Empathy for customers in the infosec space

Greg Soltis

Since we’re now hiring at Gold Fig, I wanted to talk about one of the values we included in the job requirements: empathy for customers.


It has been my experience that, especially among the security community, there is a tendency to look down on others who haven’t taken what we might consider to be basic steps. This industry-wide attitude manifests in customers being embarrassed to open up about their practices, and desperate to know how they stack up against their peers. Security is already often seen as a chore or drag on development. When you add dread as the primary emotion associated with a consult from the security team you have the perfect recipe for developers ignoring security concerns.

Since we started helping teams with their cloud infrastructure, we’ve done our best to steer clear of this stereotype. We try to approach each customer engagement as collaborators in the shared goal of improving their cloud security posture. It’s our job to point out how we think they can best achieve that, and it is their responsibility to prioritize that work appropriately among their many, many other concerns. They are the experts in their business and their bandwidth. We are there to offer support and guidance, not dictate answers.

Now that it’s time for us to expand our team, it’s on us to ensure that we maintain this approach. We’re hiring for an engineer, but it will be a customer facing role and a product role as well. And that means success in that role will be inextricably tied to empathy for our customers.

Subscribe to our infosec for startups newsletter