How I Pendo Customer experience

Stopping security vulnerabilities dead in their tracks

See how CyCognito used Pendo In-app Guides to communicate a mission-critical security vulnerability to their customers and provide the guidance they needed to address it


When a critical security vulnerability in a widely-used software library was discovered in late 2021, the CyCognito team knew they had to alert their customers to the problem as quickly as possible. They needed a fast, effective, and contextual way to drive awareness of the security incident and get their customers to take the necessary steps to protect their environments, ASAP.

Pendo'ing it

CyCognito used Pendo In-app Guides to create and deploy a one-step guide alerting customers to the vulnerability, providing additional information about it, and leading users to the right area of the CyCognito platform to see whether their organizations were impacted and take the necessary action. The CyCognito team programmed the guide to appear multiple times a day, in an effort to reach as many users as possible and help customers stay ahead of the threat.


To date, this guide has received the highest engagement and most click-throughs of any other security alert the CyCognito team has deployed. The company has also received an outpouring of positive feedback about their response to the incident from their customers, who greatly appreciated the team’s proactiveness and clear guidance for addressing the vulnerability.

Daniel Avissar

Knowledge manager and technical writer


CyCognito is a cybersecurity provider that empowers organizations to identify, understand, and master their risk in profound new ways. Their fully automated and highly scalable platform uses advanced machine learning and natural language processing to identify and secure gaps, helping security teams determine what their true risks are, where they need to focus, and how they should invest their efforts.

Originally, "Pendo’ing it" was about just creating walkthrough guides. Now our favorite use case is creating quick announcements that are very pointed and help get the word out about certain vulnerabilities to our customers, ASAP.

Keep it simple to make it work

The CyCognito team is no stranger to quickly springing into action to address mission-critical security vulnerabilities; they help companies stay in control of their digital environments by proactively uncovering and eliminating critical security risks. But getting their customers to operate with the same sense of urgency could sometimes be a challenge—particularly without an easy way to communicate with users inside the CyCognito platform. With Pendo, CyCognito now creates engaging and effective in-app guides that lead customers to the exact vulnerabilities or areas of their products they need to address—without requiring additional support from engineering teams.

When a critical vulnerability in a widely-used software library was discovered in late 2021, the CyCognito team knew they needed to alert their customers to the problem as quickly as possible. “This was a particular function in a software library that everybody was using,” Daniel Avissar (Knowledge Manager and Technical Writer at CyCognito) explained. “We took it as an opportunity to use a Pendo in-app guide that immediately popped up as soon as customers would log into their platform.”

Avissar knew he needed to make this guide informative yet succinct—and give customers clear direction on the steps they needed to take to address the security risk. “We created a one-step guide that outlined what the vulnerability was and what CyCognito was doing to keep our customers informed about it,” said Avissar. “We provided links to resources that described the vulnerability in more detail that included a small news section and showed users how to contact us. And we also used a call-to-action (CTA) button that took our customers to the specific part of our platform that would allow them to investigate whether or not this critical vulnerability was indeed creating security issues for their organization.”

Reputation comes from repetition

This simple—yet effective—guide had an immediate positive impact for CyCognito and their customers. “[Our proactive approach with this guide] got us a lot of points with our current customers. And since then, we’ve done a couple of other one-step guides like this—because there’s not just one vulnerability in the world of cybersecurity,” Avissar explained. 

The speed and ease with which Avissar and his team can stand up these guides was another big win for CyCognito. “Someone on the sales engineering team reported back that he was conducting a demo for a potential customer and was talking about this particular vulnerability. I had just published the Pendo guide, and it appeared as he was describing it to the prospect at that very minute,” said Avissar. The CyCognito team was also able to program the guide to appear twice a day, to reach the largest number of users possible until the threat was under control.  

Avissar explained that, to date, this particular guide for this security incident has received the most click-throughs of any vulnerability alert his team has ever created. “Due to the severity of this vulnerability—and because we programmed the guide to appear twice a day—we had customers clicking on the CTA almost as frequently as the guide appeared. It’s been one of the most engaged-with guides that we’ve ever created,” he said. He also noted that this general in-app approach was well-received by CyCognito’s customer base. “We had a lot of positive feedback about what the company was doing in terms of proactiveness and responsiveness to the vulnerability. It was a sign that we had a good system in place.”

Following the success of this guide, the CyCognito team has put processes and templates in place to use Pendo for similar announcements on their platform about other vulnerabilities—a strategy which has continued to garner trust with their users and in the field. “It’s given us a great reputation among our customers,” said Avissar.

Pro tips

  • Try to keep your guides as short and concise as possible (users typically drop off after step three or four in a guide series)
  • Make your CTAs are clear and engaging as possible
  • Don’t be afraid to give your guides some personality and pizzazz—emojis can be a great way to make your content more approachable and eye-catching