TL;DR
Getting customers on the record–especially in tight-lipped industries (looking at you, cybersecurity)–is one of the biggest hurdles in customer marketing. From emptily-promised case studies to straight up ghosting, there are a million ways for customers to say “no” to giving you a testimonial, review, or case study.
That’s why I chatted with some of the most brilliant cybermarketing leaders out there to get their tips on how to get even the most skeptical customers on the record.
Key Topics:
- The top reasons cybersecurity professionals are tight-lipped
- How mutually beneficial partnerships can pave the way to trust
- The role of meaningful incentives in breaking barriers
- How high-quality, ungated content can turn the tide in your favor
- How to use anonymized testimonials (and make sure they actually resonate)
A meme to set the scene:
I recently hosted a webinar for the CMA Weekly community alongside Alex, and one of the first questions we asked the audience to weigh in on was:
What’s the hardest part of gathering customer stories?
The chat went nuts with the response we anticipated:
Getting customers to agree
Getting customers on board
Customers saying yes
Customers give us great verbal feedback but won’t go on the record
It’s one of the biggest challenges marketers face when it comes to customer marketing. Customers are hard-pressed to go on the record. And our original research that we conducted with 600+ marketers, sellers, and buyers confirmed that hunch.
- 56% of marketers said they struggle to get direct access to customers.
- 48% reported that getting customer approval for stories is difficult.
- 47% said that creating customer evidence takes too much time and effort.
My friend Natalie Marcotullio put it best:
“Marketers don’t prioritize case studies because it can be so difficult to get ROI data from customers. SaaS is more competitive than ever, so while customers may be happy to talk about their great experience using your software, they may not want to give specific stats that reveal a competitive advantage.”
The tight-lipped nature of customers is especially prevalent in industries like cybersecurity. Which is exactly why when I interviewed 6 of the best marketing leaders from cyber for our podcast at last year’s CyberMarketingCon, I wanted to get their take on this issue. And, better yet, I wanted to see if they’d cracked the code on getting cagey customers on the record.
Kaitlin Pettersen, Nav Singh, Sam Langrock, Tom Wentworth, and John Short came with their best advice, and I’m sharing that with you today. Here’s a dive into the strategies and tactics they’ve used to get leaders at companies like Canva, Netflix, Airtable, and ADT to go on the record.
But first, why are cybersecurity pros so tight-lipped?
Before we dive in, let’s clear the air: We love technology. (Seriously, have you seen Samsung’s refrigerator with a built-in 36-inch TV? It’s freakin’ wild.)
But we also understand that the darker side of tech is one of the key reasons you may struggle to get your cybersecurity customers to go on the record.
Reason #1: They’re naturally skeptical
It’s hard to go a day without reading some negative news about technology. It’s an unfortunate part of everyday life that almost feels second nature. For cybersecurity professionals, though, this distrust runs even deeper.
Sure, they’re on the frontline of all the good, but they’re also more aware of the dangers than most.
“Cybersecurity professionals see the worst corners of the Internet,” explains Kaitlin, Head of Customer Engagement at Vanta, a leading trust management platform that simplifies and centralizes security for organizations like Duolingo, ZoomInfo, and Chili Piper. “That makes them naturally cautious and, at times, suspicious.”
She adds, “They know that anything shared online is permanent, so asking them to publicly share their opinions—whether about a competitor or the specifics of their internal processes—is a big ask because their situation could change.”
But if you can break down that barrier, the payoff is worth it—just look at Vanta’s awesome customer spotlight with Duolingo.
Reason #2: They’re protective of their playbooks
“They’re protective of their playbooks and systems,” Kaitlin shares. “Security practitioners, in particular, are often reluctant to share how they’ve built their programs or who they’re partnering with. To them, it’s like handing you the combination to their storage unit.”
Nav, Vice President of Marketing – Network Security at Palo Alto Networks, agrees: “I’ve talked to many buyers who’ve been burned before. As one said, ‘The day the first legitimate package is dropped will be the last day of my job.’”
Long story short: There’s a lot on the line, so cybersecurity pros tread carefully and will forever balance their need to share insights with their natural drive to protect everything they’ve built.
3 tips for building the trust needed to get cybersecurity pros to go on record
Technology, especially AI, is advancing quickly as more mainstream applications open up. At the same time, discussions about the potential dangers are growing louder—a warning Stephen Hawking raised years ago when he said, “The development of full artificial intelligence could spell the end of the human race.”
While we’re not here to dwell on doomsday scenarios, Hawking’s words are a powerful reminder: As technology advances and skepticism deepens, it’s more important than ever to lean into what makes us uniquely human—authentic partnerships, showing genuine appreciation for others’ time and effort, and good intentions.
These same principles are also the keys to building the trust cybersecurity pros need to feel comfortable enough to go on the record with you.
Convey the value of the partnership early and often
Kaitlin points to another uniquely human reason cybersecurity professionals may hesitate to go on the record: they’re busy.
“People are constantly running from meeting to meeting, juggling deadlines, managing programs, and looking for ways to optimize processes,” shares Kaitlin. “They’re incredibly busy, so asking them to dedicate any time to something that doesn’t directly impact their priorities, performance, or compensation is a big ask.”
The solution? Reframe your ask as a mutually beneficial partnership.
“The assets you create with your customers can position them as experts in security and compliance,” Kaitlin explains. “It’s important to frame this as a partnership that focuses on their accomplishments and the ‘why’ behind their efforts, rather than just emphasizing the role of your product or service.”
Sam, Senior Product Marketing Manager at Recorded Future, provided a great example of a partnership mindset when we sat down with him at CyberMarketingCon 2024, sharing how his team partnered with Canva to create an article about how they built and operationalized their cyber threat intelligence program (CTI).
The result? It’s a win-win for Recorded Future and Canva. The article highlights how Recorded Future’s technology, insights, and detailed analytics helped a multi-billion-dollar brand while giving Canva’s team a chance to shine.
Sam also recommended pairing these assets with case studies, direct quotes and other customer-approved materials to equip your go-to-market (GTM) teams with a stronger narrative to share in sales pitches, ads, and other GTM motions.
Sweeten the partnership
Giving customers the chance to shine can go a long way in building the trust needed to get your customers on record. But why stop there? Sweeten the deal by offering an incentive.
“Offering the right incentive, in the right way, for the right opportunity, can motivate customers to go on the record,” Kaitlin says. “But it has to be above board and aligned with their values.”
Said another way, it can’t be a bribe.
The key, she explains, is to offer something genuinely meaningful. “It could be a token of gratitude, access to subject-matter-experts (SMEs), or a simple creative gesture that makes them feel appreciated and excited.”
Here are a few additional ideas:
- Priority access to beta tests
- Donations in their name
- Complimentary passes to conferences and events
- Exclusive networking events
- Branded gifts that align with their interests
Still, no amount of incentives will sway some customers—and that’s ok. Don’t push them. Instead, explore alternatives like using an anonymous quote, stat, or case study that you can pair with credited evidence on your customer page, microsite, or pitch decks.
“While anonymous quotes might feel less reliable or influential, their content can still be compelling,” Kaitlin explains. “It’s just important to back it up with verified evidence that reinforces authenticity and assures them that everything you share is grounded in reality.” But, more on that later…
Don’t make it all about data
If there’s one guaranteed way to get an eye-roll from cybersecurity pros, it’s being asked to hand over their data, especially for flaky content that lacks substance. The moment they suspect their input is a play to drum up more data from potential buyers, the conversation is over.
So, flip the script by making high-quality, un-gated content your standard—think evidence libraries packed with bite-sized stats, testimonials, and verified ROI—or even blog posts written by credible, unbiased reporters.
Tom, CMO at incident.io, nailed this approach by launching The Record during his time at Recorded Future, a publication dedicated to providing “exclusive, behind-the-scenes access to leaders, policymakers, researchers, and the people in the shadows of the cyber underground.” The goal? Position The Record—and Recorded Future—as the “Bloomberg of Cyber.”
As Tom puts it: “If they trust our news, they’re more likely to trust us and our product, too.”
And the strategy worked. “We found that 80% of our closed-won deals each quarter had visited The Record in the past 80 days,” Tom shares. “We weren’t trying to source opportunities directly, but it showed that our ICP was engaging with the publication. Our customers also validated its value through anecdotal feedback.”
Do you have to launch a publication and media company like Tom to build trust? Absolutely not. In fact, Tom advises against it.
Instead, focus on credibility with third-party publications and reporters outside your walls.
As John, CEO of Compound Growth Marketing, one of America’s fastest-growing private companies, shares, “Content syndication through partners like Security Week and Tech Target deliver excellent results because their audiences—and your buyers—are skeptical.” John also speaks to the value of Reddit and similar, more “organic” channels to build trust with audiences who demand high-quality, authentic content.
The bottom line? High-quality, ungated content shows cybersecurity professionals that you’re in it to provide real, tangible value—not just collect data for your demand gen engine.
Pro Tip: Build even more trust with cybersecurity professionals—and further reinforce that you’re not just interviewing them to get more data—by offering ungated interactive demos on your website that allow them to “test drive” your product.
Don’t shy away from anonymized interviews
Of course, collecting testimonials from customers who greenlight their identity being used is ideal. But don’t sleep on anonymous customer data just yet.
The thing is, collecting anonymous testimonials and data through surveys is still valuable—as long as it’s third-party validated. In fact, several UserEvidence customers have anonymized testimonials in their evidence libraries, like HackerOne:
Kaitlin echoes this practice, saying Vanta finds value in anonymous testimonials: “When it comes to user evidence, we have what we call microsites. If we include anonymous quotes there, we make sure to balance them with non-anonymous ones. The goal is to reinforce that while an anonymous quote may feel less reliable, its content is valuable—and we back it up with other verified sources to ensure credibility.
But what does third-party validation actually mean? It’s simple: Third-party validated testimonials are collected by an unbiased third-party vendor, so potential buyers know you also walk the walk.
Collecting third-party validated quotes reinforces the credibility of the source—something that often gets lost in unnamed testimonials or stats—and can be an unsuspecting way to build trust and credibility.
Open the curtain and let the trust in
“Once you provide complete visibility into your actions, people can see it themselves. And once they see it, they believe it,” says Nav, who’s used this strategy to build trust with executives at ADT—and other major brands—and get their buy-in for case studies and other customer evidence.
That’s the key to building trust with cybersecurity professionals—giving them a peek behind the scenes and opening the curtain enough to show you’re the real deal.
Pair that with genuine partnership, meaningful incentives, and good intentions with data, and you’ll have a winning formula to get even the most skeptical cybersecurity pros to go on record.
Remember: They’re not trying to make your life difficult. They’re humans with real worries rooted in the digital darkness they see daily. So be the light and show them you’re a partner they can trust.
Ready to turn skepticism into trust with UserEvidence? Head over to our Demo Ranch to click around for yourself.
