Join us tomorrow for "Hacking Citizen Developers"

Author

Josh Peets
March 05, 2026

Join us TOMORROW, Friday [03-06-26], for "Hacking Citizen Developers"

Join us Friday, March 6, 2026, for “Hacking Citizen Developers: An hour of critical thinking about how to embrace democratizing development without creating security chaos.”

It all begins at 1 PM ET/10 AM PT tomorrow, with guests Amichai Shulman, CTO and co-founder, Nokod Security, and Bil Harmer, information security advisor, Craft Ventures. We'll have fun conversation and games, plus at the end of the hour we'll do our meetup in breakout rooms.

Register for the Super Cyber Friday event series on Airmeet. Join us for just this episode, or choose to register for all of our upcoming episodes in this ongoing event series.

Thanks to our Super Cyber Friday sponsor, NOKOD

Defense in Depth
Why Overpromising is a Dangerous Sales Tactic

Cybersecurity sales lives and dies on trust. So why do so many vendors burn bridges just to get a foot in the door?

Check out this post by Rinki Sethi, CISO, Upwind Security, for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Octavia Howell, vp and CISO, Equifax Canada.

Listen to the full episode here.

Beyond the quota

The best vendor relationships start with knowing when to walk away. Michael Whiting of Hack the Box explained that his team doesn't go where they aren't wanted. "Pushing a deal on a team that is not a good fit is something we've been told to never do in our team. It's a practice which screws your long-term business goals—not just unethical, but damaging for your own reputation and for your entire organisation," he said. He added that when salespeople offer alternatives, even competitors, "that's the sign of a salesperson who is trying to help." But not everyone operates this way. Mike Cushing of Patagonia called out a particularly manipulative tactic: vendors who claim to have found sensitive information but won't share it unless you schedule a meeting. "If it is so important, then provide me with the information now; it shouldn't be held as ransom for a sales meeting."

The hard truth beats the polished bluff

Honesty about product limitations builds stronger foundations than spin. Anatoly Chikanov of HealthEquity emphasized the importance of transparency, saying, "If you are honest about what you can do/can't do, that's a solid foundation to build upon." Honesty has more value than puffery. Bradley Schagrin of ObserveID reinforced this point bluntly: "Every CISO I've worked with would rather hear a hard truth than a polished bluff. Vendors forget that when they spin, they don't just lose a deal—they lose credibility. In this space, trust is currency, and once it's gone, it doesn't come back."

Paying for someone else's mistakes

Broken trust creates lasting skepticism that affects every vendor interaction. Aleksandr Kursov of Clarity described the challenge of being judged by others' failures: "By the time I show up, there's already a layer of skepticism—people assume I might be the same. It makes me wonder how fair that is, but I also get it. Once trust is broken, every new conversation carries the weight of someone else's missteps." The instinct to sell a customer the moon doesn't do anything but set yourself up for failure. Tony Edwards of Silverfort sees this as an industry-wide failing, adding, "Saying we do all things for all people is setting everyone up for failure... STOP saying we cover all blind spots, everywhere, all the time. No, we don't! Guess what, neither does the competition. What happened to under promise and over deliver?"

Reducing friction, increasing trust

Vendors could close more deals by simply being less risky to work with. Konnor Andersen of Acuvity made the case: "I think vendors could sell significantly more if they went to each step in their sales process and asked themselves how they can be less risky for CISO/security teams." He pointed to common practices that create unnecessary risk, such as limiting POCs to small portions of the platform, forcing bundled purchases, and giving vague answers about support or implementation timelines. "It's why the channel is so crucial to the security community," he noted. "They help suss out the fluff!"

Thanks to Stanley Ogbu from CISA for being our unwitting contributor.

Please listen to the full episode on your favorite podcast app, or over on our blog, where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Thanks to our podcast sponsor, ThreatLocker

Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

CISO Series Podcast LIVE in Orlando, FL 3-6-26

CISO Series Podcast records LIVE TOMORROW at Zero Trust World 2026 in Orlando! Don't miss David Spark with Rob Allen, chief product officer, ThreatLocker, and Michelle Wilson, CISO, Movement Mortgage, on stage March 6.

Register here, and use code ZTWCISO26 for a discount. All the details can be found here.

Thanks to our sponsor, ThreatLocker

Cybersecurity Headlines - Department of Know

Our LIVE stream of The Department of Know happens every Monday at 4 PM ET / 1 PM PT with CISO Series producer Richard Stroffolino, and a panel of security pros. Each week, we bring you the cybersecurity stories that actually matter, and the conversations you’ll be having at work all week long.

Monday’s episode featured Mark Eggleston, CISO, CSC, and Dan Holden, CISO, Commerce. Missed it? Watch the replay on YouTube and catch up on what’s shaping the week in security.

Join us again next week, and every Monday.

Thanks to our Cybersecurity Headlines sponsor, Adaptive Security

Cyber chatter from around the web...
Jump in on these conversations

"What's going on with the cybersecurity job market right now for mid-level engineers? Why is it so hard to find a job?" (More here)

"We replaced all laptops with Framework laptops - A one year review" (More here)

"2-man IT team → solo admin for 300 users, no raise. Stick it out or leave?" (More here)

Cybersecurity Headlines - Daily News Shorts

Subscribe to the CISO Series YouTube channel, for daily shorts videos from CISO Series reporter, Rich Stroffolino. You can find all of the stories he’s covered, plus new content every weekday, at the Cybersecurity Headlines Shorts YouTube playlist.

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.