Customer Success in Cybersecurity: Why Security Starts With People, Not Software
It was a pleasure to spend 30 minutes with Rick Adams from Practical CSM discussing the role of the Customer Success Manager in the security industry. We covered how customer success applies in cybersecurity, where trust, risk reduction, adoption, and long-term customer value are especially important. You can listen to the full podcast episode on the Practical CSM website.
Now, Customer Success is already a people-focused job. We help customers adopt products, solve problems, reach goals, and get real value from the solutions they buy. But in cybersecurity, the role becomes even more interesting; and honestly, even more important.
Because security is not just about software. It is not just about dashboards, policies, alerts, configurations, or technical controls. Security starts with people. 👥
You can buy the best platform in the world. You can configure every setting perfectly. You can define the cleanest process imaginable. But if people do not understand it, trust it, or actually use it in their daily work, the outcome will fail.
That was the heart of my conversation with Rick: cybersecurity is deeply human.
Transcript
-
Hi, my name is Rick Adams from
PracticalCSM.com, and the title for
today’s -
podcast is Customer Success in the
Security Industry. Our guest today is
Fabio Lichinchi. -
Fabio is a customer success manager for
Zscaler, or if you’re in America, -
Zscaler, a software provider in the
security space that provides a 100 -
percent cloud-built secure platform for
moving applications and infrastructure to the -
cloud and untethering employees from their
desks. That enables its customers to -
realize advantages in productivity,
agility, and cost containment. -
Fabio originally comes from a sales
background. Before working for Zscaler, -
Fabio held both customer success manager
and success program manager roles at Cisco. -
Fabio is here today representing his own
opinions rather than those of Zscaler. -
Fabio, hello to you. It’s great to have
you with us.
- Rick, thank you for having me here, -
and for the opportunity of talking to you
on your podcast.
- Absolute -
pleasure. Great to have you with us. Thank
you very much. First things first, I’ve -
given a very brief description of you,
but it would be great if you don’t mind -
just spending maybe a minute or two
introducing yourself and explaining both your -
background and perhaps just explaining
your current role at Zscaler. -
Yes, yes. You know, my background, like many
of us, comes from a -
technical aspect. I was initially a
developer, and as a developer, -
I realized that many projects were
failing because they were around human -
interactions, let’s say. Let’s put it
this way. So I eventually became interested in -
knowing how IT fits together with
human behavior and -
business objectives. Eventually, I moved into
presales, then more sales roles. -
And you know, I know it's going to look cheesy,
but really, eventually, it's because I like -
to help people. So when a project really
has a big impact, and you can see -
that the customers are moving forward,
are doing business in a better way, and -
their customers are satisfied, I’m also
happy. I feel like I realized something and I did something -
with my life, and it’s something I like.
So I think really helping people is a big part -
in the push of all persons at this time
in this field, and especially - into the CSM roles that are now
-
one of the latest trends in the industry.
- Well, I totally agree with you. I - agree with you that it’s cheesy,
-
but I also agree that there’s a
reason why it’s cheesy: because it’s true. I can -
absolutely agree with you, people in
customer success by and large, in fact almost -
entirely, are people who like helping
people. I couldn’t agree more. -
So, our discussion today is customer
success in the security industry, and I -
think it’s an interesting topic
because perhaps of all the industries I can -
think of, the security industry is one
that really can’t afford to give wrong advice -
or slip up in best practice. It’s
got to make sure that whatever it gives as -
advice and help and assistance is the
correct advice and help and assistance to its -
customers, because those customers rely
on that advice and assistance to help -
make sure that their security doesn’t fail.
However, I was really interested in -
something that you were saying to me
before we kicked off the podcast, which I also -
completely agree with, which is that
security doesn’t begin with the software, but it -
begins with the people. Yeah, you know
where I’m going with this as a start point for -
our conversation around the security
industry. Perhaps could you expand a little bit -
about what you meant by that concept?
I think it’s a really important one. - Everything starts with the
-
people. And actually, if you look at the power
in terms of monitoring that - modern tools give you,
-
you will see companies, if you look at them
with the eyes of a CSM, you will see -
companies are doing different things.
Some of them will just -
be aware of certain situations and
do nothing. Some others will -
point the finger at employees, "Ah,
you’re doing this, you’re doing that," but without - really a
-
structure behind it. So what I want
to say is actually that people are very -
important in the security process,
and they need clear processes and rules. -
So they need to feel safe to err,
even if they make a mistake. Imagine how -
many times we wrote an email to
the wrong email address, and -
imagine if this is a business conversation.
So, - an employee that
-
is afraid of losing his or her job
will just hide the thing. That is not -
the right thing to do. The right thing
is to tell the company and have a process, -
because this is an honest mistake.
This mistake is not made with the intention - of producing
-
damage to the company or to other
parties. It's an honest mistake. There must be a -
process that clearly describes what
is going to happen, what the company is going to do, -
and employees need to be empowered
and feel safe. And this security process is very -
slow because it is a cultural one, and
that’s why it is not going to be solved in one week -
or a month. It might take a long time.
My job as a CSM is to make sure that really -
companies kick this off.
- That’s interesting.
So effectively, what they get from -
your organization really is an enabler
of security, but it’s not the -
answer. The answer is the way in which
they implement it, and how they -
change the culture within their
organization in using the services that your -
organization provides.
- Exactly, using them
in the right way, because these tools -
give you a lot of security in terms
of protecting you from the many threats -
that are out there, but also give you
visibility. And with visibility, -
you can do a lot of things. But it
is very important to handle this -
knowledge you have about your users'
behavior in the right way, not in the wrong - way.
-
And looking back over my early career
when I was an employee, I can -
remember sort of having a fear of a blame
culture, and culture is really -
critical to this, obviously. If you're
feeling that there is, to an extent at least, a -
fear of a blame culture, which immediately
meant that I was less -
productive because I didn’t take risks,
because I didn’t want to be blamed, that would be -
an appropriate risk. You want your
employees to take appropriate risks, -
because with risks come rewards. So
you’re stopping that, potentially, but -
then, of course, also as you said, rather
than if there was a security breach, - rather than, as it were, owning up,
-
to prevent it, I end up actually working
for the hackers, right? I end up -
being an employee who, in order to cover
for myself, I’m covering for the -
problem. And that is most definitely
something that isn’t going to work - well.
-
Yeah, and this is not going to work until
everybody acknowledges the problem, because employees are -
ignoring the problem, but also companies are
pretending this is not happening. -
As it were, if you put your fingers in
your ears and hum and close your eyes, - everything’s okay. Yes.
-
Okay, good. So it doesn’t sound like
you have much of your work cut out -
for you as a customer success manager
to change that around. -
Okay, well, look, we’ve said security is
all about people, and I totally get where -
you’re coming from on that. So out of
curiosity as much as anything else, -
what types of things do end users
typically do that can cause security issues? -
And perhaps, as we’ve said, equally
important is why do they do those things? Even - worse, they know they shouldn’t be doing them.
- Yeah, I think,
- well,
-
first of all, everything starts really
with someone leading security internally, so - a strong sponsor that can
-
move things forward, and this is
company-wide. Another important - thing is that
-
people need to be educated. This is
actually -
good for themselves and for the company
as well. If you think about it, not many -
companies are doing that, but if you
deliver training where you explain what - are the risks, how to use the tools,
-
what is going to happen if you don’t do
it the right way, that particular -
information is going to be good in the
people's lives, even outside work and at work. -
So it's a good investment, and it's going
to pass the message as something good for them -
and not just for the company, but this
is a win-win, you know. -
And also, they should really start
to think of data with more empathy. -
Because many times we treat data, we work
with data, and they see it as -
handled in a specific way only because
it is not your data. -
Imagine how you would feel, or imagine
how I would feel, if all your private IT -
information would be available now over
the internet for everybody to see. - We don’t have that kind of empathy
-
when we handle someone else's data. So that’s
where this goes back to the fact that -
I said it's a cultural problem. We need to
really build processes, teach, educate -
how to manage data, and keep on doing
this. I remember also, -
and those tools are important for a CSM
because -
this is more the soft skills side, but
let’s look at the tool -
side. I remember I was making fun of it
because we bought an apartment, and -
actually had the door replaced, because the
door that we previously had -
was symbolic. I mean, you could open it
just with a kick, I guess, and I was -
making fun of it and telling my wife,
"You know, this is the most valuable thing we got -
in the apartment. Three thousand pounds for
this door we recently bought! If someone wants to -
steal, it's better off just taking the door
and walking away, -
because we don’t have anything precious
inside the apartment." -
But yes, one day it happened that I
was talking to the neighbors -
downstairs, and my wife was curious to
hear what I was saying, so she - joined me downstairs. Now the thing is that
-
we were about to leave, and when we came
back after one hour and a half, - we realized we left the door open. So you
-
have a massive latest technology for
three thousand pounds, left open. -
So really, if you don’t know how to use
the tools and use them in a proper -
way, you can have the most expensive one,
and it's not going to help you. -
Or indeed, even if you do know how to
use them but you didn’t, which is obviously -
what happened in this case, it wasn’t
like you didn’t know how to turn a key, it was just -
you just didn’t do it. Yeah. So again, it
comes down to, like you said at the beginning, -
it comes down to the people as much as,
definitely, you've got to have the tools or -
you've got to have the door that is not easy
to break into your apartment, but yeah, -
then you've got to use it. And not just
use it once, right? You've got to use -
it all the time. That’s another aspect of
the culture and psychology, isn't it? -
That maybe the novelty of doing things
the right way wears off quite -
quickly for people. If you make it easier
to do the wrong thing and -
harder to do the right thing, then
you’re less likely... I mean, is that the sort of -
thing that you look at when... I imagine the
psychology of security is quite -
important for you to sort of work with
your customers, yeah, with companies, to -
deal with that sort of aspect of making it
as easy and as comfortable as -
possible for their end users to do the
right thing. So, I mean, how do you do that as a -
CSM? How do you help companies to understand
this sort of psychology of security and -
deal with it effectively?
- Imagine this,
when we talked about the door, -
as a CSM, I go to a customer. The door
is the product that they purchased, and - there are two aspects. One is to
-
give them metrics to understand if the
deployment, so how the door was -
installed, is the proper one, in the
way that best fits their needs. So you have -
technical aspects to discuss with the
technical people as a CSM, how the -
door has been installed. Then you need
to discuss with your end users, and -
the users will need to know how to operate
the door. And this is also the CSM, you will -
explain or educate or help them in
doing the best usage of the particular door -
they purchased. And also to your C-level
stakeholders as well, you will explain -
why the door is important, what it is
there for, what it defends, and why they should -
have processes in place to communicate the
importance of operating the door properly. So, -
you see, as a CSM, I talk to different
stakeholders, and mainly they are the -
employees, the technical people installing
the door, and my executive stakeholders -
that put it out there, someone who
purchased it for specific business -
objectives and that want to help them to
realize that. Psychologically, it is -
very important when I show them, because
another thing a CSM needs is -
data. You need to deliver some presentations
during a QBR or business review -
or a portal with visibility that shows
them how they are doing, and possibly you -
want to discuss also how others are
doing without giving names, just with aggregate -
data, to understand more or less similar
companies, what other people are -
doing in the market, and compare
themselves. And compare themselves to that -
externally, and a bit internally too. Why
internally? Because not all the -
companies are at the same maturity level
when we talk about security, right? Some are far -
behind. But psychologically they look
at the report and they think, "Well, this -
investment is not blocking enough." So
you say, "Okay, yes..." -
So actually, to move a company's behavior,
you've got to almost treat a company -
like a person in a way and say, "Well,
here's what good looks like, right? And - here's where you are."
- Yeah, and that psychologically moves
- them. Because if you don't do that,
-
most of the time companies really focus
with some connectivity, not security. So -
they prefer to have the service working,
because that service is making the money. And -
then making sure that it is also secure. So
user experience is very important, but again, -
goes back down to managing risk. So there
are some risks you can take in order to -
have good connectivity, and some you can't
really. And it's important -
we do this exercise of deciding what we
can afford and what we want to, or -
where we don't want to be, like hitting
the news in the wrong way. - Fair enough.
-
Well, you’ve worked with a fair number
of customers around implementing good security -
systems and processes. So in your
experience, why do companies sometimes fail to -
implement good security? Or perhaps you’ve
kind of answered that, we've talked about -
maybe a desire or an ambition to have
maximum productivity -
without realizing some of the implications
behind it and the risk side of it. -
So is it a case of perspective? Is it
a case of helping the -
stakeholders, the decision makers, to
understand the potential consequences of this sort - of risk and reward type
-
behavior, that you need to help them
almost to balance? -
Yes, yes, because when we talk about
security it is really everywhere. And - if you...
-
The first thing that comes to my mind
is always the user's behavior. As a user -
of many of the services out there now, I
can give you two examples. One once hit -
me because it actually looks so good to
have. -
For this big retailer in the UK, I have
a loyalty card. -
The loyalty card is now delivered through
my mobile. I created an account, -
logged in, I went to the store, I bought
stuff, I had some vouchers just for the amount of -
five pounds something, and as I tried to
open the application, my login expired. -
I didn’t have the password with me, I
couldn’t use the voucher, I couldn’t scan the card. It was a -
big disappointment for five pounds, and
now I’m considering another shop. So this is a -
big damage in terms of user experience.
You say, security-wise, they -
didn’t lose four pounds and a half, but
then -
my experience as a user was very bad. If
you look at Starbucks, for example here, -
because actually they are doing great in
this aspect. They would let the -
points go anyway, and even if someone is
stealing those points, it doesn’t -
really matter. They can replace them,
because the money they make thanks to -
returning customers is much more than
the stolen points. This is a -
risk they can afford.
- Yeah, they value
the customer experience higher -
than the potential loss of five dollars,
euros or pounds. Yeah.
- But in a smart way, -
because eventually that data is not customer
data, it is data. And here is -
another point that comes later, that we
will talk about possibly later, - understanding your data.
-
Understanding your data, so there’s risks
they can afford to lose, there’s -
really no damage, and risks that you don’t
want to lose.
- Yes, absolutely, like your customers' - data, for example.
-
Yeah, that can be quite damaging, I've
heard!
- Yes. - Okay, what advice do you give,
-
when you’re working with your customers,
how do you go about helping them to -
understand where they need to... let's
say, where they need to start with this?
- I would -
suggest that the most important thing is
really starting with your data. If you -
think of it, imagine this: okay, if you
are a manufacturing company, you build your -
business on other assets, like factories
or tools or -
devices. But if you are like many
companies that have services, imagine if -
your database disappears and you don't
have it tomorrow. You’re out of -
business because everything you got is
your data. And with your data, this is very -
important that you as the owner know
where it sits, because today with cloud and -
Shadow IT, people are copying companies'
data on non-approved -
cloud systems, they are bringing it home,
there are - parts on-premise, parts
-
in approved and non-approved clouds. So
it is very important that as an enterprise, -
or as a CSM, the exercise I usually do
is to talk with them to make sure they -
stay clear on where data is. And then
once they know -
where their data is, they can catalog it.
And the reason they -
want to create a catalog is to associate
a certain level of risk - to each piece of
-
data they have. And eventually what they
can do once they have this is to -
protect what is most important and maybe
let the things that -
after all, if they are leaked outside,
it is not a big damage, move -
more freely into the enterprise. So it is
really: first of all, know yourself, - know your data, and then start from there.
-
Okay, that sounds like a very logical
approach actually, where -
you’re leading them through a process of
understanding what the big -
risks or what the important risks are
and making sure that they’re prioritizing those. - That’s correct.
-
We could go on forever talking about this
because it’s a fascinating subject and we’ve -
been actually going now for thirty minutes
already, so I meant to wrap it up, but I -
did want to actually ask you another
question if you’ve got the time.
- Yes, - thank you. We just...
-
we’ve talked about what you do, but
perhaps a bit less about how you do it. And -
time and again people ask me about it,
what actually do customer success -
managers do? Not why, but what? Yeah, what
do they do? So would you -
mind giving perhaps just a very brief
overview of how you go about doing the -
things you do? In other words, when you
meet a customer, what actually happens? What -
does it look like? What is a day in the
life of Fabio the customer -
success manager in the security industry?
What do you actually do?
- Yes, a good - question.
-
It's very exciting, you know, because
what you do is you meet the - customer for the first time.
- And you usually want to have some data now.
-
Most of the companies that are doing the
CSM role right, that understand - CSM,
-
normally give the customer success manager
a set of metrics. These metrics are -
normally tailored to understand the
performance of the customer environment. -
And then that can be used. So I meet the
customer, I show them the -
metrics, and we discuss their feelings,
how they feel about the metrics, etc. -
If they knew they were there, and what
their next steps are, where they would like to be -
in the future. From there we build a
path to success. And -
what I do next is to hold them
accountable for reaching their -
goals. Those are theirs, not mine, but
they agreed on -
changing things for the better. As a
CSM, I just show the picture, -
I help them in figuring out where they
want to go, and then I monitor the -
situation to make sure they actually
do it. So the best meetings are the ones where -
you have a good mix of audience, like
technical executives, stakeholders, someone from - networking, someone from security,
-
someone from the employee side, because
they also have a word here. -
And you just drop a subject that you
think is important, that you -
identified as important for them, and
then they have the discussion among each -
other, and they sort it out by themselves.
The only thing I do is to record -
the minutes, and then in the next weeks
remind them of the next steps, how -
to do those with the tools, with some
help obviously if tools are involved. But first -
is a discussion among people, and then
mapping these objectives to the -
tools, and making sure they follow the
steps on the tool. And then they get to a new -
baseline target, then target turns into
the baseline, new target, and goes on forever. -
Because business is changing, things
don’t stay the same.
- Yeah, for sure. -
I think what you’ve just described there
is highly applicable in the majority -
of... or at least to some extent all
customer success roles, whether -
that is security or whatever the
CSM organization happens -
to be providing as a service or product.
Yeah, I think it’s -
about understanding the customer, building
the relationship with them, helping them to -
understand what the issues or the
challenges are, helping them to work -
through those to develop some sort of
roadmap, -
and then helping them with that roadmap
to implement that and take measurements, and -
change it, because as you say, the world
changes all the time. So by the time you get -
there it’s going to be wrong, so you're
going to need to keep adapting it. So to be, you know, -
to be versatile enough to do that, that
makes total sense. -
To make what you just described, yeah, you
need measurements and success criteria, or -
otherwise you don’t know if you’re
doing well or not. -
Right, yeah. And more importantly, I think
this is a big -
contentious issue, actually, because a lot
of the measurements that the -
customer success profession talks about
incessantly, to my mind too -
much, is measurements of the customer
success organization like NPS and -
utilization and churn and retention. The
customer doesn’t care about those - things, no.
-
That’s my problem, your problem, not theirs.
- Right. -
Yeah, so the clue is in the name, it's a
customer success manager. Yes, we have to wrap - this up unfortunately. It’s been a fascinating
-
conversation, for which very many thanks,
Fabio. I think that much of what we’ve covered -
is useful and relevant, not just within the
security industry, but to CS roles in -
pretty much all industries. And I think it’s
always useful to understand how -
others perceive the role of customer
success management, how they implement it -
within their companies. So yeah, that
Zscaler approach, I -
think is great for everyone to understand.
I really appreciate your time. -
Thank you so much for being with us today.
- Thank you for having me, and thank you for -
all the contributions you're delivering to
the CSM role in general. It is still so young, -
it really needs work.
- Well, it does, doesn't
it? And I think the best way we learn -
is through sharing and through understanding
each other’s concepts -
and ideas. That’s how we learn. So thank
you for that. I absolutely -
agree, that’s what we need to do. Before I
end the conversation, I just -
want to remind everybody I’ve been
talking to Fabio Lichinchi, customer -
success manager at Zscaler, about customer
success in the security industry. -
If you’ve enjoyed this podcast, please
remember to share it with your friends -
and colleagues. And also please do check
back at PracticalCSM.com regularly -
for more free customer success related
podcasts, videos, and articles, or better still, -
go to our website at PracticalCSM.com and
sign up for the monthly newsletter, -
which will keep you informed about all the
new free content we produce every month. -
And you’ll also receive a PDF of the first
chapter of my book, Practical Customer -
Success Management, as well as a
twenty-two page overview of the Practical CSM - Framework.
-
My name is Rick Adams from
PracticalCSM.com. Thank you so much to all -
of you for listening to this podcast, and
I look forward to talking to you again in - future episodes.
Security Is a People Problem First 🧠
When people think about cybersecurity, they often imagine highly technical things: firewalls, endpoint protection, identity systems, threat detection, access controls, phishing simulations, compliance frameworks, and so on. All of that matters, of course. But the reality is that most security outcomes depend on human behaviour.

People click links. People reuse passwords. People take shortcuts. People ignore warnings. People work around processes that feel too slow or complicated. People sometimes hide mistakes because they are afraid of getting blamed. That is not because people are bad. It is because people are people. 🙂
They are busy. They are under pressure. They want to get their job done. If security feels like a wall in front of them, they will look for a door, a window, or sometimes a ladder. This is why cybersecurity cannot be treated as a purely technical subject. It has to be treated as a behavioural, cultural, and operational challenge too.
And this is exactly where Customer Success has a huge role to play.
The CSM Is Not Just Helping Customers “Use the Product” 🚀
In many SaaS companies, Customer Success is often measured by product adoption, usage, renewals, expansion, and customer satisfaction. Those things matter. But in cybersecurity, they are not enough on their own.
A customer could be logging in regularly. They could be using the platform. They could even have good-looking adoption numbers. But the real question is much bigger: Is the customer actually safer?
That is the outcome that matters. Are they reducing risk? Are they improving behaviour? Are they becoming more confident? Are they protecting the business without slowing everyone down? Are they making secure work easier, clearer, and more repeatable? That is the difference between “using a security product” and building a stronger security posture.
For me, that is where Customer Success becomes strategic. The CSM is not just there to explain features. The CSM is there to help the customer connect the product to their real-world business goals.
Security vs Productivity: The Eternal Battle ⚔️
One of the biggest themes we discussed was the tension between security and usability: every company wants to be secure. Every company also wants people to be productive. The problem comes when security processes are so painful that users start avoiding them.
If the secure path is difficult, slow, confusing, or annoying, people will naturally search for shortcuts. And once shortcuts become normal, risk increases. This is why one of the most important jobs for a Customer Success Manager in cybersecurity is to help customers make the secure path the easy path.
Security should not feel like punishment. It should not feel like bureaucracy for the sake of bureaucracy. It should support the way people work, not constantly interrupt it. Good security needs to be practical. That means asking questions like:
What is the customer trying to protect? Where are users experiencing friction? Which behaviours are creating risk? Which controls are realistic? What can be simplified? What needs better communication? Where does the process break down?
The goal is not to remove every bit of friction. Some friction is necessary. But unnecessary friction is dangerous because it teaches people to avoid the process entirely. And when people avoid the process, security becomes theatre.
Fear and Blame Make Security Worse 😬
Another important point from the conversation was culture. Security teams and vendors often talk about risk, controls, and compliance. But end users experience security in a very different way. They may experience it as delay. They may experience it as restriction. They may experience it as “another thing I have to deal with.” And sometimes, they experience it as fear. That fear matters.

If people are afraid of punishment, they may hide mistakes. If someone clicks a suspicious link and feels embarrassed or worried about blame, they might not report it quickly. That delay can make the situation worse. A healthy security culture should encourage transparency, not silence. Mistakes will happen. The question is whether the organisation learns from them or buries them.
Customer Success can help here too. A good CSM can guide customers toward better conversations internally. Not just “how do we stop users from doing bad things?” but “how do we create an environment where people understand the risk and feel safe reporting issues?” That shift is powerful. Security improves when people trust the process.
The CSM as Translator, Guide, and Facilitator 🧭
One thing I really enjoyed discussing with Rick is that Customer Success in cybersecurity requires a lot of translation. Not language translation but business translation. Executives care about risk, reputation, resilience, cost, compliance, and business continuity. Technical teams care about implementation, integrations, alerts, configuration, visibility, and control. Managers care about productivity, team behaviour, process consistency, and reducing operational headaches. End users care about getting their work done without unnecessary friction. All of these groups are important. But they do not all speak the same language. A strong CSM helps connect the dots.
The message has to change depending on the audience. You cannot explain cybersecurity value to an executive in the same way you explain it to an admin or an end user. That is not “dumbing it down.” It is making the value relevant. Customer Success sits in a unique position because we understand the product, but we also understand the customer’s goals, pressure, constraints, and internal dynamics. We are often the bridge between what the technology can do and what the customer actually needs to achieve.
Customer Success Must Help Customers Think Clearly About Risk 🎯
Every organisation has risk. The question is how much risk they are willing to accept, where that risk lives, and what they are doing about it. This is another area where Customer Success becomes very valuable. A CSM should help customers think through questions like:
What are the most important assets or processes to protect? What could go wrong? Which behaviours increase exposure? Which teams need more support? What is realistic for this organisation right now? What does good look like in three months, six months, or one year? That last question is especially important.
Customer Success is not just about the current state. It is about helping the customer move from where they are today to where they want to be. In cybersecurity, that journey can include onboarding, adoption, configuration, training, stakeholder alignment, process improvement, behaviour change, reporting, and long-term maturity. The CSM helps turn all of that into a roadmap. Not a vague roadmap. A practical one. Clear priorities. Clear next steps. Clear ownership. Clear outcomes.
That is where trust is built.
Vendor Metrics Are Useful, But Customer Outcomes Matter More 📊
Let’s be honest: vendors care about metrics. Adoption. Usage. NPS. Renewals. Retention. Expansion. These are important for the business, and they can tell us useful things. But customers do not wake up in the morning thinking, “I hope my vendor improves their retention rate.” 😄

Customers care about their outcomes. They want to know: Are we safer? Are we more confident? Are we reducing unnecessary risk? Are our teams working better? Are we getting the value we expected? Is this solution helping us operate securely without slowing us down? That is the lens Customer Success needs to use.
Usage is not the same as value. Adoption is not the same as impact. A renewal is not the same as success. Real success is when the customer can clearly see that the solution is helping them achieve something meaningful. In cybersecurity, that meaning is often tied to trust, protection, resilience, and confidence.
Why Cybersecurity Makes Customer Success More Serious 🔥
The fundamentals of Customer Success are the same in many industries. Understand the customer. Build trust. Define success in the customer’s terms. Create a plan. Drive adoption. Review progress. Show value. But cybersecurity adds extra weight because the consequences are bigger. Poor adoption is not just a missed opportunity. It can create real exposure.
If users avoid a process, sensitive data could be at risk. If alerts are ignored, threats could go unnoticed. If behaviour does not change, the same mistakes keep repeating. If security is seen as a blocker, teams may find unsafe workarounds. That is why Customer Success in cybersecurity cannot be passive. It has to be proactive, curious, empathetic, and outcome-driven.
The CSM needs to understand the product, but also the customer’s people, processes, culture, and tolerance for risk. That is what makes the work challenging, and also very rewarding.
Final Thought: Security Is Human-Centred ❤️🔐
Customer Success in cybersecurity is not just about making sure customers use the product. It is about helping them change behaviour, manage risk, and build confidence in the way they operate. The best security solution in the world can fail if people do not understand it or use it properly. Technology can enable security, but people make security real. That is why the CSM has such an important role.
We help turn security from a technical purchase into a practical, human-centred business outcome. And when that happens, security stops being just another tool in the stack. It becomes part of how the organisation works, grows, and protects itself. ✨
Key Takeaways 🌟

- Security starts with people. Tools matter, but behaviour, trust, process, and culture decide whether those tools actually work.
- Customer Success must reduce friction. If secure processes are painful, users will avoid them. The goal is to make the secure path the easy path.
- Fear and blame damage security. People need to feel safe reporting mistakes. A strong security culture encourages transparency and learning.
- CSMs translate security into business value. Executives, technical teams, managers, and end users all need different messages.
- Customer outcomes matter more than vendor metrics. Usage and retention are useful, but the real question is whether the customer is safer, more confident, and better able to work securely.
