Building Trusted Customer Advocacy in Cybersecurity: Insights from Industry Leaders

In cybersecurity, few things are as valuable—or as difficult to secure—as a genuine customer endorsement. Buyers are far more likely to trust the word of a peer than the promises of a vendor, yet legal, compliance, and privacy concerns often stand in the way.

At one of the industry’s largest global gatherings, we spoke with dozens of cybersecurity marketers, product leaders, and executives about how they navigate these challenges. The conversations revealed why advocacy is uniquely hard in this field—and what’s working to overcome those barriers.

In this recap, we’ll break down the biggest challenges cybersecurity companies face in capturing and using customer proof, share tangible strategies, and highlight direct insights from security marketing leaders.

Why Advocacy in Cybersecurity Is a Different Game

Cybersecurity buyers operate in a world where disclosure is risky by default. Publicly naming a security vendor can inadvertently reveal an organization’s technology stack, vulnerabilities, or incident history. That means even the happiest customers may be reluctant—or prohibited—from speaking on the record.

This dynamic creates a set of consistent challenges for advocacy programs in the sector:

• Prolonged approvals for public-facing content
• Strict governance controls limiting how customer stories can be shared
• Small advocate pools in which burnout happens quickly
• Mismatched expectations between vendors and customers on what’s possible

At the same time, customer advocacy carries more weight here than in almost any other industry. As one marketing leader put it:

“They don’t want to hear from us—they want to hear it from their peers. It’s more about how we bring value to our peers in this community.” — Maor Franco, CyberArk

The good news: security leaders are finding creative, proven ways to overcome these challenges.

Three Pillars of Effective Customer Proof in Cybersecurity

Through a series of on-site interviews, six industry experts shared how they approach advocacy—and what others can learn from their experience.

We asked attendees two core questions:

• How important are customer testimonials and evidence in cybersecurity?
• What are the biggest challenges in capturing them—and how do you overcome those challenges?

Here’s what they said—along with ideas you can put into practice.

‍

‍

Pillar 1: Make Customer Proof a Partnership, Not a Transaction

Featuring Maggie Splaine (Keyfactor), Amanda Mussynski (Menlo Security), and Gagen Singh (Elastic)

The strongest advocacy stories don’t start with a request for a testimonial—they start with a relationship.

Maggie Splaine explained:

“It’s all about getting to know your customer and working within what they can do, within their guardrails. Sometimes in cybersecurity, you can’t properly name a customer. There are so many other ways to get that validation—through reference calls, through internal-only stories. It’s about meeting them where they’re comfortable.”

Gagen Singh agreed:

“We approach every customer relationship as a partnership. If you do that well, they’re more likely to champion you—because they see you as invested in their success, not just your own.”

Amanda Mussynski added:

“Relationship building is our core. We’ve had repeat customers join us at events to speak directly with other prospects—because they trust us.”

Actionable Takeaways:

• Start advocacy conversations early in the customer lifecycle—ideally during onboarding or right after early wins.
• Offer multiple participation options (anonymized quotes, NDA-only reference calls, closed-door roundtables).
• Invest in trust-building moments like advisory boards, executive briefings, or joint product innovation sessions.

Pillar 2: Remove the Friction from Approvals and Sharing

Featuring Maor Franco (CyberArk) and Andy Gepert (ZeroFox)

Even when customers are willing to participate, approval cycles can drag for weeks—or stall completely.

Maor Franco explained:

“In cyber, you don’t usually like to show your cards. Often it’s not the person who enjoys the product that says no—it’s other stakeholders internally who slow things down.”

Andy Gepert added:

“If someone’s giving a good review on a security solution, it probably means they had a security problem. That can be difficult in this industry. But if you make your customers happy, it makes it much easier to get their buy-in.”

Actionable Takeaways:

• Provide pre-approved content frameworks to make legal and PR reviews faster.
• Use staged approvals—get agreement on the “story outline” before final production.
• Track all consent and usage rights centrally so it’s easy to renew or audit later.

Pillar 3: Get Creative with Anonymity and Internal-Only Proof

Featuring Ashish Kuthiala (BlinkOps) and Gagen Singh (Elastic)

When public attribution is impossible, you can still extract meaningful proof through anonymized or private storytelling.

Ashish Kuthiala said:

“You want the people you’ve helped to talk about you versus you talking about yourself. Even if they can’t share every detail, they can still validate your value.”

Gagen Singh pointed out:

“A lot of people want to keep their security challenges private. That’s fine. You can still build powerful stories by focusing on the outcomes—reduced incident time, improved compliance—without disclosing sensitive details.”

Actionable Takeaways:

• Develop “blind” case studies that highlight industry, size, and results without naming the customer.
• Host private advocacy sessions where customers share under NDA.
• Focus on quantifiable outcomes (time saved, threats reduced, compliance achieved) instead of logos.
  
  

From Insight to Execution

These conversations reveal a clear truth: in cybersecurity, customer proof isn’t about producing the flashiest public case study—it’s about enabling customers to advocate in ways that feel safe, respectful, and valuable for them.

For vendors, that means building advocacy programs with:

• Flexibility — Participation options that fit customer comfort levels
• Efficiency — Clear, repeatable approval processes
• Creativity — Using anonymity and private channels to extend proof beyond public constraints

When advocacy is treated as a long-term partnership rather than a marketing checkbox, it not only generates better proof—it strengthens trust, deepens relationships, and helps vendors become a true part of their customers’ success stories.

As Maggie Splaine put it:

“It’s about knowing what your customer is willing to do, and then giving them the opportunity that works for them.”

Practical Tips for Overcoming Advocacy Barriers in Cybersecurity

Offer Multiple Sharing Options‍

Public case studies aren’t the only game in town. Allow customers to choose between anonymous quotes, gated microsites, internal enablement materials, or private reference calls.

Build a Compliance-First Workflow‍

Engage legal and security teams early. Pre-approve content formats, anonymization levels, and usage rights before asking the customer for their story.

Use a Private-First Publishing Model‍

Share stories internally or in controlled prospect microsites first. If the customer gains comfort over time, seek permission to expand to public use.

Implement Fatigue Guards‍

Limit the number of requests per advocate. Rotate champions so the same customers aren’t tapped repeatedly, which can lead to burnout.

Leverage Industry Events as Advocacy Catalysts‍

In-person gatherings like Black Hat provide a rare opportunity to capture customer stories, even if they start as anonymous or internal-only assets. Bring a content capture plan.

Position Value Beyond Marketing‍

Advocacy isn’t just a marketing play—it’s a sales, product, and customer success tool. Emphasize the business impact of peer proof on deal velocity and win rates.
‍

Closing Considerations

Cybersecurity advocacy isn’t about scaling to hundreds of public case studies—it’s about creating a system where every willing customer can safely share their story in a way that works for them. By combining compliance-ready processes with genuine relationship building, vendors can unlock advocacy that accelerates deals, strengthens trust, and protects customers.

If you’d like to see how this can work in practice, download our Cybersecurity brochure or book a meeting with our team.

‍