Why Some Marketing Agencies Are Doing a Deep Disservice to Cybersecurity Marketers

This might be the spiciest piece I write for a while.

Or at least until the next wave of shady marketing tactics decides to crawl out from the dark recesses of the digital world.

Why am I writing this?

Because the last year has been an onslaught of WTF moments courtesy of marketing agencies and software startups claiming to “understand” the cybersecurity industry and the very people protecting the digital (and physical) frontlines.

Spoiler: they don’t.

And I’ve had enough.

There were the lampshades. 

(Yes, that infamous Palo incident—I didn't want to touch it with a ten-foot pole, but here we are.)

Then came the most basic, regurgitated “How to Do Cybersecurity Marketing in 2024” guides.

You know, the ones filled with “tactics” that are as actionable as telling a fish to climb a tree.

But the cherry on top?

This week’s train wreck (I agree with Rock Lambros here):

A LinkedIn ad from Presspool comparing cybersecurity professionals to Sydney Sweeney in a raunchy dress. (I think that’s who it is?)

The goal, apparently, was to differentiate “ads and self-promotion” from “referrals and experts.”

Instead, it made one thing crystal clear:

Some marketing agencies have no clue how to operate in this space—and it shows.

Before we dive in, don’t forget to subscribe to The Cyber Brain and join 1700+ cybersecurity marketers and sales pros mastering customer research.

Why Is This Infuriating?

I’m damn pissed and, frankly, fed up. Because this isn’t an isolated incident.

It’s yet another example of a “marketing company” exploiting the cybersecurity industry, opportunistically treating it as just another vertical to squeeze revenue from.

No nuance.

No understanding of the challenges marketers in this space face.

Just profit over people.

When agencies churn out tone-deaf campaigns, they aren't just an annoyance.

They actively damage the credibility of the marketers they’re supposed to support.

Think about the ripple effect:

Buyers see this nonsense and assume the marketers on the other side either approved it or worse, think it works.

Suddenly, trust—already extremely hard to earn in this industry—is chipped away even further.

Here’s the thing:

Cybersecurity marketing isn’t like other industries. 

The dynamics are fundamentally different.

And the last thing this space needs is more noise.

Why Marketing Agencies That Don’t Do Their Research Are a Problem

Marketing agencies targeting cybersecurity companies without understanding the industry are more than just an inconvenience—they’re a liability to the very marketers they claim to help.

These agencies operate with a reckless combination of arrogance and ignorance, leaving a trail of damage in their wake.

Let’s break down why this is such a massive issue:

1. They Treat Cybersecurity as “Just Another Vertical”

To these agencies, cybersecurity is just another industry to tack onto their portfolio of clients.

They slap a “cyber” label on cookie-cutter tactics that worked in SaaS or fintech and hope it resonates.

Cybersecurity isn’t a vertical; it’s an ecosystem with its own language(s), challenges, and deeply entrenched dynamics.

By ignoring this reality, these agencies reveal their profit-over-people mentality. 

They’re not here to solve problems or provide value—they’re here to squeeze money out of the latest "hot" industry without doing the foundational work to understand it.

2. They Prioritize Tactics Over Strategy

Every pitch from these agencies is the same:

LinkedIn ads, SEO tricks, email cadences, MAKE A PODCAST!, maybe a whitepaper or two.

It’s a barrage of tactics without substance. 

But tactics without a solid strategy are like throwing spaghetti at the wall—sure, something might stick, but most of it won’t scale growth without a solid foundational strategy.

What’s worse?

These tactics are often completely detached from the realities of effective cybersecurity marketing. 

Sending another generic 5-email nurture sequence isn’t going to sway a skeptical, overloaded CISO.

Running flashy ads with zero technical depth won’t make you stand out in a saturated market.

Running a content syndication campaign to capture leads with the hope of turning that into opportunity—forget it.

Instead of doing the hard work—buyer research, messaging workshops, and market analysis—these agencies take shortcuts.

And who pays the price?

The in-house marketers stuck explaining to their leadership why pipeline hasn’t moved up and forward.

3. They Add Noise Instead of Value

Cybersecurity is already drowning in noise.

Thousands of vendors are vying for attention, attempting to persuade buyers with the same tired buzzwords: “zero trust,” “next-gen,” “AI-powered.”

What do these agencies do?

They amplify the noise.

Their campaigns often lack originality, relying on overused jargon and shallow messaging that contributes to buyer fatigue.

When every vendor sounds the same, buyers tune out—and the entire industry suffers as trust erodes further.

The irony?

These agencies are supposed to help marketers stand out.

Instead, they push generic campaigns that make their clients look like every other vendor.

It’s lazy. It’s uninspired.

And it’s a disservice to the marketers busting their asses to differentiate their brands in a cutthroat industry.

4. They Don’t Understand the Buyer

If you asked one of these average agencies to describe a day in the life of a CISO, a security engineer, a SOC analyst, or any other function in the security organization, they’d probably fumble through a vague answer about “protecting networks” or “fighting threats.”

Or “hacker this, hacker that.”

That’s because they haven’t done the work to truly understand the cybersecurity buyer—who they are, what keeps them up at night, and how they make decisions.

Cybersecurity buyers can sniff out inauthenticity from a mile away. 

They’re hyper-intelligent, skeptical, and deeply technical.

When agencies fail to do their homework, they create campaigns that feel disconnected and surface-level.

This doesn’t just hurt their clients’ credibility—it actively wastes the time of buyers who are already juggling too much.

5. They Use Vanity Metrics to Justify Their Worth

“Look at all these impressions and leads!” “We increased your clicks by 300%!”

Vanity metrics are the bread and butter of agencies that can’t deliver real results.

Impressions and clicks don’t mean shit if they don’t translate to pipeline and revenue.

Cybersecurity marketers aren’t solely looking for engagement—they’re looking for measurable, tangible outcomes.

They want to know:

• How many sales qualified leads and did this campaign generate?

• How much qualified pipeline was influenced?

• How many deals closed because of this initiative?

Agencies that hide behind vanity metrics are either unwilling or incapable of driving real business impact.

6. They Perpetuate Mistrust

Cybersecurity is built on trust.

Vendors spend months, sometimes years, earning the trust of their buyers through thoughtful engagement, strong products, and a commitment to solving real problems.

(It took us three years to organically develop our community to 700+ vetted security practitioners in The CyberNest!)

One poorly executed marketing campaign can unravel that trust in an instant.

These agencies don’t just fail to build trust—they actively destroy it.

Whether it’s a tone-deaf ad (looking at you, Presspool), misleading claims, or cringe-worthy outreach tactics, their work sends a clear message to buyers:

This vendor doesn’t understand you and they don’t deserve your attention.

For an industry already plagued by skepticism, this is catastrophic.

Every time a buyer encounters a bad campaign, it reinforces the stereotype that marketing is nothing but noise.

And that hurts all of us.

7. They Exploit the “Cybersecurity Boom”

Cybersecurity is a hot industry and these agencies see dollar signs.

They market themselves as “experts” in the field, despite having zero experience or credibility in the space.

(Take a two minute look at Presspool’s team - you’ll understand what I mean).

Their goal isn’t to help marketers succeed—it’s to ride the wave of growth until the next trend or flashy vertical comes along.

The cybersecurity space and the people working hard to maintain progress deserve better than to be treated as a cash grab by opportunistic outsiders.

8. They Undermine the Marketers Who Know Better

Perhaps the most infuriating thing is how these agencies make life harder for the marketers who actually understand the space.

In-house teams often have to clean up the mess these agencies leave behind—explaining failed campaigns, redoing messaging, and salvaging relationships with skeptical buyers.

What’s worse?

Leadership teams, dazzled by slick agency pitches, sometimes blame their in-house marketers for not achieving results.

It’s an infuriating cycle, and it’s entirely avoidable.

So, What Can We (and the Very Marketing Agencies I’m Talking About) Do About It?

CALL. OUT. THE. BULLSHIT.

And continue set a higher standard for cybersecurity marketing.

We have to continue to put an end to the nonsense tactics that plague our industry.

Here’s how we can raise the bar and create marketing that not only works but respects the intelligence and needs of our buyers:

1. Vet Your Partners Ruthlessly

Not all agencies are created equal and the stakes in cybersecurity are too high to trust just anyone.

Before you partner with an agency, take the time to rigorously evaluate them.

Here’s how:

Dig Into Their Process

Ask them to walk you through how they develop their strategies.

Are they starting with buyer research and market insights, or are they jumping straight to ad campaigns and email templates?

If they can’t explain their process in detail, that’s a red flag.

Assess Their Industry Knowledge

Quiz them on the basics of cybersecurity.

Can they articulate what basic terminology in the space or in your domain means?

Do they understand the difference between your cybersecurity buyers?

If they’re clueless about your industry’s language and pain points, they’re not the right fit.

Demand Proof of Results

Ask for case studies, metrics, and examples of past work specific to cybersecurity.

Don’t settle for generic marketing achievements like “we increased clicks by 300% or generated X amount of leads.”

Push for hard numbers tied to pipeline growth, deal velocity, or revenue impact.

Be Relentless in Asking Questions

This is your business and reputation on the line.

If their answers feel rehearsed or surface-level, keep pressing.

A great partner will welcome tough questions and provide detailed, transparent responses.

2. Educate Yourself

One of the best defenses against predatory agencies is knowledge.

The more you understand your buyers, your market, and effective marketing principles, the harder it will be for anyone to sell you on gimmicks.

Here’s how to stay sharp:

Invest in Buyer Research

Regularly talk to your audience.

Understand their pain points, challenges, and what they look for in a vendor.

First-hand insights are invaluable and will help you separate good advice from noise.

Stay on Top of Industry Trends

Cybersecurity is constantly evolving.

Subscribe to credible industry publications, attend webinars, and follow subject matter experts who provide actionable insights, not fluff.

Learn What Truly Resonates

Track which campaigns, messages, and formats drive engagement and revenue for your team.

Knowing what works (and why) will make you less susceptible to cookie-cutter approaches from outside agencies.

Challenge the “Experts”

If an agency or consultant pitches an idea that doesn’t align with your knowledge of the space, don’t be afraid to push back.

Your expertise matters.

3. Call Out the Bullshit

We’re not going to fix this industry by staying quiet.

If you see a shady ad, cringe-worthy campaign, or spray-and-pray outreach tactic, say something. 

Silence only enables bad actors to continue.

Here’s how we can collectively hold each other accountable:

Share What Doesn’t Work

If you’ve had a bad experience with a tactic, campaign, or partner, let your peers know.

Post about it on LinkedIn, talk about it in Slack groups, or bring it up at industry events.

Transparency helps us all learn and avoid the same mistakes.

(Hell, Chris Roberts and I launched a full podcast about this.)

Demand Better

When an agency or vendor misses the mark, don’t just roll your eyes and move on. Provide constructive feedback.

Let them know why their approach didn’t resonate and how they can improve.

Who knows—they might actually listen.

Support Positive Examples

On the flip side, celebrate campaigns, partners, and tactics that get it right.

The more we highlight great work, the more we set a benchmark for what good looks like in cybersecurity marketing.

Lead by Example

As marketers, we have a responsibility to raise the bar in our own work.

Let’s show the industry what authentic, impactful marketing looks like.

4. Prioritize Strategy Over Tactics

All too often, marketers get caught up in chasing the latest trend: influencer campaigns, social media ads, podcasts, you name it. But tactics are meaningless without a strong strategic foundation.

Here’s how to build that foundation:

Understand Your Ideal Customers and Develop Buying Committees

Start by deeply understanding your audience.

Who are they?

What challenges do they face?

What motivates their decisions?

A clear, detailed buying committee matrix will inform every piece of content, ad, or outreach you create.

Invest in Customer Research

Don’t assume you know what your audience wants—ask them.

Conduct interviews, run surveys, and gather qualitative feedback.

The insights you gain will shape your messaging and approach.

Clarify Your Unique Value Proposition

What sets your solution apart from the thousands of other vendors in the space?

If you can’t answer that question clearly and confidently, neither can your buyers.

Map the Buyer’s Journey

Understand how your audience moves from awareness to consideration to decision.

Tailor your marketing efforts to meet them at each stage with the right message, delivered in the right format.

Think Long-Term

Don’t chase quick wins at the expense of lasting relationships.

The most successful marketing strategies are built on trust, consistency, and value—not gimmicks.

My Final Thoughts

We can do better.

We have to do better. 

Cybersecurity isn’t just another industry, and marketing here isn’t just another job.

It’s a responsibility—to our buyers, our companies, and frankly, to ourselves as professionals who care about doing good work.

I’ve spent years working in this space, and if there’s one thing I’ve learned, it’s this:

Trust is everything. 

It takes months—sometimes years—to build, and only seconds to destroy.

Every time a lazy ad or tone-deaf campaign gets pushed out, it doesn’t just hurt the company behind it—it chips away at the trust we’ve all been working so damn hard to earn.

So, I’ll leave you with this:

The next time you’re about to approve a campaign, hire an agency, or even send an email, ask yourself:

Is this adding value, or just adding noise? 

Is this something that respects the intelligence and challenges of the person on the other end?

Because if the answer is no, then it’s time to pause, rethink, and do better.

Our buyers deserve it.

Our industry deserves it.

And honestly, we deserve it too.

Let’s raise the bar.

Together.

Until next time,
Dani

Join 1700+ cybersecurity marketers and sales pros mastering customer research.

Subscribe to The Cyber Brain for more deep thoughts, customer insights, and research tools and templates.

Access the minds that matter to you.

Directly connect with cybersecurity decision makers over video call and get the deepest buyer insights to refine your products, sharpen your marketing, and accelerate your sales.