- Audience 1st
- Posts
- Building a False Sense of Trust vs. Trusted Advisor Status
Building a False Sense of Trust vs. Trusted Advisor Status
The way you build trust can take you in different directions: down a destructive path of ruined reputation or up a rewarding road of unlimited relationships and referrals. What do you choose?
Dani Woolf
30 Jun • Read Time: 9 minutes
When it comes to cybersecurity sales and marketing, there’s one thing you can’t shortcut: trust.
As Joshua Marpet, CEO of MJM Growth, sees it, trust isn’t just a “nice-to-have” in the buyer relationship—it’s the foundation that can either elevate your brand or completely destroy it.
Building trust isn’t about quick wins.
It’s about developing long-term, meaningful relationships that are rooted in honesty, credibility, and genuine value.
In my conversation with Josh, it became clear that trust is both a critical goal and a fragile resource.
In the cybersecurity industry, trust can take you one of two ways: towards a path of lasting relationships and referrals or down a destructive road of burned bridges and ruined reputations.
The direction you take depends on how well you understand and nurture that trust.
POLL: What’s the most critical factor for building trust with security practitioners? |
Before we dive in, don’t forget to subscribe to join 1700+ cybersecurity marketers and sales pros mastering customer research. You’ll get notified whenever a new episode and buyer insights summary drops.
Who is Joshua Marpet?
Currently serving as the Executive Director of GuardedRisk, Josh specializes in security and compliance for law firms, insurance companies, and data processors.
His career spans nearly three decades, during which he has held numerous leadership positions and made significant contributions to the cybersecurity community.
As an internationally recognized digital forensics expert, Josh has tackled complex issues ranging from government corruption to protecting mission-critical data.
His expertise extends to risk management, executive communications, and emerging technologies like blockchain and cryptocurrency.
Josh is a frequent speaker at major information security conferences, including Black Hat, RSA, and DEF CON.
He has been honored as one of the Top 10 Most Influential People in the BSides Movement and serves on the boards of BSides DC and BSides DE.
His innovative thinking is evident in his pending patent for a blockchain-based system to store forensic data with a perfect chain of custody.
Before his current role, Josh held positions such as SVP of Compliance and Managed Services at CyberGRC, CEO of BiJoTi, and Senior Information Security Risk Analyst at the Federal Reserve Bank of Philadelphia.
His unique background also includes experience as a police officer, firefighter, and even a historical blacksmith.
Josh's commitment to education is reflected in his role as a faculty member for IANS and his past experience as an adjunct instructor at various universities.
He holds a BA in Psychology, Psychopharmacology, and Statistics from Fairleigh Dickinson University, along with several industry certifications.
Known for his candid approach and ability to tackle complex security challenges, Joshua Marpet continues to be a respected and influential figure in the cybersecurity landscape
Pro Tip for Connecting with Josh
Josh has no patience for spin. Be clear about what your product can and cannot do. Avoid hype; he respects transparency.
Josh dislikes scare tactics. He’s seen it all and values education over fear-mongering. Focus on offering insights or case studies that solve real problems without the drama.
Sales are secondary for Josh; he’s all about meaningful, long-term relationships. Start with genuine help or advice before pitching your product.
Generic messaging won’t work. Josh appreciates when vendors understand his business. Reference his specific needs and challenges in your outreach.
He’s unimpressed by jargon. Josh wants to know how your solution fits into his operations. Present your product in clear, business-focused terms.
Josh is wary of big promises. Be ready to prove your product’s capabilities. Bring data or case studies that show real results.
Josh dislikes vendors who disappear after closing a deal. Maintain contact and offer ongoing support to build lasting trust.
Insights and Key Takeaways
The Death of FUD: Educate, Don’t Intimidate
Insight: Fear, uncertainty, and doubt (FUD) tactics are ineffective in today’s security landscape. Buyers are now looking for vendors who provide clarity, not fear.
Gone are the days when scare tactics could drive a sale.
CISOs are exhausted by FUD-based marketing campaigns that leverage fear to create urgency.
Today, they are more skeptical than ever and expect marketers to offer educational insights that help them make informed decisions.
Scaring someone into buying a product might result in a one-time sale, but it certainly won't build a lasting relationship.
“The echo chamber effect of security is not easy…FUD is just, everybody's jaded to FUD, man. And we're done with that.”
Stop Selling Shiny Objects: Focus on Business Outcomes
Insight: CISOs want real solutions that address business problems, not overpromised, feature-laden tools.
The days of promoting security tools as “silver bullets” are over.
Josh emphasizes that modern CISOs—many of whom come from management, not purely technical backgrounds—are less interested in flashy features and more focused on how tools align with business goals.
This means marketers need to shift from showcasing features to demonstrating measurable outcomes that impact the organization’s bottom line.
“The shiny and the scary don't sell anymore…CISOs today are business-focused, and if they're not, they're not a CISO.”
Building Trust Takes Time: The Long Game of Marketing
Insight: Real trust is developed over time through consistent, honest engagement—not through quick, transactional sales tactics.
Many vendors aim for short-term wins, but in the cybersecurity industry, trust is earned over time.
Josh stresses that vendors who are only interested in short-term sales are unlikely to succeed. Building trust involves being clear about what your product can and can’t do, consistently providing value, and showing genuine care for the customer’s problems.
Vendors should focus on relationship-building and knowledge-sharing, not just selling.
"So many companies are only in it for the short sale right now. This is a long game."
The Importance of Marketing-Led Organizations
Insight: Organizations driven by marketing—rather than sales or engineering—are better positioned to adapt to customer needs and deliver real value.
Josh firmly believes that marketing-led organizations are more successful than sales- or engineering-led ones because they focus on listening to customer feedback and adapting their offerings accordingly.
Sales-led organizations often overpromise, while engineering-led teams may delay launches to perfect products.
The secret to success lies in asking customers what they need, building it, and then selling it. This approach not only builds trust but also aligns product development with market demands.
"The only one that profits is a marketing-led organization…Because a marketing-led organization asks customers and prospects, ‘What do you want?’"
Avoiding the Echo Chamber: Engage Honestly and Authentically
Insight: The cybersecurity industry often falls into an echo chamber, where fear and hype dominate the conversation. Real engagement requires breaking away from this cycle.
Josh points out that the industry often repeats the same messages, creating an insular, self-reinforcing environment.
To break this cycle, vendors must engage authentically, listen actively, and approach CISOs with genuine curiosity and a willingness to help.
This not only helps vendors understand the actual needs of their buyers but also creates a two-way dialogue that builds trust and credibility.
“The insularness…the echo chamber effect of security is not easy.”
Hacker Conferences vs. Suit Conferences: Know Your Audience
Insight: Different conferences require different engagement strategies, so know your audience and adjust your approach accordingly.
Josh distinguishes between “hacker” conferences and “suit” conferences, highlighting that each requires a unique approach.
Hacker conferences are about learning, exploring, and connecting, while suit conferences focus more on business and deals.
Marketers need to tailor their content and demos based on the type of event, ensuring they provide relevant value and build genuine relationships.
“Hacker conferences are where I go to learn what’s gonna scare me this year. Suit conferences are more about how to sell or present things.”
My Final Thoughts
If there’s one takeaway from this conversation, it’s that trust and transparency are everything. In an industry flooded with tools and promises, what truly sets vendors apart is their ability to build meaningful relationships, provide real value, and keep their word.
Trust takes time, and it’s earned through consistency, honesty, and a willingness to educate rather than scare.
If you want to succeed in cybersecurity marketing, you must play the long game, focus on building knowledge and trust, and avoid the temptation to take shortcuts.
Remember, it’s not just about selling a product; it’s about being a reliable partner who genuinely cares about solving real problems.
Until next time,
Dani
Subscribe to Audience 1st Podcast Newsletter
Thanks for reading! If you like summaries like this, subscribe to Audience 1st Podcast Newsletter to get notified whenever a new episode drops.
Excited to collaborate? Let’s make it happen!
Check out our sponsorship details to connect with real security practitioners and showcase your brand to an engaged community of cybersecurity decision-makers giving and seeking real buyer insights.
Reply