No Trust Podcast -2026 Cyber Trends: RSAC Insights with Jacob Friedman

In this episode of No Trust, we welcomed Jacob Friedman, Strategic Account Director at 3 Tree Tech, for a wide-ranging conversation on where cybersecurity is headed, how to evaluate startups intelligently, and how to actually get value out of RSA.

If you want to listen to the episode, go here –

https://on.soundcloud.com/OHe3Ff6eYgTKXKGXMY

Highlights

Jacob operates at a fascinating crossroads in the industry. As he describes it, he’s a “technology matchmaker and marriage counselor,” helping large enterprises identify the right security vendors while staying deeply connected to early-stage innovation. That vantage point gives him a front-row seat to both hype cycles and real progress.

And right now, there’s no shortage of hype.

More Spend, More Innovation — But More Noise

We opened with a blunt question: organizations are spending more on cybersecurity than ever before. So why does it still feel like we’re not materially safer?

Jacob acknowledged what many security leaders feel — the noise level is at an all-time high. AI has poured fuel on an already crowded marketplace. New acronyms appear constantly. Vendors cluster into overlapping categories while claiming differentiation that is difficult to parse. The pace of innovation is faster than ever, but the ability for teams to keep up with it is strained.

At the same time, internal pressures compound the problem. Security teams are operating with limited personnel, tight budgets, and relentless alert fatigue. Vulnerability backlogs grow. Cross-functional coordination with IT and procurement slows remediation efforts. Acquisitions add pricing pressure and uncertainty.

One of Jacob’s sharper observations was this: the industry has become very good at identifying problems. It has not become equally good at fixing them.

There is no shortage of tools that provide visibility. What remains underserved is the automation and operational capability required to close the loop — to actually remediate issues at scale rather than continuously document them.

What Organizations Are Actually Buying

While marketing narratives focus on what’s “cool,” purchasing behavior tells a more pragmatic story.

Right now, organizations are prioritizing technologies that either displace existing spend or consolidate multiple tools. Incremental improvement alone is rarely enough to justify new budget. The solution must either reduce costs elsewhere or materially improve operational efficiency.

One area Jacob highlighted as particularly compelling is data security posture management — though he reframed it more strategically as data hygiene.

Clean, classified, structured data is not just a security control. It enables better analytics, improves operational efficiency, and in some cases unlocks entirely new revenue streams. Organizations that approach data hygiene purely from a risk-reduction lens may be missing its broader strategic value.

When a security investment can also reduce redundant storage, improve backup performance, or enable monetizable insights, executive alignment becomes far easier.

Security that supports revenue is far easier to fund than security that only prevents downside risk.

Buying from Startups: Risk vs. Reward

A significant part of the conversation centered on startups — an area where Jacob spends much of his time.

Buying from early-stage vendors carries obvious risk. They can be acquired. They can pivot. They can run out of runway. And for enterprise leaders, there is personal and political risk if a bet goes wrong.

But there are also meaningful advantages.

Startups are typically more agile, more willing to act as design partners, and more flexible on roadmap influence. They are often highly motivated to prove themselves and will operate with a level of responsiveness that larger vendors cannot match.

So how do you evaluate them?

Jacob looks first for clarity. Can the founder clearly define the problem they are solving? Do they understand the competitive landscape? Can they articulate how they differ from both legacy vendors and adjacent startups? Do they know who the buyer is and who will operationally own the tool?

Red flags appear quickly when founders cannot answer these questions directly. A charismatic pitch without substance does not hold up for long.

Trust also plays a central role. Technology can mature. Features can be built. But cultural alignment and post-sale accountability are harder to manufacture.

If he cannot trust the founder or the team to support customers long-term, the conversation rarely progresses.

Is There a Cheat Code for Spotting Winners?

We asked whether there is a reliable way to predict which startups will break out.

Jacob was candid — there is no silver bullet.

However, patterns do matter. Strong relational networks, credible prior execution, disciplined hiring practices, and quality investors often signal maturity. Founders who understand not only product development but also channel strategy and go-to-market execution stand out.

Intent also matters.

Is the company trying to genuinely solve a problem and build something durable? Or are they optimizing for a quick exit? That difference often becomes clear through sustained conversation.

Ultimately, early-stage evaluation is less about perfect foresight and more about thoughtful risk management.

Navigating RSA Without Losing Your Mind

No discussion in early spring would be complete without RSA.

Jacob’s advice was straightforward: define success before you arrive.

RSA is overwhelming by design. Thousands of vendors. Endless side events. VC mixers. Executive dinners. Expo floor chaos. If you do not know what you want out of the week, you will default to reacting instead of executing.

For Jacob, the most valuable rooms are often venture capital gatherings and early-stage founder events. These settings offer insight into innovation before it becomes mainstream and create opportunities for meaningful conversations.

On the expo floor, his approach is simple: be curious, talk to everyone, but mark the handful of vendors worth deeper follow-up. You will not remember every conversation. Take notes. Pace yourself. And remember that how late you stay out does not determine how valuable the week will be.

RSA is a marathon disguised as a sprint.

The Throughline: Trust and Judgment

Across topics — whether discussing startup evaluation, tool consolidation, remediation gaps, or conference strategy — one theme remained consistent: cybersecurity is not just about technology.

It is about judgment.

It is about relationships.

It is about separating signal from noise in a market that generates both at industrial scale.

As Jacob put it, trust is the currency. Results are the outcome.

In a field defined by risk mitigation, that principle may be the most enduring differentiator of all.

No Trust Podcast – Clean Transcript

Guest: Jacob Friedman, 3 Tree Tech

Introduction

Jaye Tillson:
Hello everyone and welcome to another episode of No Trust. Today we have a friend of both John and me joining the show — someone new to the podcast but someone we’ve known for a while. Jacob Friedman, welcome. Thanks for coming on.

John Spiegel:
And just so everyone knows, Jacob is with one of my favorite companies — 3 Tree Tech.

Jaye Tillson:
It’s always a bit of a mouthful! Jacob, for listeners who may not know you, can you introduce yourself and share a bit about what you do and how you got here?

Jacob Friedman:
Absolutely. I’m Jacob Friedman, a Strategic Account Director at 3 Tree Tech. We’re a boutique technology advisory and intelligence firm that helps organizations identify the best potential vendor matches in the marketplace. I like to describe myself as a technology matchmaker — sometimes even a marriage counselor.

I’ve been with 3 Tree for about four years. My interest in security started early — actually through competitive gaming. I got DDoSed once, which was quite the wake-up call. Since then, I’ve spent my career on the sales side of tech, while maintaining a strong personal interest in cybersecurity and cyber warfare more broadly.

Cybersecurity in 2026: Noise vs Progress

Jaye Tillson:
We’re spending more money on cybersecurity than ever before, yet it feels like we’re not making proportional progress. There’s more noise in the industry than ever. What’s your take?

Jacob Friedman:
I agree — there’s definitely more noise, especially with AI accelerating everything. Innovation is moving faster than ever, but one of the hardest things for organizations is keeping up with the explosion of acronyms and categories. Multiple vendors claim the same category but solve problems very differently, which makes comparison difficult.

At the same time, security teams are under strain. There’s alert fatigue, limited personnel, limited budgets, and constant vulnerability management battles. Many issues require coordination across IT, procurement, and other departments, which adds complexity.

We’re also seeing heavy acquisition activity. When a key vendor gets acquired, customers often face price increases. Then it becomes a tough decision: endure the cost increase, or endure the pain of transitioning to something new?

What Are Organizations Actually Buying?

John Spiegel:
Outside of AI, what categories are interesting right now?

Jacob Friedman:
One thing I constantly balance in my role is what’s “cool” versus what organizations will actually buy.

What I’m seeing is that companies are buying solutions that displace existing spend or consolidate multiple tools. It’s harder to secure budget for incremental improvements unless they replace something else.

One area I’ve been talking about since 2023 is data security posture management — DSPM — but more broadly, data hygiene.

This isn’t just about security. Cleaning up data, classifying it properly, understanding access — that’s foundational. But the bigger picture is what clean data enables. It can unlock new revenue streams. I’ve seen real estate companies monetize structured data. I’ve seen healthcare systems use de-identified data for research insights.

A security investment in data hygiene can become the first domino in a much larger strategic initiative.

Buying from Startups

Jaye Tillson:
Let’s pivot to startups. What do you look for when early-stage vendors pitch you?

Jacob Friedman:
I look for clear articulation of the problem they’re solving. Is it a real, stated need? Are they improving an existing approach, or creating something entirely new?

A major red flag is lack of awareness of the competitive landscape. Founders need to understand who they compete against and how they differentiate.

I also look for clarity around who the buyer is and who will own the tool operationally. Those aren’t always the same.

And frankly, I care about the quality of their evangelists. Early-stage companies need people who truly understand and can articulate what they’re selling.

Evaluating Founders

John Spiegel:
How much weight do you place on the founder?

Jacob Friedman:
A lot. Relationship networks matter. If they’ve built and sold companies before, that’s meaningful.

I also look at cultural factors — are they partnership-oriented, or purely revenue-driven? Do they understand channel strategy? Do they know how they’ll scale?

Trust is huge. At 3 Tree, we say trust is our currency. If I can’t trust the founder or the team, I can’t advocate for them to customers.

The Risk and Reward of Startups

Jaye Tillson:
Some organizations refuse to buy from startups. What are they missing?

Jacob Friedman:
There’s inherent risk with startups — acquisition, shutdown, strategic shifts. Politically, it’s easier to defend buying from a well-known vendor.

But what you miss is hunger and flexibility. Startups often go above and beyond. They’re motivated. They’ll act as true partners.

The key is balancing risk appetite. Often, I see organizations start with 12-month contracts rather than multi-year commitments, which limits exposure while allowing time to evaluate impact.

Spotting Potential Winners

Jaye Tillson:
Is there a cheat code for spotting startups that will succeed?

Jacob Friedman:
If you find one, let me know.

There’s no silver bullet, but I evaluate across multiple lenses: the technology itself, their engagement process, post-sale support model, team quality, financial runway, and long-term vision.

Are they trying to genuinely shift how a problem is solved, or just build something to sell quickly?

Again, trust and cultural alignment are critical.

RSA: Making It Count

Jaye Tillson:
Let’s talk RSA. What draws you there each year?

Jacob Friedman:
RSA is unique because of its scale. For me, it’s about community and executive connection. I love attending VC-focused events — they’re a filtering layer for early-stage innovation.

But it depends on your goals. Before going, define what success looks like for you. Otherwise, it’s overwhelming.

On the expo floor, my advice is simple: dedicate time to walking the entire floor. Talk to everyone. Take notes. Mark vendors you want to follow up with. You won’t remember hundreds of conversations.

And pace yourself. Staying out late every night doesn’t define success. Define your objective and work backward.

Final Thoughts

Jaye Tillson:
Jacob, this has been fantastic. We’re looking forward to seeing you at RSA.

Jacob Friedman:
Likewise. It’s been a pleasure.

John Spiegel:
Thanks for joining us.