Yotam Gutman has been marketing cybersecurity companies for nearly 15 years, watching the industry transform from static websites and trade shows to algorithm-driven channels and LLM-generated content.

His current role is VP of Marketing at Zeroport, a Tel Aviv-based hardware startup that’s solving one of the hardest problems in remote access security: replacing VPNs with something that works at scale without introducing latency that makes the experience unusable.

Our conversation touches on how buyers evaluate vendors in a post-social-media world where algorithms control what reaches them, why video is still a critical competitive advantage as text becomes commoditized, and the uncomfortable truth that the cybersecurity market is drowning in products that nobody needs.

How did you end up in cybersecurity marketing?

I started as an Israeli naval officer, then moved into the defense industry, working on command and control systems. Close to the world I had come from. From there, I worked across homeland security and intelligence, including companies building intelligence infrastructure for governments. This is where I first encountered cyber.

One of the companies I was working with had a small cyber intelligence department that caught my interest. Eventually, we spun that activity into an independent company focused on cyber intelligence, before the larger players, including Recorded Future, came into the space.

The money eventually ran out, but by then I was entrenched enough to know this was where I wanted to be. It sat at the intersection of technology, marketing, and a domain where I had a real advantage.

Today, I’m VP of Marketing at Zeroport. We create a hardware buffer at the entrance to the organization, breaking the IP signal, turning it into an analog signal, then converting it back again. Many people have tried to do this over the years, but it was not possible at scale until recent advances in chips, particularly the latest generation of NVIDIA chips.

How have buyers changed the way they evaluate security vendors?

The IT environment has fundamentally changed. Ten years ago, most employees still worked on-site, the environment was more controlled, and cloud adoption was happening, but not at the pace of today. Then came the post-COVID shift to work from anywhere, and now AI, all of which mean organizations are processing data elsewhere.

That has shattered the way organizations thought about building walls around themselves. Any new security technology is now evaluated against a very practical question: “will it secure my data while still allowing people to work remotely, and what will it cost me to do that?” Do I need to rent space in a cloud? Am I paying per seat? Am I paying per token? Those questions did not drive the market in the same way a decade ago.

The other issue is people. Because of the way IT has been built, there will continue to be a shortage of security practitioners. There will always be insufficient security personnel compared with the amount of complexity organizations need to manage. That means tools need to become more independent, more autonomous, and more AI-driven, because technology has to bridge a gap that hiring alone will not solve.

What channels and tactics are proving effective for you?

I’ve been in this industry for nearly 15 years, so I’ve seen the full evolution. We started with static websites, blogs, events, brochures. That changed dramatically with social media, and now with what I’d call it the post-social-media world. Now algorithms decide what reaches people. You have to be omnichannel. Sure, you want to be on LinkedIn, but it’s drowning in AI content, so you have to be everywhere else too.

Since text is so easy to generate now, I shifted at least some of our content strategy toward video. Writing a decent blog post used to take two days and real expertise. Today you can produce the same volume with a click and zero cost. We’ve lost authenticity. Video is much more authentic. AI will eventually produce it convincingly, but not today. Today it looks cringy and you can tell it’s not human. Video doesn’t convert as well, but it helps with brand building and authenticity.

What I’m finding most effective, and extremely difficult is getting customers to talk on video. If you can pull it off, you’ve reached the apex of validation. You need a happy customer with legal approval who’s enthusiastic enough to film, bearing real reputational risk.

If they recommend you publicly and then get breached, they can’t blame the product. They have to be 100% confident. You can’t pay these people and corporate won’t allow it anyway. You have to make them love your product. In the cases where I’ve done it, it’s been hugely successful, and that’s one of my main focuses going forward.

Where do you draw the line with AI in content?

AI is excellent when you are dealing with large amounts of data and need to process it quickly. Cybersecurity has extremely fast news cycles. A topic that matters on Monday may be old by Friday, or even sooner. Vulnerabilities are disclosed, regulations move forward, products reach end of life, competitors ship new features, and the market keeps changing. AI helps me pick up those signals and identify what we should focus on before the opportunity passes.

I use AI as a discovery tool. I use it to see what other people are doing, to monitor the news cycle, to find angles worth exploring, and to help me produce material quickly once I know what I want to say.

But I do not trust it to do anything automatically, and I do not trust content unless I have read it, reread it, rewritten parts of it, and made sure it says something worth saying. I tell it what to write, and it helps me in the process. That is very different from handing over judgment. It does not replace the marketer’s job of deciding what matters.

What drives revenue, and what remains hard to measure?

Video is still part of the dark arts of marketing. You can measure views, watch time, and engagement, but it is very hard to prove direct conversion. People do not usually click at the end of a video and immediately book a demo. Video helps with brand perception and trust, but attribution is not yet where marketers need it to be.

Written content tied closely to the news cycle is much easier to measure. When something happens in the market, such as an attack, regulation, product change, or a major vulnerability, and you publish something relevant quickly, you can see the impact on website visits, demo bookings, and contact requests. The content has a reason to exist because buyers are already trying to understand the issue.

What converts particularly well is turning complex research into accessible content. Late last year, there was an attack on Polish energy facilities, and several organizations, including the Polish CERT, published deeply technical material. Most people won’t read a 30-page technical report in full, but if you can turn it into a shorter, focused piece that gives proper credit and explains what happened in a way management can understand, you provide value. A security leader can take that to their management and say: “This happened there; these were the weak points, and this is what we should fix.” That is more useful than generic content.

How do you get technical people to contribute without it being painful for them?

One thing I’ve learned over time is how to get technical people involved in content without asking them to become writers. You go to the CTO, the VP of R&D, the AI lead, or a technical lead and say, “I want to write about this topic. I know you are too busy to write it yourself, so I will send you three or four bullet points. Can you just verify whether they are accurate and tell me if anything important is missing?”

Everyone has time to read three bullet points. Once they validate the direction, I write the article around those points, send it back for review, and let them QA it. If they are comfortable, we publish it under their name because the ideation, technical validation, and approval were theirs, even if they did not write the prose from scratch. In many cases, they like the process enough they come back with more ideas.

If you had 20% more budget tomorrow, where would it go?

If I were measuring against lead generation, I would put it into ads, specifically LinkedIn. I do not like that this is where we are, because the internet used to feel more open. You could build something useful and people would find it. That is no longer how attention works. We are fighting algorithms, crowded feeds, and very narrow attention spans, so if I want to gain traction, I need to be pushed into the right inboxes and feeds as often as possible.

LinkedIn is still the best value for money in cybersecurity due to its targeting. I can reach the right people at the right time. PPC gives you search intent; however, search itself is starting to drift toward agentic engines, and that model is still premature. Advertising inside AI interfaces is only just beginning, so for now, LinkedIn remains the place where I know how to reach the people I need to reach.

If I had a lot more money, I would use television. I did it in Israel during COVID, when television advertising was cheaper, and everyone was locked indoors. We ran a national television ad for Sentinel One, which I believe was the first tech company ad of its kind in that market. I could not measure it like a retailer would measure sales uplift, but from a branding perspective, it was enormous. Everyone was watching and talking about it. That kind of impact is hard to reproduce in digital channels, even if it is much harder to attribute.

What’s an the uncomfortable truth about the cybersecurity market?

An uncomfortable truth is that no organization needs everything the cybersecurity market has to sell. About a decade ago, we tried to map the product categories in the industry. There were around eight top-level categories and roughly 150 product categories at the time. I do not think the market has doubled, but it is probably around 200 categories now. No single organization, and certainly no single human being, can or should buy all of them.

A conscious buyer needs to focus on the products that give the best security for the budget. If you are starting out, you still need the basics. You still need perimeter security, firewalls, email security, and the foundations that keep the organization protected. If you are a large organization and those basics are covered, then you look at the next pain point. Maybe that is AI security. Maybe it’s what your organization is sending to the cloud. Maybe it is another specific exposure that matters to your environment.

What does not work is chasing every new security trend and trying to build a perfect stack for every possible risk. It’s not doable, or necessary. Eventually, many of these categories find their way into the mainstream, and we have already seen significant consolidation. In many cases, organizations are better off working with a larger vendor that knows how to support their products and integrate them properly, rather than relying on multiple point solutions that create their own management burden.

The product may not be the most exciting or the most fashionable, but if it works, integrates properly, and is supported well, that matters more. Security buyers need tools that solve real problems, not another category to explain, fund, and maintain.

Yotam Gutman is VP of Marketing at Zeroport, a hardware security startup. He brings 15 years of experience across cyber intelligence, defense, and enterprise security companies.

About Bora

We’re Bora. We work with security companies to turn complex technical capabilities into clear, credible market narratives.

Get in touch for a free 30 minute consultation. If we’re not the right fit, we’ll help find someone who is.