Defense in Depth
Don't Try to Win with Technical Expertise. Win by Partnering.

In security leadership, being right on a technical level only goes so far. How can we shift our mindset to prioritize building consensus over winning arguments?

Check out this post for the discussion that is the basis of our conversation on this week’s episode, co-hosted by me, David Spark, the producer of CISO Series, and Jerich Beason, CISO, WM. Their guest is Pam Lindemoen, CSO and vp of strategy, RH-ISAC.

Listen to the full episode here.

From loudest to most trusted

Early-career instincts often push us to prove our technical expertise through volume and assertion, but seasoned security leaders know that's not what builds influence. "Early on, I thought being the smartest voice in the room meant being the loudest," said Grant Sewell, CSO at Ahead. "Turns out, trust travels faster than facts, and people remember how you made them feel far more than the cleverness of your argument." Mike Wilkes, enterprise CISO at Aikido Security, emphasized the deliberate shift required to develop executive presence: "There are habits and instincts that we need to shed and others that we need to adopt in order to bring the soft skills required for executive presence. To be able to 'bring the gravitas' without fighting or shouting and to cajole, influence and otherwise guide our colleagues on the path to building real security programs."

Letting go of the win

Treating every security decision as a battle creates exhaustion and undermines the collaboration needed for real progress. Chris Beckman of TaxBit recalled advice from a former CISO that changed his approach, saying, "Put your ideas out there, create and foster a forum with the stakeholders for discussion, and understand that if your idea loses, it loses. This was, of course, in reaction to my approach, acting like every security decision was a battle to be won." That willingness to accept being wrong signals something deeper about professional growth. Peter Dohm of Black Mesa frames it as an essential part of the job: "If you're into a nuanced technology and you don't feel impostor syndrome every single day when trying to integrate this technology into a real business in the real world with people who rightly only care about that technology's benefits to them, then I posit you're doing something wrong. You're definitely not growing."

Listening over proving

The impulse to demonstrate expertise often gets in the way of actually solving problems. Jason Black of Concentric AI described his own evolution away from talking too much: "As a technical salesperson, I often felt the need early in my career to prove I knew what I was talking about, so I talked too much. The best advice I got from a boss and mentor was... 'God gave you two ears and one mouth, use them proportionally. Listen twice as much as you talk.' Since then, I've focused on listening to understand my customers' challenges and then, if possible, helping solve problems together instead of trying to force my agenda on them." Kevin Haft of BforeAI pointed to another dimension of this, recognizing that your solution is only part of the equation, saying, "The problem you're focused on solving isn't the only problem you should consider. Bringing your audience along in their understanding is just as or more critical than the problem itself."

Beyond right and wrong

Security decisions aren't binary, even when they feel that way. Early in his career, Sohil Merchant of WM didn't see the nuance: "I saw things as simply right or wrong. Over time, feedback helped me realize there are degrees of 'right,' and the real key is finding what's right for the organization—but more importantly, what value that 'right' brings to the people in the room. When decisions create meaningful impact for the team and stakeholders, that's when true progress happens."

Please listen to the full episode on your favorite podcast app, or over on our blog, where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Thanks to our podcast sponsor, Alteryx

Subscribe
Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

Join us next week for “Hacking Past Mistakes”

Join us on Friday, January 23, 2026, for Super Cyber Friday: “Hacking Past Mistakes: An hour of critical thinking about what we can do better in 2026.”

It all kicks off at 1 PM ET / 10 AM PT, when David Spark will be joined by Tom Hollingsworth, organizer, Tech Field Day, and one other special guest, for an hour of insightful conversation and engaging games. And at 2 PM ET / 11 AM PT, stick around for our always-popular meetup, hosted right inside the event platform.

Register now

LIVE!
Cybersecurity Headlines - Department of Know

Our LIVE stream of The Department of Know happens every Monday at 4 PM ET / 1 PM PT with CISO Series producer Richard Stroffolino, and a panel of security pros. Each week, we bring you the cybersecurity stories that actually matter, and the conversations you’ll be having at work all week long.

Monday’s episode featured Johna Till Johnson, CEO and founder, Nemertes, and Jason Shockey, CISO, Cenlar FSB. Missed it? Watch the replay on YouTube and catch up on what’s shaping the week in security.

Join us again next week, and every Monday.

Thanks to our Cybersecurity Headlines sponsor, ThreatLocker

Cyber chatter from around the web...
Jump in on these conversations

“Is it crazy to turn down a red team opportunity in the military in this economy?” (More here)

“Am I doing good in my Cyber journey? Cyber sec saved me” (More here)

“Serious breaches often come from boring problems. What’s the most “unsexy” control that actually failed you?” (More here)

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.