In cybersecurity, we continuously use the word “trust” in all kinds of contexts: trusted partner, zero trust, digital trust, and more.

But what does it mean for you?

Building Trust as a Service Provider – It’s a process

Telling someone to trust you doesn’t make it happen by magic. Someone has to take a leap of faith, take a chance, and accept some risk that the results may not be what they expected. We do this repeatedly, and as we see positive results or go through a positive experience, we become confident about future results and experiences.

We start to trust.

Think of the last time you discovered a new restaurant in your neighborhood. You’re greeted with a smile, the environment fits your mood, and people enjoy themselves. You order your meal, the food tastes incredible, and the service is excellent! But it doesn’t stop there; every time you go back, you have a great experience, and if there’s something wrong, the staff does what it takes to make things right.

What’s not to love?

You bring your friends, family, and, depending on your social media appetite, you post photos and positive comments for everyone to see.

You trust this restaurant!

How can we do the same in cybersecurity?

Create a client-focused process.


The challenge here for providers is reaching out to all the potential customers who don’t know about their solution or service. How do we get their attention?

There are many ways to try and grab a potential customer’s attention: Ads, conferences, webinars, videos, online communities, social media, and your website. We will focus on social media and the website, as the barrier to entry is very low, and the principles can be applied to all other areas.

Tip: Why do we create content? To build connections over time. Readers may be interested in learning more about what CYDEF does as they go through some of the content.

Whether it’s a social media post or a website, think about your audience.

    • What need do they have? Have they even identified the need?
    • Does your audience have a technical background?
    • Do they understand the risks your product or solution addresses?
    • Continuously refine your message based on whom you need to connect with.

In cybersecurity, I feel we’re sometimes stuck between a rock and a hard place, especially if you’re a startup. Many potential customers want others to validate your solution before they become clients.

For our part, our initial customers came from personal relationships, and we grew from there. Today, we’re regularly asked, “Are you in XYZ report/quadrant?” Our website started with Managed Detection and Response, hoping we would attract potential customers by using an existing term that resembled our service.

While that strategy worked, our sales team had to spend a lot of time explaining what we do (detect and stop attacks on endpoints) and how (by investigating 100% of unknown activities). As our client base has grown, so has our confidence. We now focus on Managed Threat Hunting, which matches the process and technology we’ve developed.


Everyone makes comparisons, and in cybersecurity, it’s easy to state, “No one else does what we do”. However, it may be more accurate to say that no one else uses the same process to provide the stated outcomes, which is why we believe our solution is more effective.

Another issue for buyers is that most vendors won’t admit their limitations, weaknesses, or dependencies. If every product, solution, and service lived up to the hype, cyber-attacks would be reserved for the military. Trust increases at this stage when we can talk openly about what can and cannot be accomplished.

Thinking back to our restaurant example: You review the menu, portion sizes, and price, and decide what to order. Worse case, nothing on the menu matches your craving, and you leave politely. In cybersecurity, we’re often focused on telling people we’re the best, but how can that be the case if we don’t understand our client’s environment and needs? For our part, we’ve combined our technology and service as WE believe it’s what most clients want. That doesn’t mean it’s the right solution for everyone. Some only want a tool; they’re building their internal teams and want to keep the expertise in-house. Based on that feedback, we’ve adapted our solution for customers wanting more control.

Creating a list of technical features to compare with competitors can be helpful, but don’t forget that potential customers might compare you with something very different. Going back to restaurants: the first comparison may be on the type of food vegetarian, Indian, Italian, and more), and not “Which Italian restaurant shall we go to?”. The people involved in the decision will also influence the comparison criteria.


This is the easy part! Your server stops at your table, and you tell them what you want. But then, depending on the chosen meal, they may have questions: how spicy, sauce on the side, any allergies? Once you’ve given all the information, they leave and pass the order. Once ready, the wait staff brings your meal. Is it what you asked for? Is it cooked the way you wanted?

Like our SMART-Monitor platform, many cybersecurity solutions today are software-based, which can simplify the order process: provide contact information, number of licenses required, payment information, and voilà! Your order is confirmed, and you receive information on accessing what you’ve bought: Portal access, download links, and so on.

Contrary to food, a cybersecurity solution or service can rarely be judged in a few seconds or minutes. You may need to connect to a portal, configure some settings, and time must pass to see results.

It’s all part of the Experience, and we’ll dive into that next.


Now that you have access to what you’ve purchased, you start poking around the interfaces, installing the components as needed, and discovering features on your own.

Our experience with cybersecurity solutions will vary depending on the objectives: Protect, Detect, Respond, Encrypt, Authenticate, Obfuscate, Monitor, and more. For Detection and Response solutions, one answer you may be looking for is that the tool, solution, or service stopped X number of attacks. Easy, simple to understand.

But does that single metric alleviate your concerns? Do you feel safe?

That feeling of safety, of being secure, comes from trust. That’s what clients are looking for. Since they’ve ordered your product or service, it’s all good, right? Not so fast. Were expectations clearly set? Did the customer understand what they had to do on their end?

As a service provider, it’s tempting to create great dashboards and widgets with flashing lights and metrics that say, “We’re working hard to protect you!” But does that help customers and partners? They want to know if they need to act, respond, or improve.

At CYDEF, we’ve addressed this by building our platform and service based on transparency and a straightforward approach to detecting threats. Known threats are handled by automation to initiate our incident response process. All unknown activities are investigated, classified, and responded to according to the classification. Malicious threats are contained, and policy violations are reported. Clients can access all the data we collect and see our decisions. Our dashboards will show incidents and trends, and our objective is to help clients lower the number of incidents over time. Because the opposite is also true: Having nothing bad or concerning to report is a good thing!

You are informed every step of the way.

Last but not least, our team is there to help, whether it’s through tickets, chat, or a call, our mission is for everyone to feel safe to do business online.


At the restaurant, you’re constantly evaluating the service; while you wait, during the meal, and after you’re done. The food is one component; as important as it is, the overall experience should be memorable.

The bill: Are there any mistakes? Did you get the bill before you had a chance to order something else? Did you get value from the service?

In cybersecurity, we often focus on tools, automation, and AI. But technology doesn’t work forever, and you need people to solve problems. Customer feedback is often about what’s not working and what could be better. How are you handling that feedback? How do you bounce back after a failure?

This applies to all businesses: Being upfront about the issues, explaining how you will fix it, and later, following up with an improvement plan builds trust.

Trust and transparency are part of our core values here at CYDEF. Contact us today to learn how we can help you or your customers feel safe to do business online.

Elana Graham, COO, CYDEF
Elana Graham