Customer Success in Cybersecurity as a Trust Engine: An Interview with Segura®’s David Muniz

What to Expect in this Interview

In this interview, we explore how customer success in cybersecurity goes beyond support tickets—shaping trust, adoption, and long-term security outcomes for modern security teams.

In a recent episode of the Security by Default podcast, Joseph Carson and David Muniz discuss customer success, trust-building, Zero Trust, and David’s unconventional path into cybersecurity, with practical insights on reducing friction and strengthening identity security.

In cybersecurity, we talk endlessly about tools, threats, and frameworks, but far less about people, trust, and what actually makes customers happy.

In this interview-style feature, Joseph Carson, Chief Security Evangelist and Advisory CISO at Segura®, sits down with David Muniz, a computer scientist turned Customer Success leader at Segura®, to discuss his unconventional path into cybersecurity, what customer success really means in practice, and why trust often matters more than features. Along the way, they explore how ideas like Zero Trust and human happiness are more connected than they might first appear. 

How Curiosity, Compliance, and a Final Thesis Led David to Segura®

Joseph: Let’s start with your origin story. How did you get into this industry and end up at Segura®?

David: I’ve always been in computing, but not in the way many people expect for cybersecurity. I’m a computer scientist by training, then went on to do an MBA in project management, and more recently, specialized in cybersecurity.

My path into Segura® actually started with my final university project. At the time, cybersecurity wasn’t a big topic in class, and it was still emerging. I was doing an internship at a telecom company, working on a system that controlled customer revenue and paid plans. Because it was tied to revenue, the system fell under SOX 404 controls.  So, I leaned into that and wrote my final thesis on how companies should evaluate products to align with ISO 27001 and other security frameworks like SOX and CIS Controls.

Later, when I was applying for jobs, I included this research in my CV. One of Segura®’s owners, Marcus Scharra, saw the title of that thesis and liked the direction I was thinking in, even though I didn’t have formal cybersecurity work experience yet. That’s how I joined Segura®.

I started in documentation, moved into marketing and analyst relations, and today I’m in Customer Success, focusing on building and nurturing relationships with the people who ultimately keep the company alive, and that is our amazing customers.

“You Don’t Need to Be a Programmer to Work in Cybersecurity”

Joseph: I still see people online claiming, “You can’t work in cybersecurity if you don’t know how to program.” What’s your response to that?

David: It might have been partially true 20 or 30 years ago when cybersecurity was closer to pure engineering. But today, cybersecurity is a business problem, not just an IT problem.

We need people who understand:

• Risk
• Governance and compliance
• Human behavior
• Communication and empathy
• Business processes

There’s room for people from finance, HR, marketing, sales, you name it. Coding is valuable, but it’s not the only way in.

Joseph: I completely agree. When I used to be hiring new talent, HR filters would automatically reject candidates who didn’t have certain certifications or programming skills. I eventually said, “Stop filtering. Send me everyone.”

My only real requirement was passion and the desire to learn. If someone is motivated, curious, and we have a team who can mentor them, I don’t care if they have zero certifications. Diversity of skills and backgrounds is what moves cybersecurity from a purely technical field into a truly people-focused discipline. 

Customer Support vs. Customer Success: Short-Term vs. Long-Term

Joseph: You’re in Customer Success now. Many people confuse customer success with customer support. How do you draw the line?

David: I like to frame it in terms of time:

• Customer Support is short-term. The customer has a specific issue, something’s broken, misconfigured, or confusing, and support helps them fix it so they can continue working.
• Customer Success is long-term. The question is: Success for who? It’s about the customer’s definition of success using your product.

So, our job in Customer Success is to:

1.   Understand why they deployed our solution.

o   Is it just to check a compliance box like SOX 404 or ISO 27001?

o   Is it to reduce operational risk?

o   Is it to improve identity security visibility?

2.   Help them define how they’ll measure success.

o   What KPIs matter to them?

o   How does this tool contribute to their bigger business objectives, not just technical ones?

Sometimes, even the customer doesn’t know what success looks like yet. That’s where we have to ask questions, listen deeply, and help them translate business goals into measurable security outcomes.

Joseph: I often describe it with a metaphor: a road trip.

• The car is a solution.
• The short-term problems, flat tire, oil change, something not working, and that’s customer support: keeping the car running.
• The destination is getting from A to B, hitting milestones, and celebrating when you arrive, and that’s customer success: making sure you’re moving toward your goals and actually enjoying the journey.

Sometimes the journey is fantastic. Sometimes it’s a nightmare, and you break down on the side of the road. Customer success is making sure we repeatedly get customers to good destinations, learn from the journey, and improve it over time.

The Heart of Customer Success: Trust as a KPI

Joseph: So, what does good customer success look like versus poor customer success?

David: It all comes down to trust.

At Segura®, we talk a lot about being customer-centric. That means we don’t just show up during procurement or renewal. We guide the customer throughout their entire journey:

• Product design and roadmap
• Deployment and integration
• Day-to-day use and outcomes
• Support interactions
• Strategic alignment with their security and business goals

Best-in-class customer success isn’t just about hitting an SLA. It’s about becoming a trusted partner, not just a vendor. When a customer truly trusts you, they see every engagement as a human interaction, not a transactional one.

You know it’s working when trust shows up in the numbers:

• Renewals
• Net recurring revenue
• Upsells and expansions
• Customer referrals
• Advocacy in analyst reports and peer reviews

Those metrics are the result of trust, not the cause.

Joseph:Exactly. I see trust everywhere, even in everyday life, such as when choosing an airline, a hotel, a suitcase, a garage to change your winter tires.

You’re not just buying a service or an object. You’re buying confidence that:

• You’ll be treated fairly
• The experience will be consistent
• If something goes wrong, someone will have your back

Cybersecurity is no different, and the stakes are often much higher.

Zero Trust vs. Human Trust: The “Trust Paradox”

Joseph: Let’s switch gears to something related but more technical: Zero Trust. You’ve been talking and writing about it recently. What’s your take?

David:I call it the trust paradox. On the human side, we want more trust. In cybersecurity, we say things like Zero Trust, which on the surface sounds like “trust nothing and no one.”

But that’s not really what Zero Trust is.

Historically, we talk about Zero Trust as popularized by John Kindervag at Forrester, but it builds on deeper work as in particular, Stephen Paul Marsh’s thesis “Formalising Trust as a Computational Concept” from 1994.

He makes some important points:

• Trust is not binary. It’s not just “yes” or “no”.
• Trust is contextual. You might trust me to join a podcast, but not to drive your car.
• Trust is conditional. It depends on behavior and risk appetite.
• Trust is dynamic. It changes over time based on signals.

In Zero Trust architectures, we’re not actually saying no trust at all. What we’re really saying is:

No implicit trust. Manage trust. Continuously verify.

In practice, that means:

• Continuously assessing user and device behavior
• Comparing it against a defined risk threshold
• Allowing, limiting, or blocking actions based on that dynamic risk score

You still need some level of trust to let anything happen at all. You’re just doing it explicitly and adaptively, instead of blindly assuming trust because someone once logged in from the corporate network.

Joseph: Exactly. That’s why I often talk about dynamic risk scoring:

• You start with zero assumptions, not zero relationships.
• Every signal matters: device health, MFA, location, time, behavior history, known vulnerabilities, ongoing campaigns, etc.
• You compare that dynamic risk score to your risk appetite, which can change based on context, threats, or new intel.

And there’s another piece I always bring up: Zero Trust must be paired with Zero Friction.

You can build the most secure system in the world, but if:

• It blocks people from doing their jobs
• It adds 50% more time to every task
• It constantly breaks their workflows

…your users will find ways around it or simply refuse to adopt it. Security that hurts productivity will eventually be bypassed or ignored.

The real goal is:

Better security, happier and more effective employees. 

Why Users Resist Security - and How to Fix It

David: That’s one of the biggest challenges for cybersecurity solutions: users don’t want their work disrupted.

They don’t want to hear: “From today, your normal task will take twice as long because of this new security control.”

People resist that. So, the design goal has to be:

• Security that fits naturally into how people work
• Controls that reduce stress rather than add to it
• Flows that feel intuitive, fast, and supportive, not punitive

Joseph: Absolutely. It’s just like driving in a country where everyone uses the “other” side of the road. Suddenly, your muscle memory fails you, and the wrong controls get activated. That’s when accidents happen, during awkward, poorly managed change.

Good security should feel like cruise control and lane assist, not like someone constantly grabbing the wheel from you.

How Segura® Maintains the “Double Circle” of Customer Love

Joseph: Segura® has a reputation for having users who truly love the product. We’ve even seen that reflected in analyst reports and customer reviews. What makes that possible?

David: We listen, really listen.

In a digital world obsessed with automation, likes, and surface-level engagement, it’s easy to forget that relationships, whether personal or professional, are built on time, attention, and consistent signals.

For us at Segura®, that means:

• We design with real customer feedback in mind.
• We align product capabilities with actual business problems, not just buzzwords.
• We maintain a human touch even as we adopt AI and automation.

Customers feel heard. They feel we’re walking alongside them, not just pushing software at them. That’s how you become a vendor that customers trust, stay with, and recommend.

Automation, AI, and the Non-Negotiable Human Layer

Joseph: You mentioned AI and automation. I’ve had experiences where companies tried to replace human support entirely with chatbots. When the bot can’t solve your problem, and there’s no human escape hatch, it becomes infuriating.

Automation is great when:

• It actually solves the problem
• It saves time
• It handles simple, repetitive tasks

But when your situation is nuanced or emotional, you need empathy, judgment, and context, things human agents are much better at today.

Companies that chase 100% automation risk:

• Losing valuable customer context
• Missing learning opportunities that improve their products
• Damaging trust when customers feel stuck talking to a script

The future isn’t bots instead of people; it’s bots plus people with clear paths to a human when it really matters.

David: Exactly. In both human trust and Zero Trust, signals matter. And humans are incredibly good at reading complex signals.

Happiness, Hormones, and the Life Balance

Joseph: How do you personally stay informed and balanced with so much going on in cybersecurity and the world?

David: I’m not a heavy Netflix watcher. I prefer:

• Documentaries and movies based on real stories
• Reading books and curated news (without drowning in the negativity)

One book that influenced me a lot is “Sapiens” by Yuval Noah Harari. In the final chapters, he talks about the science of happiness and how much of our mood is influenced by hormones and brain chemistry.

It sounds simple, but there’s a powerful truth there: we need to understand what genuinely makes us happy and triggers those positive chemicals. Things like:

• Working out (which I love)
• Connecting with people and hearing their stories
• Nature, going to the beach, walking in a park
• Quiet moments to be with ourselves and reset

Everyone’s map is different. The key is to know your own.

Joseph: I relate to that. For example, I’m not big on the gym, but I love playing football. That’s where I get joy, movement, and connection.

I recently finished “The Power of Now,” and it really reinforced something important: you can’t change the past, and the future doesn’t exist yet. The only place you can act is now. That’s especially interesting when you think about the Estonian language not having a future tense, so you can’t “leave things for tomorrow” in the same way.

For CISOs, that’s a huge psychological tension:

• They constantly worry about future attacks
• They carry the anxiety of “What if we’re next?”
• Cyber incidents increasingly impact core business operations

Vendors like Segura® have a responsibility to reduce that anxiety, to:

• Help them become more resilient
• Minimize the impact when, not if, something happens
• Support their mental well-being by being reliable, transparent partners

David: Exactly. We’re part of the CISO’s support system. If they trust us and our product, they can sleep a bit better at night, knowing they’re not alone in this.

Final Thoughts

Joseph: It’s been fantastic talking with you, as always. Any final thoughts, and how can people reach you if they want to continue the conversation?

David: If anyone wants to reach out, the best way is LinkedIn. Just search for “David Muniz” you’ll see a profile picture of me wearing a Segura® t-shirt. I respond to every message.

I’ve also written articles on trust, cybersecurity, and the human side of Zero Trust, which I’m always happy to share.

And my final thought is this:

A lot of cyber-attacks start with the exploitation of human trust; that’s what social engineering really is. If we’re serious about cybersecurity, we have to understand not only systems and frameworks, but also how human trust is built, broken, and repaired.

Putting Trust into Practice in Cybersecurity

Trust is not built by policies or promises alone. It’s built through consistent experiences, clear outcomes, and security that works with people instead of against them.

At Segura®, these principles guide how we design, deploy, and support our identity security platform—combining Zero Trust controls with usability, visibility, and long-term customer success.

See how Segura puts trust into practice across identity and privileged access →