Ronin | Cybersecurity GTM Experts

Tell me you're a scam without telling me you're a scam. Did you know—Gartner actually has 122 different "Magic Quadrants" ? One of the first things we do at Ronin is audit everything you do—including your budget. 99% of the time, I can find money in these 2 places almost immediately—and a lot of it: - Your tech stack - Gartner GTM tech stacks are a whole other conversation, which I'll get to eventually, but let's talk about the biggest scam in tech marketing, Gartner. (Add any other giant analyst firm to that list while we're at it. I just have a particular hate towards Gartner.) If you think being in one of these quadrants means anything more than you’ve paid Gartner’s extortionate fees, you’re fooling yourself. Gartner’s 122 Magic Quadrants are a monument to the absurd lengths companies will go to for perceived legitimacy. CEOs and CMOs need to wake up and realize that wasting their marketing budget on this pay-to-play nonsense is not going to make their companies successful. Smart buyers see through the bullshit. Behind closed doors, your potential customers are laughing at this. Gartner’s Magic Quadrants have become a joke, a meme passed around Slack channels. And here’s the kicker—early-stage startups, with their razor-thin marketing budgets, blow their entire stash trying to get into one of these quadrants, thinking it’s going to catapult them to success. It’s where the out-of-touch vendors go to flex their wallet muscles, not their brains. You think you’re impressing them, but really, you’re the butt of the joke. They know that being in a Magic Quadrant doesn’t automatically mean you’re the best; it just means you’ve got deep pockets. Trust is earned through real innovation and results, not by buying your way into a list. Instead of feeding the beast, focus on what really matters—literally anything else. (You thought I was going to say providing value, focusing on your product market fit, etc., right? Nope, you all already know that. I don't care what you do as long as you're not giving these idiots more money.)

Tread lightly cybersecurity buyers—If a cybersecurity vendor says they use AI without explaining how or what it actually is, you can safely assume two things: 1. They're an idiot. 2. They think you're an idiot. I see this every single day at Ronin. A prospect engages with us to set up a meeting, and we start doing research for disco. First up, their website—Whoop, there it is! "Next-gen, AI-driven, Blockchain Enabled, Zero Trust, Quantum Resistant, Single Pane of Bullshit." Look—Being the cybersecurity marketer that's literally built their career on the back of wildly radical candor, there's one thing I immediately do during that discovery call: Temper Expectations. I will Gordan Ramsay them so fast. Here's the hard truth: If you’re a vendor that’s throwing this buzzword around without understanding how it works, your messaging is 100% getting laughed at and passed around Slack channels where you look stupid and out of touch. Declaring the use of AI without substance is a dazzling display of idiocy. It's like a chef saying they cook with food—congratulations dipshit, here's your Michelin star. When a cybersecurity firm claims to use AI without giving a clear explanation of how it integrates with their solutions, it’s not just a marketing faux pas; it’s a red flag. Red flag isn't good enough—It makes you look like an idiot. In the same vein as "Influencer" or "Thought Leadership", it’s an empty statement devoid of insight, devoid of innovation, devoid of the very intelligence they’re claiming to harness. Assuming the audience won’t question the ‘how’ patronizes the very people you’re trying to impress. It underestimates the intelligence of consumers and professionals alike, who are more than capable of understanding, or at least appreciating, the complexities behind true AI. Listen to me—Tie the efficacy of your solution to business outcomes & actual pain points without using the word AI. That is how you do it. Yes, it can be done. And yes, you have my permission to tell your product people to kiss your ass. Are you a cybersecurity vendor that has "AI" anywhere in your messaging? Free consult, on the house. DM me.

Recently hopped on call with The Grumpy CISO himself, Jason Alexander. Let me tell you—He ran out of mics to drop... Let's break down this absolute legend's outlook on cybersecurity marketing: • Cold Calls and Spam Emails Are Dead Ends The Grumpy CISO doesn’t answer his phone unless you’re in his contacts. And he’s not alone in the countless people wanting "just ten minutes" of his time. Multiply that by the dozens of vendors vying for attention, and you’ll understand why your cold calls and spam emails are not just ineffective—they’re counterproductive. • Persistence Can Make You the Enemy One sales guy told the Grumpy CISO his strategy was to keep sending stuff until he got a response. Guess what? All that did was make him grumpier, and I don't blame him at all. You don’t win points for persistence; you lose credibility. • If You’re Fresh Out of Stealth Mode, You’re a Risk This one will be a wake up call for most cybersecurity startups. The Grumpy CISO has no interest in startups fresh out of stealth mode. The odds are high that they won’t be around in a couple of years anyway. Sidebar: Ronin doesn't work with any startup in Stealth mode for a similar reason. • Your Real Audience Is the Team The CISO made it clear: it’s the team, not the top execs, who will use your product daily. Of course I preach this until the cows come home. If the team isn't sold on it, it doesn’t matter how well you pitch to the CISO—You gonna lose. • Ethics and Gifts: Just Don’t In many sectors, unsolicited gifts can backfire spectacularly. Jason actually shared something I don't think any marketer even considers—how he has to return unsolicited gifts at his own expense, thanks to strict ethics rules. It’s not just annoying—it’s a deal-breaker. My conversation with the Grumpy CISO was a masterclass in what not to do as a cybersecurity marketer. His insights were brutally honest and incredibly valuable. This is the kind of stuff you need to be paying attention to if you're a marketer in this industry. Do your qualitative research, have some brutally honest conversations, and get to work. Go visit TheGrumpyCiso[dot]com right now.

Listen—I watched Se7en last night because I lost the Roku remote. Here are the 7 Deadly Sins of Cybersecurity Marketing: What's in the box? • Pride—Selling features instead of solutions. Nobody gives a shit about your cutting-edge, AI-driven, blockchain-integrated, multi-layered threat detection—nobody. They care about how your thing makes their lives easier. If you're not tying the efficacy of your solution to exactly that message, you're going to be DOA. • Lust—Putting CISOs on a pedestal I've preached about this ad nauseum, but it needs repeating. If you are completely ignoring practitioners, the people that will actually be using your tool, walk to the nearest mirror and hit yourself in the face as hard as you can. I don't care what the "old guard" or your VC's tell you—treating CISOs as the holy grail of security segmenting is the fastest way to ruin your entire company. • Sloth—Neglecting Brand Building In your mad rush to market, you’re probably ignoring the importance of brand building. It’s your reputation, your promise to customers, and what sets you apart in a crowded market. Without a strong, trustworthy brand, you’re just another faceless entity screaming into the void. Listen to what I'm about to say—Brand is what people say about you behind your back. Marketing is how you try to affect that. Do not forget this. • Gluttony—Over-Reliance on Cold Outreach If you think you're going to build a company by sending cold emails and making cold calls to the most intelligent, skeptical buyers on the entire planet, I've got some news for you, go back to the mirror... And so help me Jeezus—If you send another email with a link in it to your audience, I'm calling the police. Those levels of thermonuclear cognitive dissonance are reserved for MarTech. You should know better. • Envy—Underestimating the Competition Not enough people talk about this. Everybody wants to be super cheery about welcoming competition and the "spirit" of it...or whatever. You need to understand that if you're going up against the big dogs in, let's say, paid search for example, they're going to immediate crush you like the cockroach you are. They can outspend you without blinking. You've got to look at competitive analysis from every angle and do what you can with what you have. • Greed—Not Doing Qualitative Research I'm not going into this—Talk to your people, period. If you're assuming you know everything about your audience & buyers, gods have mercy on your soul because they're going to eat you alive and throw you to Reddit to pick the bones. Numbers don't tell the whole story, folks. • Wrath—Overcomplicating Your Message Nothing infuriates buyers more than not being able to figure out what you do. Your audience is made of human beings. You know, people....like you. I don't care how complex an industry security is—If your message requires a PhD to understand, you’re doing it wrong. Hire Ronin—We don't let clients screw this up.

I love theory-crafting, and this is one of those thought experiments I love. If I built a cybersecurity GTM team today, here are my first 2 hires: A Behavioral Psychologist and an OSINT analyst—No, I'm not joking. There's a huge gap somewhere in the middle of product marketing, outbound sales, and the C-suite a mile wide that really, really bugs me sometimes. Look—Hiring a Behavioral Psychologist and an OSINT Analyst for your GTM team in cybersecurity might sound batshit crazy, but that’s the whole idea. You aren't thinking outside the box, you're burning it to the ground. Move over Product Marketers & Demand Gen snobs... Here's how this deadly combination would put you two to shame: Behavioral Psychologist • Develop psychologically-driven personas rather than shallow demographic data • Train the sales team to improve their interactions with prospects & customers • Optimize website & content layouts to maximize user engagement • Analyze customer feedback to identify psychological patterns • Segment target audiences based on behavioral triggers • Create content that builds trust and credibility • Conduct extensive qualitative research OSINT Analyst • Provide insights into emerging cybersecurity threats to inform content creation • Continuously monitor competitors' activities, campaigns, and public sentiment • Analyze what content & message resonates most with the target audience • Identify key influencers in the cybersecurity space to collaborate with • Illuminate "Dark Social" to gauge public sentiment about your brand • Identify regions or sectors with the highest demand or interest • Inform sales outreach with hyper-personalized messaging DISCLAIMER: Before you say, "Hey dipshit, a lot of those things are already done by PMMs, etc."... Yes, you're correct. Here's the key difference—These two people approach these activities from completely different angles and accomplish these things in very different ways. Which, I'm betting on them being more valuable & more efficient, given their respective approaches. Am I saying it would work? Not exactly sure yet. Does it make sense in my head? You bet your ass it does.

This can be really, really hard to figure out for a cybersecurity marketer. Listen up—Here are the subtle hints your product might suck: The obvious answer is to talk to your customers. Well, that's not always an option for a lot of reasons. Let's dive into the more subtle, yet telling, indicators that your cybersecurity product might be falling short. These are the things your average marketer or salesperson might overlook but can make all the difference in diagnosing a subpar product. • Lack of Integration with Other Tools Nobody wants a "single pane of glass" — Quit saying that dumb shit. They want your thing to integrate with their thing. If there's a serious lack of integrations, there's an excellent chance you're going to have a bad time. • Sales Can't Close Anything To the untrained eye, this seems like an obvious "Hey, let's shit on sales" conversation. Not always the case... Start talking to sales in private Slack messages about how their conversations are going and what's 𝘳𝘦𝘢𝘭𝘭𝘺 being said. • Low Trial Conversion Rates If your product offers a trial period and few trial users are converting to paid customers, that’s a red flag. Same goes for full-blown POCs. Get with your SE or whoever does demos/trials and start asking questions. • Poor User Interface (UI) and User Experience (UX) Here's an often overlooked red flag nobody thinks about—Is your product ugly? If customers frequently comment on how difficult the product is to navigate, that’s a problem. • High Volume of Feature Requests While feature requests are generally good, an overwhelming number of them is a huge red flag. Particularly in the startup world, sometimes you're stuck marketing a product that has no right even entering the market yet. You need to sniff these out before you ever go to work for one. • High Support Ticket Volume Yeah, find me a marketer that's looked at support tickets before... I'll show you an absolute badass. This is where dreams go to die, so prepare yourselves. • Unfavorable Competitor Comparisons    When you look at their website, do you ever get the "oh damn, this is sharp" feeling? Time to see just how much playing catch-up you're willing to tolerate. • Lack of Clear Product Roadmap If your product team/founder/whatever doesn't have a clear plan for the future, you're up shit creek without a paddle. Security products have to be constantly iterating and evolving—you should know this. Ok, security homies—what did I miss? Help these marketers out, please.

How many times do I have to say this? Bribing cybersecurity buyers does not work. You think throwing some digital breadcrumbs at a security professional is going to make them fall over themselves to get on a call with you? Give me a break. Here’s what actually happens when they get this kind of nonsense: they send it to me, and we have a good laugh about it. Because if there’s one thing CISOs love, it’s seeing just how clueless some marketers are about the cybersecurity space. Instead of insulting their intelligence with cheap tricks, try this—offer real value. Give them something that actually makes their job easier. Show that you understand their challenges. Provide insights that matter. But no, some of you are stuck in the mindset that throwing money at the problem will make it go away. Newsflash: it won’t. If you want to make an impact, start by respecting their time and intelligence. Next time you think about sending a gift card to a CISO, save yourself the embarrassment.

Security vendors looking for a marketing agency have it rough... Here's how Ronin's new website will address that next week: Marketing agency websites are usually a bunch of nonsensical, nebulous buzz phrases will little mention of exactly what they do, who's a good or bad fit, and much less—actual pricing. We're changing all of that, and here's how: • Language That Actual Human Beings Use There's a formula that a lot of home/landing pages follow that's being over-used by SaaS companies. It works, sure, but it's 100% a formula that's also incredibly generic and shows zero personality. Using language that actual humans use, rather than blatantly formulaic, conversion-focused buzzwords is a secret weapon. For example: Seeing Pricing is really rare in the experience that most marketing agency buyers have while evaluating agencies. So, it's safe to assume that we can use the copy in the hero on Pricing to answer what they're saying to themselves as they see a place to find pricing—creating a more conversational tone. "a Pricing Page?! I know, right?" (or something like that TBD) Another would be the button on the home page. With the subheading claiming we drive pipeline in 90 days with campaigns that show security pros you actually know what the hell you're talking about, let's not beat around the bush—Start the Clock. • We're Gettin' Real Sassy With It Showing exactly why cybersecurity vendors should hire Ronin is incredibly important—he said, stating the most obviously obvious thing ever spoken in the Queen's English. That means making bold statements every now and then that are major differentiators without pulling any punches. For example: A lot of agencies in our space call themselves "Cybersecurity Marketing Agencies" but have little to no understanding of what the hell they're talking about. They call themselves that strictly on the fact that they exclusively target the industry. So, we call that out (amongst other things) • Playing the Uno Reverse Card on Social Proof Most agencies have to beg for social proof from clients. Hell, most vendors do too. The issue here is that marketers knows how unreliable those can actually be. We're changing the game—Instead of testimonials from clients, you'll find endorsements from CISOs & practitioners. Why? Because we validate that we know what we're doing, straight from the buyers on the receiving end. There's a huge difference between hearing an agency's client blowing smoke up your ass and hearing a CISO say, "These people create marketing campaigns that I actually engage with." Here's what else to expect: • Clear messaging on who's a perfect fit & who's not • 100% un-gated resources for security vendors • No chatbots, popups, or other annoying bait • Social proof from actual buyers • Zero marketing emails—ever • Clear pricing, no surprises Wooboy... I love new website launches. This is going to be awesome. Gets me all giddy.

I’m so sorry—I’ll show myself out.

Hill I’m dying on—The single biggest mistake that security vendors make is this: Treating CISOs as the holy grail of audience segmentation instead of winning the hearts of the practitioners that would actually be using their tool and turning them into internal evangelists—that will sell the tool for you. That’s what I commented on Kane N.’s post where he brilliantly commented on the state of private CISO events. The conversations in the comments were full of CISOs and practitioners alike, all giving their expertise & invaluable insights. If you are a marketing or sales professional in the cybersecurity industry, this is exactly why I tell you to stop following marketing influencers and start following your audience. You are missing out on the largest gold mine of qualitative insights on the planet. And those that see the value in taking part in this dialogue and actively listen are going to win—and win BIG.