Join us TOMORROW, Friday [01-30-26], for "Hacking Employee Retention"

Join us Friday, January 30, 2026, for “Hacking Employee Retention: An hour of critical thinking about how to keep and develop your talent.”

It all begins at 1 PM ET/10 AM PT TOMORROW with guests Andy Ellis, principal, Duha, and Peter Gregory, best-selling cybersecurity author. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register now

Defense in Depth
When Cybersecurity Marketing Fails to Reach the Buyer

If customers want cybersecurity vendors to solve a problem, it should be clear how to market the solution. Unfortunately, too many vendors are marketing something buyers really don't care about.

Check out this post by Patrick Garrity of VulnCheck for the discussion that is the basis of our conversation on this week’s episode, co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining them is Tom Doughty, CISO, Generate:Biomedicines.

Listen to the full episode here.

The 3Ms of product clarity

In a crowded landscape, vendors need to show where and how they deliver value. Faruk Ulutas of CyberSkillsHub offered a framework for sharpening that clarity: "For tight product+marketing fit, use the 3Ms: Moment (where in the kill chain), Metric (MTTR, false positive rate, exposure), Motion (first click to value). If any M is fuzzy, sharpen the product or story." But adding AI to a product doesn't automatically create that clarity. Marcel Velica of Eventbrite pushed back on superficial AI integration, noting that "every new startup or board and founder looks like they're just sprinkling some LLM fairy dust on top of their app and pitching it like it's magic. Implementation isn't just about adding AI to your roadmap and thinking your product is done. It's about owning the complexity that comes with putting it in front of real users, with real expectations, in real time."

Buzzwords work because buyers aren't experts

The cynical reality is that buzzword-heavy marketing often outperforms substance-driven pitches, and there's a reason for that. "Almost always, the people with the purchasing power are uninformed and easily swayed by buzzwords, which is why they work. Moreover, they work better in most cases than selling on actual capability (see, for example, every company racing to adopt Agentic AI for everything)," confessed Nick Carroll of Zscaler. He added that "you're usually not selling to the people who truly understand the problem space. Rather, you're selling to people who think they know far more than they do, and those are the people for whom buzzwords are impressive." Paolo Di Prodi of Priam Cyber AI has seen this dynamic shift in vendor messaging in real time, saying, "When we started, we didn't call ourselves any of those names, and we didn't advert ourselves as such, but now... the first thing they ask is 'are you agentic-based?'"

Investor pressures distort messaging

External financial pressures push cybersecurity companies toward messaging that pleases investors rather than resonates with practitioners. Thomas Griffiths of Trend Micro argued it undermines the credibility of the industry, saying, "It's a sad reality when blind, investor-pleasing strategies dictate messaging and customer engagement. This reckless approach undermines authenticity and poorly reflects the principles most cybersecurity professionals uphold." Steve Berkholz of Hirotec America captured buyer frustration with that dynamic. "We also don't care how much funding you raised in series 1, 2, etc. We are buying products, not stocks. If you talk more about funding than you talk about what your product does, I'll just pass you by."

Threading the needle

Marketing cybersecurity solutions involves navigating constraints that few other industries face. Jennifer E. Tisdale of Upstream Security laid out why the role is so challenging: "The hardest job in cybersecurity is marketing. First, cyber/AI/data is a non-visual, abstract concept with layers of meaning and audience variations that are near impossible to capture in a one-pager or sentence. Secondly, they're often limited by NDAs or by what you should/shouldn't say to avoid negative perception by desired customers. Damned if you do, damned if you don't situation." Her conclusion? "Every tech company needs better storytellers to add to marketing and sales. But marketing, on its own, is a tough gig. Much respect to those tasked with the job."

Please listen to the full episode on your favorite podcast app, or over on our blog, where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Huge thanks to our sponsor, Alteryx

Subscribe
Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

PREVIEW: CISO Series Podcast LIVE in Clearwater, FL 3-3-26

You've listened to the CISO Series Podcast for years but if you've never joined us for a live show, you haven't gotten the full experience. We'll be recording an episode on March 3, 2026 at the Convene conference. You're got to join us for the fun! Everything you need to know can be found here.

If you’re interested in attending, get your tickets here. Use code CISOPodcast for 15% off!

Huge thanks to our sponsors, Adaptive Security, KnowBe4, and Zepo

Reddit ‘Ask Me Anything’ – January 2026

Our monthly AMA on r/cybersecurity on Reddit is happening all week! Our topic is "I had my budget cut and still reduced risk. Ask Me Anything."

For this edition, we’re focusing on a challenge many security leaders face: reducing risk even when budgets are cut. Our panel will share how they managed to keep risk down despite having fewer resources. They'll discuss what strategies worked, what didn’t, and how to prioritize security when money is tight.

Please ask questions for our participants here.

This month’s participants are:

• Gary Hayslip, (u/Shaynei), vp, senior security advisor, Halcyon

• David Cross, (u/MrPKI), CISO, Atlassian

• Nick Espinosa, (u/NickAEsp), host, The Deep Dive Radio Show

• Will Gregorian, (u/wgregorian), former senior director, technology operations and security, Galileo Medical

• Edward Frye, (u/krypt0_ed), head of security, Luminary Cloud

• Dan Walsh, (u/Security_few_sense), CISO, Datavant

Thanks to all of our participants for contributing!

LIVE!
Cybersecurity Headlines - Department of Know

Our LIVE stream of The Department of Know happens every Monday at 4 PM ET / 1 PM PT with CISO Series producer Richard Stroffolino, and a panel of security pros.

Monday’s episode featured Jason Shockey, CISO, Cenlar FSB, and Krista Arndt, associate CISO, St. Luke's University Health Network. Missed it? Watch the full replay on YouTube and catch up on what’s shaping the week in security.

Join us again next week, and every Monday.

Thanks to our Cybersecurity Headlines sponsor, Conveyor

Cybersecurity Headlines - Daily News Shorts

Subscribe to the CISO Series YouTube channel, for daily shorts videos from CISO Series reporter, Rich Stroffolino. You can find all of the stories he’s covered, plus new content every weekday, at the Cybersecurity Headlines Shorts YouTube playlist.

Cyber chatter from around the web...
Jump in on these conversations

“The US just pulled out of three major cyber coalitions. Thoughts on the fallout?” (More here)

“Researchers found a single-click attack that turns Microsoft Copilot into a data exfiltration tool” (More here)

“The “SECURITY BEST PRACTICE” you stopped believing in after working a real job…” (More here)

Coming up in the weeks ahead on Super Cyber Friday:

• [01-30-26] “Hacking Employee Retention”

• [02-06-26] “Hacking Analyst Happiness”

 Save your spot and register for them all now!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.