Building a Customer Assurance & Continuous Control Monitoring Program that earns customer trust. Access on-demand →
Login
Schedule a Demo
Search
Close this search box.
  • Security Questionnaires

6 Ways to move from security questionnaires to self-serve trust

Akshay V

Dec 23, 2025

6 Ways to move from security questionnaires to self-serve trust
In this article

In this session of the Strategic CISOs webinar series, Sravish Sridhar (CEO, TrustCloud) sat down with Myke Lyons (CISO, Cribl) and Jon Zayicek (Customer Security Assurance Leader, Cribl) to break down how Cribl built a customer trust program that helps buyers self-serve proof, reduces questionnaire drag, and gives security a clear line of sight to pipeline and ARR.

Cribl has turned customer assurance into a revenue accelerant, and that posture has produced great results.

Below are the top takeaways, along with practical moves you can borrow immediately.

Transparency is a strategy, not a slogan

Jon Zayicek
Jon Zayicek

Customer Security Assurance Leader, Cribl

“We decided to be transparent… and it’s really worked out well for us.”

Cribl’s approach wasn’t to “tell customers we take security seriously.” It was to show them with artifacts, attestations, and real evidence, delivered in a way that reduces back-and-forth.

The result is a program that does two things at once:

  1. Deflects questionnaires by answering common questions up front
  2. Builds buyer confidence by making proof easy to find (and easy to trust)

It’s a subtle shift, but a powerful one: transparency isn’t a compliance output; it’s a buyer enablement strategy. And in competitive deals, that matters.

Build the internal “village” to power customer trust

Jon’s first takeaway was simple, and it’s exactly why it works:

  1. Build tight relationships with GRC, product security, product, HR, legal, and other teams.
  2. Treat them like partners in the outcome, not ticket-closers.
  3. Establish “champions” across functions so you can pull the right experts in fast.

This is how you turn customer assurance into an actual program (not heroics). It’s also how you avoid the common trap where customer trust work becomes a bottleneck because only one person knows how to get things done.

Measure customer assurance like a revenue function

One of the strongest parts of the discussion was how Cribl frames impact in business terms. This is especially helpful for leadership that doesn’t want a report of “tasks completed.”

Here are top 3 clear metrics that Cribl uses to track customer assurance work:

  1. % of closed-won deals touched by the assurance team
  2. SLA performance for questionnaire turnaround (P1/P2/P3-style responsiveness)
  3. Cycle-time reduction from weeks of back-and-forth down to days (and sometimes faster)
Jon Zayicek
Jon Zayicek

Customer Security Assurance Leader, Cribl

“80% of all closed deals at Cribl go through my team.”

When you connect assurance activity to pipeline stages and closed-won outcomes, you stop debating whether the work is “important.” The numbers make the case.

Start with a strong baseline questionnaire (AI depends on it)

Myke’s message was clear: AI doesn’t save you from foundational work; it rewards it.

His recommendation:

  1. Start with a baseline questionnaire you believe asks the right questions for your business.
  2. Build and maintain a knowledge system behind it.
  3. Keep it fresh, because in fast-growing companies, answers change quickly.

If your answers are inconsistent or scattered across docs, AI will amplify the mess. But if your knowledge is curated and governed, AI becomes a force multiplier.

Use AI to scale the work through software, not headcount

Cribl’s team talked about AI in the most pragmatic way possible: customer trust is one of the lowest-risk, highest-leverage places to deploy it.

Why?

  1. Questionnaire work is repetitive and pattern-based.
  2. The “ground truth” can be anchored in approved evidence.
  3. The output is measurable (answer rate, accuracy, reuse, time saved).

Myke’s underlying point was strategic: organizations are being pushed to “do AI,” but the smart move is to apply it where it creates real business value, and customer assurance is a perfect starting point.

Myke Lyons
Myke Lyons

CISO, Cribl

“Every business is being asked to do things with AI. This is absolutely the most no-brainer opportunity for you to provide value back to your business.”

Integrate assurance into sales for maximum recognition

Sravish added the importance of integrating customer assurance into the sales function.

Sravish Sridhar
Sravish Sridhar

CEO, TrustCloud

“If you want customer assurance to be taken seriously, integrate it into the sales function, not as a handoff, but as part of how deals move forward.”

This isn’t just about reporting. It’s about operational integration:

  1. Assurance signals flowing into the CRM
  2. Sellers knowing when and how to route requests
  3. Leaders seeing assurance as part of the revenue engine, not an external dependency

This is how customer assurance teams get recognized! In the webinar, Cribl shared how customer assurance contributions were visible enough to earn real recognition from revenue leadership (like an invite to the President’s Club and a trip to Hawaii).

Questions from the audience

Q: How should teams think about tiering vendors and what to share at different stages?

A: The guidance was to keep tiering practical (often 3 tiers works), focus on “crown jewels” and use cases, and standardize wherever possible, especially for repeatable assessments.

Q: How do you go beyond documents and move toward continuous proof (especially for audits)?

A: The direction was clear: move toward automated control testing where it makes sense, and provide “status-style” indicators (think traffic lights) that show how controls are performing, without dumping sensitive internals.

Q: What belongs in a trust portal if you want buyers to actually use it?

A: Substance: real artifacts, current evidence, and proactive updates (including vulnerability communications). The point is to reduce buyer effort and prevent “one more email / one more questionnaire.”

Myke Lyons
Myke Lyons

CISO, Cribl

“Make the Trust Portal not just ‘we take security really seriously in the company’. Of course you do! Put some real substance in there and update it regularly to do yourself and your customers a favor.”

 

Final thought: make trust a repeatable customer experience

A modern customer assurance program isn’t just a support function; it’s a productized trust experience where:

  1. Buyers self-serve credible proof
  2. Sales cycles move faster with fewer stalls
  3. Assurance work is measured, visible, and tied to outcomes
  4. AI scales consistency and speed
  5. Continuous signals keep evidence fresh

That’s how you move from “audit theater” to trust as a competitive advantage.

Watch the full conversation here!

Got Trust?®

TrustCloud makes it effortless for companies to share their data security, privacy, and governance posture with auditors, customers, and board of directors.
Learn More
Trusty

TrustCloud Blog

Joyfully crafted security, GRC and product-related content

View blog

Top 10 CISOs’ strategic priorities in 2026
  • GRC

Top 10 CISOs’ strategic priorities in 2026

remote work
  • GRC

GRC impact: Challenges to opportunities of remote work

TrustTalks

Podcasts on Security & GRC

Listen now

Trust Centers and a transparent security posture

Trust Centers and a transparent security posture

Third-party risk management

Third-party risk management

TrustCloud Logo White
Upgrade Security into a Profit Center with our Security Assurance Platform.
💛 Joyfully Crafted to Elevate Security and GRC Leaders into Trust Champions.
© 2026 TrustCloud Corporation. All rights reserved. TrustCloud®, TrustOps®, TrustShare®, TrustRegister®, TrustLens® and TrustHQ® are registered trademarks of TrustCloud Corporation.
Facebook Linkedin Youtube Rss

PRODUCTS

SOLUTIONS

ABOUT US

TrustCloud SOC 2 Badge
TrustCloud ISO 27001 Badge
TrustCloud ISO 27701 Badge