• Audience 1st
  • Posts
  • The Best of 23 Cybersecurity Buyer Interviews from 2022

The Best of 23 Cybersecurity Buyer Interviews from 2022

To wrap up 2022, I compiled the best nuggets from all 23 interviews I had with cybersecurity buyers from March to date. They did not hold back. And neither did I.

When I first started the Audience 1st Podcast back in March, I created it as a tool for myself to better learn about the audiences that I wanted to engage and persuade.

Little did I know it would resonate so well with the cybersecurity community—both from the practitioner side and the go-to-market and business side.

So, I want to THANK all of my loyal followers, 1700+ strong and growing within the A1 community and newsletter, 15,000+ strong in the social networks.

And to my awesome guests, who took time out of their busy schedules to tell me the brutally honest truth.

Why? So that I and WE can get better at how we engage, persuade, and acquire and retain customers in this complex industry.

These past 9 months have been one large curation exercise of buyer interviews.

To wrap up 2022, I compiled the best nuggets from all 23 interviews I had with cybersecurity buyers from March to date. They did not hold back. And neither did I.

So, enjoy! And you're welcome.

Before we dive in, don’t forget to subscribe to join 1700+ cybersecurity marketers and sales pros mastering customer research. You’ll get notified whenever a new episode and buyer insights summary drops.

Allan Alford

"A huge percentage of vendors jumps on this ambulance chasing bandwagon. And I hate it."

Brutally honest words from Allan Alford, Former CISO & CTO of TrustMAPP.

When approaching your marketing strategies and tactics, particularly your messaging, it's best to just stick with the basics and the fundamentals.

There is this constant need to overcomplicate with so many terms to stand out against the competitor, using negative press and ambulance-chasing to get the attention of the security practitioner.

I recently had a brutally honest conversation with Allan on what motivates him, what his challenges are, what vendors do that piss him off, and the alternatives.

His key insights from the episode:

  • The goal is not to secure all the things.

  • His single biggest challenge right now is Mac users.

  • Taking advantage of negative press for other entities is not a good move.

  • To understand which questions to ask your audience, seek counsel from friendlies.

  • When evaluating a security solution, very often, POCs are a bake-off between 2-3 finalists…and at that stage, that’s where the real, final decision gets made.

  • It's super important to have a true, fundamental, realistic nature and notion about where you really are in the market.

  • Learning about your competition will result in stronger messaging that will resonate with your audience.

  • The blind calendar invites are the single quickest way to piss off Allan and blacklist you forever.

  • Having honest, realistic conversations about what your audience's current state of affairs is and what they might need will get you a seat at the table.

  • You’re not necessarily wanting to win over the CISO anyway.

Andra Zaharia

A big misbelief is that cybersecurity is all about technology. You can see that in the way that most companies communicate.

"AI-enabled whatever." No one cares. 

People care about what you can do for them and how you help them solve a problem.

"If you really are too much in love with your product and technology, you are going to miss the point. You're going to be disconnected from people."

Brutally honest insights from Andra Zaharia, creator and co-host of the Cyber Empathy podcast and cybersecurity marketing expert, on the latest episode of Audience 1st.

We discussed:

  • The challenges she faces as a content marketing professional in cybersecurity

  • Stereotypes to battle in order to be successful in the field

  • Questions to ask to deliver valuable content

  • The framework she uses to produce content

Here are some highlights from the episode:

  • We need cybersecurity literacy to be able to function in the world.

  • Andra’s main challenge right now: finding other marketers who are genuinely interested in cybersecurity and pursuing a path to mature their understanding of how marketing actually serves people in cybersecurity.

  • If you don't really love the mission itself, you're not going to be able to muster up the resources to make the effort of overcoming all of those limiting beliefs and challenges.

  • Stereotypes Andra is challenging in cybersecurity as a content marketer:

    • Empty promises

    • Cybersecurity is all about technology

    • There is no place for emotional connection

    • People care about cybersecurity

    • Technical specialists are the only bearers of truth

  • If you do not challenge these stereotypes as a marketer, you run the risk of wasting lots of resources, facing intense competition, and burnout.

  • Andra asks a few, important questions to ask to clarify purpose and meaning that can be tied back to your content and messaging to deliver valuable content:

    • Who is it for?

    • What is it for?

    • When do they use this?

    • What are they comparing it to?

    • Why are we doing this?

    • Are our assumptions true?

    • Do people really want this?

  • Questioning our hypotheses will give clarity and peace, which creates alignment in the team.

  • Keeping content professionals siloed in your company is not going to help you make a meaningful difference and not having a documented process for how things tie back your principles to product and other functions in your business is going to lead to a lot of frustration and disconnection.

  • The main framework Andra uses to develop content is the Jobs to Be Done framework, which gives you a way to understand the customer's context, needs, and triggers.

Brent Deterding

How do you speak in terms that resonate with CISOs?

What are their goals and challenges?

Have you considered the constraints NEW CISOs experience?

When engaging a CISO, have you thought about the tech they have to adopt before pitching to them?

In this episode, I had a brutally honest conversation with Brent Deterding, newly appointed CISO of Afni, Inc., about what motivates him, what his challenges are, what vendors do that piss him off, and the alternatives.

Here are the key insights from the latest episode of Audience 1st:

  • As a new CISO, establishing and solidifying a personal brand has led to significant alignment in the organization.

  • Moving from a customer-facing position on the vendor side to a CISO role has helped Brent communicate at different levels of the organization.

  • Vendors should think in terms of business terms; Brent urges vendors to make the business case for him, which forces a vendor to think and communicate in terms that he likes.

  • Brent’s bleeding neck challenge: as a new CISO, he doesn’t get to do things the he would necessarily like to do them and has adopted a lot of technology he would not have chosen in the first place.

  • Bonus challenge: landing on websites that have no idea what the hell they are talking about, even if they’re pretty.

  • Brent’s goal: enable the business and catch the bad guy early.

  • As a CISO, being able to support the sales process and the team makes the sales cycle dramatically easier and reduces friction on current client contracts.

  • When researching a security product, Brent turns on his bullshit detector and checks for conversational red flags, then checks to see if a vendor aligns with his general philosophies. He also relies on CISO communities for last-minute information and occasionally checks up with Gartner analysts.

  • In cybersecurity, credibility indicates that someone can be trusted and that they're not going to waste a practitioner’s time.

  • One of Brent’s rules for new vendors is to be prepared to discuss list pricing on the first call.

  • If Brent has to fill out a big spreadsheet of something, he is not buying you. Period.

  • What moves the needle for Brent is being authentic, transparent, and speaking his language.

  • He always appreciates and likes when a prospect brings something up that is a weaker area of his offering.

Cecil Pineda

Peer to peer and community is so valuable in the cybersecurity industry.

Buyers cannot just rely on vendors to tell them their product is “the best thing since sliced bread.”

It’s best to ask for advice because buyers’ peers have experience with tools and openly share them.

That feedback and those stories helps drive them towards a POC.
Because a POC is so limited.

Buyers cannot identify the value and problems in a short 30-60 day POC.

Rich insights from Cecil Pineda, SVP/CISO for a Healthcare Revenue Cycle Management Company.

In this episode, I had a brutally honest conversation with Cecil about his challenges, goals, the value of community and peer to peer engagement, how to best leverage community as a vendor, what vendors do that piss him off, and the alternatives.

Chris Elliot

You've nailed the pre-sale.

But, are you ghosting your customers post-sale?

Or popping up every quarter just for renewals or expansions?

The consequences of those actions are heavy.

In this episode of Audience 1st, I had a brutally honest conversation with Christopher Elliot, Director of Corporate Security and Security Operations at SoFi, about his challenges, goals, what vendors do that piss him off, and the alternatives.

Here are the key highlights from the episode:

  • Security practitioners buy through relationships.

  • Chris’ one bleeding neck challenge: His people.

  • Chris’ goal: To make networks more secure and find threats faster than yesterday to be more proactive in their security posture.

  • What Chris hates most about the cybersecurity industry: The vendor relationships are toxic. The cold calls and the random, persistent emails that he gets even when he says he is not interested.

  • The best way to approach Chris is: Have a burger or a beer with a casual first conversation.

  • The worst thing Chris has experienced from a vendor: ‘Backdoor’ sales tactics.

  • The alternative: Buy through authentic, non-transactional relationships

  • He will talk to customers. If what customers say is not aligned with what the vendor says, he will not continue in the evaluation process.

Chris Roberts

"Show me the courtesy of treating me like a human before you take my money."

A brutally honest request from Chris Roberts, vCISO, Researcher, Hacker, Advisor, AND MOST IMPORTANTLY, good friend.

Security practitioners are at the pointy end, they’re fighting and it’s not fun.

So, as marketers, what are you doing to empower them, not stress them out even more?

In this episode of Audience 1st, Chris and I uncover just that.

I had a brutally honest conversation with Chris on what motivates him, what his challenges are, what vendors do that piss him off, and the alternatives you can take to genuinely help security pros.

His key insights from the episode:

  • It’s game over if you’re using buzzwords in the industry

  • More marketers, salespeople, and vendors need to get better at listening.

  • Security pros are taking the time to market their point of view on LinkedIn to help their audience

  • What Chris hates most: Overpromising, underdelivering. Bonus: Being used as a stepping stone.

  • It doesn’t take much to get to know your audience. You need to invest some leg work researching about them.

  • Everyone has to put food on the table. It’s how the transaction is conducted that’s important. And honesty gets you a seat at the table.

  • They know you’re [marketers, sales, vendors] under a lot of pressure, but it isn’t an excuse to do things without clarity and knowledge of what you do.

  • When researching for security solutions, security practitioners keep a scorecard for continued research in their community. And if you add them to a mailing list, you’ve lost marks.

Dheeraj Pandey

Every time a cybersecurity vendor comes through the door, what they're looking at is just a closure of a deal.

Having frequent service evaluation calls or catch up calls with us so that they can serve us better is not only beneficial to security practitioners, but for the vendors themselves.

The industry moving in that direction, but currently this service-based mindset is largely missing in cybersecurity.

Brutally honest insights from Dheeraj Pandey, CISO & Head of Organization at Crédit Agricole Corporate & Investment Bank, India.

In this episode, I had a conversation with Dheeraj about his challenges, goals, what vendors do that piss him off, and the alternatives.

Dmitriy Sokolovskiy

How does a CISO present to their board without killing them with numbers?

And why are CISOs not getting help from the sales side?

The people seemingly more attuned to business acumen than them?

In this episode of Audience 1st, I had a brutally honest conversation with Dmitriy Sokolovskiy, CISSP, QTE, CISO of Avid, about his challenges, how to build relationship capital, and tangible ways to help CISOs do their job better.

Here are some key insights from the show:

Words like:

  • Business value

  • Return on investment

  • Long term planning

…have a very different meaning to executives and the boards than what CISOs (techies) think.

  • You can help a CISO out by providing them with insights so they can translate their business better to their direct audience.

  • If you take value-based approach to engaging with CISOs, it doesn't matter if you go to your competitor in a year or two, they are still in your pipeline.

  • Listen to them first and then don't tell them anything.

  • Come back to them with what you’ve heard and with some research on what they’ve discussed.

  • Ask them what’s keeping them up at night or what their biggest issues are.

  • Be honest about what you can and cannot help them with in order to not waste their time.

Evan Francen

There are 3 things you need to get customers in cybersecurity: Trust, credibility, and like-ability. If you can establish those, you’ll kick ass.

Brutally honest insights from Evan Francen, CEO of FRSecure and SecurityStudio.

When I listened to Evan chat with Ryan Cloutier, CISSP on their podcast, he said one thing that stood out to me:

“I don’t want any friends.”

I called bullshit.

And so, we had a down-to-earth, candid conversation, full of “F'“ bombs and the “S” word 😱, about what motivates him, what his challenges are, what vendors do that piss him off, and the alternatives.

Look how that worked out!

Here’s hoping for a continued friendship.

And here are the key highlights from the episode:

  • Complexity is the worst enemy of security. Vendors are adding to the complexity by telling practitioners to buy more tools.

  • If people got rid of half the tools they have and actually learned how to use what they have responsibly, the industry would be in a much better spot.

  • This is a service industry. We are not here to sell people a bunch of goods unless the goods are actually there to protect people.

  • What really matters is understanding what a person's motive is and where they come from.

  • Evan’s biggest challenge: getting people to speak the same language.

  • When researching security products, Evan first identifies what actual problem he has and is trying to solve and only then evaluates if he even needs a tool in the first place.

  • Information security is not about information or security as much as it is about people.

  • Evan can tell when a marketer’s heart is in the right place; it is when a marketer actually inquires about the kind of problems he is trying to solve vs. pitching a solution to him and creating a problem for him that he wasn’t even thinking about.

  • Security vendors are fighting and kicking each other's ass over a market that's already being served - the enterprise; meanwhile, the underserved markets - small to mid-sized businesses - just sit there and flounder.

  • The worst thing Evan has experienced from a vendor: false promises; it's better to have no security than to have a false sense of security.

  • When you focus on the mission, even if you don't win right now on the front end - getting the customer acquisition - you will absolutely win on the churn rate. People will not leave you. They will stay with you forever because they trust you.

  • If you are phasing into cybersecurity, take your time, keep it simple, and educate yourself.

Ferd Hagethorn

Everybody's spread thin and it’s difficult to train people to free time of security experts.

And people move on so we have to help them hit the ground running elsewhere.

Building the community, building the right mindset, the hacker mindset is super important.

Brutally honest insights from Ferd Hagethorn, Director of Security Services at Planit Testing.

In this episode of Audience 1st, I talked to Ferd about his challenges, goals, what vendors do that piss him off, and the alternatives.

Here are some insights from the episode, curated just for you:

  • Ferd’s function is an always-on function. He rarely gets downtime, especially given his services are spread around the globe.

  • Finding people is his bleeding neck challenge.

  • Ferd is particularly looking for individuals who are curious; people that want to know how stuff works, how everything's put together, and how it interacts.

What Ferd hates most about the industry:

  • Cold calls and cold emails. They go straight into his spam folder.

  • The second thing is over promising and underdelivering.

What Ferd thinks about comparison sheets on vendor website:

  • They do help. Most of them are actually pretty good.

  • When it comes down to the nitty gritty, the real small stuff, he feels they usually exaggerate a bit regarding what the tool can do, how fast it is, and how easy it is in use.

What makes Ferd feel good that vendors do:

  • Listen to feedback and apply it to the product roadmap.

  • Be very approachable, especially on the technical support side.

  • Provide him a direct line to a really good pre-sales professional or technician that actually knows the code of the system.

Gary Hayslip

I get that you're talking about the offensive framework like MITRE ATT&CK.

But you should really talk about the compliance framework, which a lot of CISOs, unfortunately, have to live in.

Show them me that too.

Brutally honest insights from Gary Hayslip, CISO of SoftBank Investment Advisers.

In this episode of Audience 1st, I had a deep conversation with Gary about his challenges, goals, what vendors do that piss security practitioners off, and the alternatives.

Here are some key insights from the episode:

  • Companies will focus on a particular subject like AI and ML and won’t let go of that.

  • Gary’s goal: Having his whole tech stack integrated within the business and automating where he can.

Decision criteria when evaluating a security solution:

  • Does it integrate into the current technology stack he has?

  • How easy it is for his team to use?

  • Is it API-driven so he can pull data?

  • What type of data does it generate?

  • How easy is it for his team to pull reports?

  • How easy is it for his team to integrate and tie into their other technologies?

  • Does it generate some new metrics that he wasn't even aware of that have value?

  • Is it handling sensitive data where he has to worry about regulatory issues?

  • Is the data that is running inside the solution running in a proprietary format?

  • Does it help him answer any of his KRIs that his operating committee is expecting him to answer?

  • Overcomplicated pricing schemes do not fly.

“When you start getting into these really weird pricing schemes that try to cover the vendor costs for cloud, most companies will take a step back ‘cause it's very hard to show and explain on budget. 

Jay Jay Davey

Cybersecurity vendors need to start building relationships.

Instead of looking at lead filters or lead generation.

They need to start learning from the people on the ground.

Because those communities are going to be filled with potential leaders of the future.

And if you can get really good relationships with them now, that's going to influence buying decisions in the future.

Brutally honest insights from Jay Jay Davey, SOC Client Lead at Bridewell, Chief Operating Officer at Cyber Jobs Hunting, and Chief Educational Support Officer at Cyber Mentor DoJo.

In this episode, I had a conversation with Jay Jay about his challenges, goals, what vendors do that piss him off, and the alternatives.

Jenny Botton

Too many people think that if you use jargon and spout geek speak...

That you're going to impress people.

The opposite is true.

All you're going to do is turn them off because they're going to start tuning you out and then you've lost your message and an opportunity that could be quite valuable. 

A brutally honest insight from the one and only Jenny Botton, Head of Corporate Information Security at CCL.

In the latest episode of Audience 1st I just dropped, I had a brutally honest conversation with Jenny about her challenges, goals, what vendors do that piss her off, and the alternatives.

Here are the episode highlights:

Jenny’s one bleeding neck challenge:

  • There are just not enough people.

  • We're in a bit of a state of cannibalism at the moment, because everybody's just trying to eat everybody else in terms of poaching their staff and their team members.

How to solve this challenge:

  • Automation. If we can start automating, alerting, or patching and let people focus on the stuff that actually needs a human brain to analyze, that's going to go a whole long way to helping us with the skill shortage.

Barriers to evaluating security solutions:

  • The pure amount of time that it was taking for her team to respond to all the stuff coming at them held her from looking at solutions.

Cardinal rules vendors, marketers, or salespeople are breaking these days:

  • Not truly understanding their customers.

  • Not researching what the company does, what she does, and what she enjoys. (It’s blatantly listed on her LinkedIn profile.)

  • They send out mass emails that aren't even relevant to her role.

Quick tips to write a good email that she would open and respond to:

  • Context and personalization matters in your subject line and body - include a topic of her interest connected to something new she can learn

  • Provide the value and opportunity to learn - for example, invite them to a roundtable discussion or a closed community to talk to peers.

John Gates

Even if you never made a sale with somebody...

If they brought you 10 people that ended up needing a solution like yours and you were able to help them move their mission forward, it still works out.

In this episode of Audience 1st, I had a brutally honest conversation with John Gates, Lead IT Security Operations/Threat Response Analyst at a Fortune 500 company, about his challenges, goals, what vendors do that piss him off, and the alternatives.

Here are the key highlights from the episode:

What John hates most about the cybersecurity industry:

  • There's excessive drinking at times at some of the events.

  • There are a lot of people out there that are just out for the dollar.

  • They're not looking to gain a relationship with a company and address a customer's true need.

  • When vendors market - “100% secure”

How John recommends engaging with the buying committee at a Fortune 500 company:

  • Establish a connection first

  • You have to go to their website, and find out how to get on their vendor list.

  • Continue to build a relationship and get to know each other

John’s one bleeding neck challenge:

  • Threat hunts and actionable data - finding intelligent threads where there's actual information he can turn and put to use.

John’s ultimate goal:

  • To continue to keep data secure. Keep the bad guys out.

How John goes about learning new things:

  • John reads a lot of books.

  • He likes to look at the dark web and see what criminals are up to and what they are going after

What John hates most that vendors do:

  • Sell an incomplete solution

  • Not building an authentic relationship

The alternative:

  • Keeping promises

  • Staying in communication

  • Following through

  • Maintaining a relationship

  • Reaching out to see what's going on; if they need help with anything.

  • Being present and genuine

  • Not lying and presenting things in a solid way

Joseph Carson

"As marketers, we actually use the same techniques that attackers use. What's important is: How do we distinguish ourselves from the attackers?"

Brutally honest words from Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea, on the latest episode of Audience 1st.

Joseph discloses what motivates him, what his challenges are, what vendors do that piss him off, and the alternatives.

His key insights from the episode:

  • Security is people first. It’s not about the technology.

  • Balancing time to continuously learn is a challenge for security practitioners to maintain.

  • There is always an opportunity for your audience to learn and engage if you provide them with information with context and a point of view.

  • Before you get 10 minutes of your buyer’s time, remove FUD, remove fluff, and clearly explain what you really do.

  • Email is not dead. It's just not the only one that's primarily used. It's still heavily used, though.

  • The goal is to frictionlessly get buyers to information in trusted ways so they can make wise and educated decisions.

  • Validate messaging with your buyers first. It’s harder to retract and change inaccurate messaging released to the market once it’s already out there.

  • Time is the most valuable asset. Let your buyer decide when their time can be used for your resources and assets in the way you serve them information.

Joshua Marpet

The way you build trust can take you in different directions:

1. Down a destructive path of ruined reputation,

2. Up a rewarding road of unlimited relationships and referrals.

What do you choose?

In this episode of Audience 1st, I had a brutally honest conversation with Joshua Marpet, CEO of MJM Growth Inc., about his challenges, goals, what vendors do that piss security practitioners off, and the alternatives.

Here are some key insights from the episode:

What Josh hate’s most about the industry:

  • The insular-ness/the echo chamber.

  • The use of scare tactics and fear, uncertainty, and doubt (FUD)

  • Leading with shiny things is not going to get business, especially now.

  • These days, CISOs are not coming up from keyboard warriors and technologists; they're coming across from management programs and down from the C-level.

  • If you’re at all thinking of creating an alias on LinkedIn or Twitter to engage buyers - rethink that tactic. Crumble it up in a ball. And throw in the flaming pit of hell. These kinds of interactions build false trust.

How to build trusted advisor status with security buyers:
You must imbue all attributes of trust:

  • Be honest.

  • Do not lie.

  • Do not spin, scare, be nasty or rude.

  • Put all of the cards on the table.

Leo Cruz

When you prepare your conference booth, lead with a genuine message.

Come to help.

I think people will gain more from being able to be helped at Black Hat than leaving with 50 t-shirts.

For the first timer, it's pretty cool to get all that swag, but I think if they leave with something that actually makes sense, I think it's way more meaningful. 

Brutally honest insights from Leo Cruz, CISO of St. Joseph’s School for the Deaf.

In this episode of Audience 1st, Leo shares:

  • His experience at Black Hat USA 2022

  • Differences he saw this year vs. previous years

  • Which vendors stood out to him on the exhibition floor

  • What marketers can do to improve their booth game and messaging next year

Here are some highlights from the episode:

What positively stood out to Leo on the exhibition floor:

There was a shift from a vibe of competition to camaraderie among vendors.

Leo started to see vendors talking to other vendors to assess how they were doing and what they are seeing from clients:

  • What are the trends you’re seeing?

  • What are the attacks that are impacting the way your clients purchase?

  • How do your clients POC?

  • What are the challenges you’re facing?

  • There was a shift from swag central to more meaningful conversations on how to work together cohesively.

  • Adversarial attacks are getting much worse and Leo believes we have to stop competing at some point and understand that everyone can potentially use every technology.

However, it’s the human element that is the most vital resource.

Limor Kessem

What happens well inside your organization during a crisis-level cyberattack is all nice and dandy.

But what you're really going to be judged on is how it looks in the media.

If you don't control your message and don't say the things that you really want to tell your customers, then you're going to end up losing so much money.

So many problems are going to come from that response more than anything you're doing under the hood.

Brutally honest insights from Limor Sylvie Kessem, CISM, CCISO, Principal Consultant of Cyber Crisis Management, Author, Speaker and Podcaster.

In the latest episode of Audience 1st, I sat down with Limor to uncover:

How vendors and PR teams within those organizations can be more prepared to handle crisis-level cyberattacks and create more meaningful messages and experiences that impact their customers and the industry positively.

What a controlled message of a crisis looks like

Examples of high-profile breaches and how not to manage a crisis

3 Ways Go-to-Market Teams Can Be More Cyber Resilient in Organizations to Absorb Risk

1. Develop Boundaries as a Human Being

2. Remain Curious and Hungry to Learn in Your Role to Reduce Your Burnout

3. Support Educational and Awareness Campaigns to Counter Cybersecurity Risk to the Entire Organization

What is the commander's intent?

Commander's intent allows everybody within an organization, across the world, to know what to do when a crisis occurs.

It doesn't matter whether the CEO is available or not available, is on a flight, is in a meeting.

Their comms team already has an idea that was approved by everybody, by legal, by all the important people that have to be in the room if a breach was to hit.

The preparedness is increased and the response time is decreased.

Within 30 minutes, they have a standing statement ready to say ABC.

It's going to be a good statement that was approved in advance.

That's controlling the message with commander's intent.

They shouldn't be fumbling in front of cameras or trying to scramble to understand things.

They should have a straight up seed document with all the information from their technical team.

Let's just organize the chaos because there's chaos.

Malia Mason

Time is the most valuable asset for security buyers.

Many of you know that.

But are you really respecting their time?

In this episode of Audience 1st, I had a brutally honest conversation with Malia Mason, vCISO, Manager of Cybersecurity, and President and Co-Founder of CyberDEI, about her challenges, goals, what vendors do that piss her off, and the alternatives.

Here are the key highlights from the episode:

  • What Malia hates most about the cybersecurity industry: There can be a lot of egos in cybersecurity and there shouldn’t be.

  • Bonus: She hates the term, “influencers.” She wishes more people in the industry would recommend those who have not had a chance to speak at conferences or events.

  • Malia’s bleeding-neck challenge: Asset management.

  • Malia’s goal: To do auto-discovery because too many companies are still doing manual processes, like a spreadsheet of IP subnets.

  • What Malia likes that vendors do: Being fast to respond to emails and get support because practitioners are slammed.

  • Bonus: Ditch the swag. Donate to someone’s favorite non-profit.

  • Have patience and also understand no means no, no means no.

  • If security professionals say, “not now,” do not continue please don't continue. Put a note in your calendar for six months later and do a check-in, but please don't harass them. Especially women.

Nadja El Fertasi

"Respect fear. It has an important function in getting out of your comfort zone."

There are ways to navigate fear, frustration, and imposter syndrome, if you feel it like I sometimes do.

  • Aggressive goals

  • Ever-changing technology

  • Pressure to “rise above the noise”

  • Audiences that are sometimes hard to reach

  • Stressful and fast-response support required

All that can sometimes take a mental and emotional toll.

It doesn’t mean you have to suffer, lose motivation or have feelings of negativity in your personal and professional life.

In this episode of Audience 1st, I had a refreshing and open conversation with Nadja El Fertasi, Founder of Thrive with EQ.

Here are some key insights from the episode:

  • 'Emotional firewalls' is a symbolic meaning for the security world to help people understand that emotional intelligence is how we use dynamic information.

  • Against popular opinion, security people don't wake up in the morning and say, ‘I'm going to make the marketer's life miserable.’

  • We all suffer from imposter syndrome. And that’s okay.

  • Our identity has no correlation to our function if we don’t allow it.

  • Boundaries are correlated to healthy levels assertiveness.

  • Building an empathy map will help you deeply understand the reason behind actions your audience takes.

  • Listening is difficult because we listen to reply. Emotional firewalls will help you listen to understand.

Nick Ryan

Dear CISOs and security leaders, loosen up on sales people.

Give them the time of day.

You can still hold your line and tell them what works for you and what doesn't - at least respond.

Just be an upstanding person.

A kind but critical request from Nick Ryan, CISO.

In this episode of Audience 1st Podcast, I talked to Nick about his challenges, goals, what vendors do that piss him off, and the alternatives.

Here are some key insights from the show:

What Nick hates most about the cybersecurity industry:

  • Buzzwords - because they’re used by non-technical people.

  • Slides that just look pretty and sexy but are just “market-ecture,” as he puts it.

What’s the real deal with the use of “zero trust” that pisses off security buyers?

  • It's an absolute term.

  • What zero trust really is at the core of it is trust, but verify.

  • If you had zero trust, literally no one would get into the system, ever.

Nick’s bleeding neck challenge:

  • Managing of data.

  • There are so many tools out there being used and data that’s being brought in - it is hard to stay on top of the data sources, make sure things are getting tagged properly.

Nick’s ultimate goal as a CISO:

  • To protect the firm's revenue, keeping the firm out of financial harm.

Are free trials and POVs a key factor in deciding whether or not to purchase a solution or not?

  • They are. But there are concerns with them too:

  • Connecting solutions to tenants and viewing all the permissions technologies want do not sit well with Nick.

  • Things are also difficult to unwind after they are in environments.

Ryan Cloutier

Marketers that reach out and say: How can I learn from you? What can I learn from you? Those folks get attention.

The game isn't about information or security.

It's a people thing.

Brutally honest insights from Ryan Cloutier, CISSP, President of SecurityStudio.

I sat down with Ryan to listen to his challenges, what motivates him, what vendors do that pisses him off, and the alternatives.

Here are the insights I pulled from a recent episode on Audience 1st:

  • Ungate your content.

  • If you focus on the mission, you will make the money.

  • Relationship capital will always generate more financial capital.

  • The way an organization treats their employees impacts buyers’ decisions.

  • One of the biggest challenges in cybersecurity is that we don’t speak human being.

  • What Ryan hates most: The mafioso type of behavior and the victimization of clients.

  • Marketers have the opportunity to evolve and improve if they take time to build relationships.

  • Your messaging needs to cater to multiple segments in your target account; you need to get double buy-in these days.

  • There is no other industry that is allowed to give a 100% guarantee of something without first being able to scientifically prove that that's true.

Tal Arad

Buyers aren't going to read a hundred of pages of an RFP.

They don't have the time and the capacity.

No one can digest that.

Buyers are going to read as little as possible to make a decision.

So, cut the bullshit and provide as much focused information as possible:

  • Technical diagrams

  • High-level explanations

  • A few slides that provide a focused message

That will really help buyers make a decision.

Brutally honest insights from Tal Arad, CISO of Carlsberg, who joined me on the latest episode of Audience 1st.

Here are some key insights from the episode:

Tal’s bleeding-neck challenge:

  • Too many moving parts in complexity.

How Tal separates the wheat from the chaff among vendors, solutions, and technologies:

  • Gut feeling

  • Having a network of colleagues

  • Validating a vendor’s ability to connect with ecosystems

  • When you’re giving presentations, bring in the people that will actually deliver the project and stay with the client to present it.

Wrapping Up

Thank you for joining me on this journey to becoming a more ethical and moral marketer in the cybersecurity industry.

I want to stress that I am learning just like many of you.

Constant learning, failing, and small, consistent, and incremental successes are what drive me forward.

My hope is these insights have been useful this past year and will continue being useful intro 2023.

As always, I want to know how I can help you and I can improve. So, if you have feedback, please let me know.

And if you love this show, please leave a podcast review on Apple or Spotify!

Thanks for a successful and fruitful 2022 and…..here’s to an even better '23!

Subscribe to Audience 1st Podcast Newsletter

Thanks for reading! If you like summaries like this, subscribe to Audience 1st Podcast Newsletter to get notified whenever a new episode drops.

Excited to collaborate? Let’s make it happen!

Check out our sponsorship details to connect with real security practitioners and showcase your brand to an engaged community of cybersecurity decision-makers giving and seeking real buyer insights.

Reply

or to participate.