here. Use code CISOPodcast for 15% off!
Huge thanks to our sponsors, Adaptive Security, KnowBe4, and Zepo
Reddit ‘Ask Me Anything’ – January 2026
Our monthly AMA on r/cybersecurity on Reddit has begun! Our topic is “I had my budget cut and still reduced risk. Ask Me Anything.”
For this edition, we’re focusing on a challenge many security leaders face: reducing risk even when budgets are cut. Our panel will share how they managed to keep risk down despite having fewer resources. They’ll discuss what strategies worked, what didn’t, and how to prioritize security when money is tight.
Please ask questions for our participants here.
This month’s participants are:
Gary Hayslip, (u/Shaynei), vp, senior security advisor,
Halcyon
David B. Cross, (u/MrPKI), CISO, Atlassian
Nick Espinosa, (u/NickAEsp), host, The Deep Dive Radio Show
Will Gregorian, (u/wgregorian), former senior director, technology operations and security, Galileo Medical
Edward Frye, (u/krypt0_ed), head of security, Luminary Cloud
Dan Walsh, (u/Security_few_sense), CISO, Datavant
Thanks to all of our participants for contributing!
Cybersecurity Headlines – Department of Know
Our LIVE stream of The Department of Know happens every Monday at 4 PM ET / 1 PM PT with CISO Series producer
Richard Stroffolino
, and a panel of security pros. Each week, we bring you the cybersecurity stories that actually matter, and the conversations you’ll be having at work all week long.
Monday’s episode featured
Jason Shockey
, CISO,
Cenlar FSB
, and
Krista Arndt
, associate CISO,
St. Luke’s University Health Network
. Missed it? Watch the replay on YouTube and catch up on what’s shaping the week in security. Thanks to our Cybersecurity Headlines sponsor,
Conveyor
.
Join us again next week, and every Monday.
Thanks to our sponsor, Conveyor
Cybersecurity Headlines – Daily News Shorts
Subscribe to the CISO Series YouTube channel, for daily shorts videos from CISO Series reporter, Rich Stroffolino. You can find all of the stories he’s covered, plus new content every weekday, at the Cybersecurity Headlines Shorts YouTube playlist.
Jump in on these conversations
“The US just pulled out of three major cyber coalitions. Thoughts on the fallout?” (More here)
“Researchers found a single-click attack that turns Microsoft Copilot into a data exfiltration tool” (More here)
“The “SECURITY BEST PRACTICE” you stopped believing in after working a real job…” (More here)
Coming up in the weeks ahead on Super Cyber Friday:
[01-30-26] “Hacking Employee Retention”
[02-06-26] “Hacking Analyst Happiness”
Save your spot and register for them all now!
Thank you for supporting CISO Series and all our programming
We love all kinds of support: listening, watching, contributions, What’s Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!
Everything is available at cisoseries.com.
Interested in sponsorship, contact me, David Spark.