Defense in Depth
How to Engage With a CISO When They Express Interest

When a CISO walks up to a vendor booth, it should be a golden opportunity to connect. So why do so many vendors not know where to even start?

Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining them is Adam Palmer, CISO, First Hawaiian Bank. Be sure to check out David's book, Three Feet from Seven Figures: One-on-One Engagement Techniques to Qualify More Leads at Trade Shows.

Listen to the full episode here.

Lead with insight, not persuasion 

The initial conversation at a vendor booth sets the tone for everything that follows, and security leaders want vendors to cut through the noise quickly. Ross Young of CISO Tradecraft outlined three essential questions that should anchor every first meeting: "What problem does your tool solve for your customers? Why is this problem something your customers need to solve in the next 3-6 months? What differentiates your product's approach from competitors in the same magic quadrant?" But answering those questions is just the baseline. Raj Badhwar of Jacobs raised the bar, emphasizing that he doesn't need "another sales cycle in disguise, I need a spark. Show me a vision that makes me pause and think differently about a hard problem I own." He stressed that trust comes from leading with insight: "If you can teach me something new in a short conversation, you've already won more ground than a dozen polished pitches ever could."

Recognize the opportunity when it arrives 

When a CISO approaches your booth, they're making an active choice to engage. That moment matters more than most vendors realize. "If you are sitting down and not engaging with people who stop at your booth, I'm most likely memorizing your company name for my ignore list," said Thomas Quilty of IMA Team. John Salomon of Cybersecurity Advisors Network went further, noting the missed opportunity when vendors fail to match the moment: "If the CISO is actually coming to you, that's about as vendor jackpot as it gets. If you manage to blow it by trotting out the dead-eyed used car salesdrone, then I don't know what to say..."

Strategy over features 

CISOs aren't at conference booths to review product specifications. They're there to find partners who understand the strategic challenges they face. Sanjiv Cherian of Microminder Cyber Security observed that "too many vendors still lead with features instead of strategy, forgetting that CISOs are balancing business risk, not toggling configs." Nadeem Rehman of Club Technology Professionals reinforced this with a dose of reality, saying, "I'm not here for a product demo, I'm here to see if you understand my world. I don't want to hear about your AI-powered threat detection unless you can explain how it helps me sleep through a regulatory review." He recalled telling a vendor who opened with a basic question about firewall management: "No, I manage board expectations and existential dread." Steve Tcherchian of XYPRO Technology captured what separates productive conversations from wasted ones, noting that "the best partnerships I've seen happen when vendors invest in understanding the business context first, not just pushing product or introducing me to an 'account manager'. Thats the fastest way to turn me away."

Keep it efficient 

Once you've captured a CISO's attention, the worst thing you can do is drag out the process. Thomas Naylor of hifo identified a critical dynamic that vendors often miss: "The elephant in the room is that the longer the 'sales process' lasts, the greater the likelihood that the sale won't happen. Nobody likes being sold to." His advice was straightforward: "inform the buyer efficiently, by giving the right information succinctly, and then progressing onto a real conversation - where indeed use cases can be discussed and next steps identified."

Please listen to the full episode on your favorite podcast app, or over on our blog, where you can read the full transcript. If you're not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Huge thanks to our sponsor, Endor Labs

Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

Super Cyber Friday
Join us every Friday in April for “Trust Month”

April is Trust Month on Super Cyber Friday, and this week we're turning to a question that's been in the room since we started — vendors.

Every vendor claims to be a strategic partner. But what does that actually mean — and how do you know before you're locked into a contract? The early signals matter more than most people admit. How a vendor behaves before the deal closes tells you a lot about how they'll behave after.

We want to hear from you:

• How do you start building that trust in the initial conversation?

• Do all vendors need to be a partner to have a good working relationship?

• What specific behaviors have earned a vendor your trust early on?

• What have they done to lose it?

• When does a purely transactional relationship need to evolve into something more?

Drop your thoughts in the comments here. The best responses will be featured in the newsletter and referenced live on the show.

>>> REGISTER for single episodes or the whole Super Cyber Friday series <<<

Join the CISO Series Podcast LIVE in NYC (4-27-26)

New York-area cybersecurity professionals, this one's for you.

CISO Series Podcast is coming to the iconic Nasdaq MarketSite for an exclusive, invitation-only live audience recording hosted by David Spark, founder of CISO Series. Joining him on stage will be Mitchem Boles, Field CISO, Intezer, and Nick Vigier, CISO, Oscar Health.

Networking before and after the recording, plus food and drinks courtesy of our hosts at Intezer. The recording hits the stage at 3 PM. Space is capped at 70 attendees — do not wait on this one.

Reserve your spot here!

Huge thanks to our sponsor, Intezer

Cybersecurity Headlines - Department of Know

Our LIVE stream of The Department of Know happens every Monday at 4 PM ET / 1 PM PT with CISO Series producer Richard Stroffolino, and a panel of security pros. Each week, we bring you the cybersecurity stories that actually matter, and the conversations you’ll be having at work all week long.

Monday’s episode featured Bil Harmer, CISO, Supabase, and Chris Ray, Field CTO, GigaOm. Missed it? Watch the replay on YouTube and catch up on what’s shaping the week in security.

Join us again next week, and every Monday.

Thanks to our Cybersecurity Headlines sponsor, ThreatLocker

Cyber chatter from around the web...
Jump in on these conversations

"Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026" (More here)

"CISA urges US orgs to secure Microsoft Intune systems after Stryker breach" (More here)

"You found ssh.exe -R on a workstation. Would you investigate right away?" (More here)

Coming up on Super Cyber Friday:

• [04-03-26] “Hacking Trust in Leadership”

• [04-10-26] “ Hacking Vendor Trust”

• [04-17-26] “Hacking AI Trust”

• [04-24-26] “Hacking Trust in Security”

Register for the Super Cyber Friday event series. You can register for all upcoming episodes in this ongoing event series. After you register, you can add events to your calendar right on our event series Airmeet page.

Cybersecurity Headlines - Daily News Shorts

Subscribe to the CISO Series YouTube channel, for daily shorts videos from CISO Series reporter, Rich Stroffolino. You can find all of the stories he’s covered, plus new content every weekday, at the Cybersecurity Headlines Shorts YouTube playlist.

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.