Super Cyber Fridays!
Join us TOMORROW, Friday [10-24-25], for "Hacking the Death of EDR"

Join us Friday, October 24, 2025, for “Hacking the Death of EDR: An hour of critical thinking about the difference between bypassed and useless.”

It all begins at 1 PM ET/10 AM PT TOMORROW with guests Davi Ottenheimer, vp, digital trust and ethics, Inrupt, and Rob Teel, CTO, Oklahoma Department of Commerce. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register now

Defense in Depth
Sales Follow Up Sequences: What Works Best in Cyber?

Every cybersecurity vendor needs sales. But how should they shape their approach so it doesn't come off as aggressive spam?

Check out this post by Mike Gallardo of Deel for the discussion that is the basis of our conversation on this week’s episode co-hosted by David Spark, the producer of CISO Series, and Geoff Belknap. Joining them is Alex Guilday, BISO, Royal Caribbean Group.

Listen to the full episode here.

Timing the approach

Sales cadence strategies are evolving beyond the traditional front-loaded blitz. Jonathon Spencer of MBPS suggests a counterintuitive approach, saying, "Better off to start a bit lighter in the first days and increase the number of touches towards the end. It's natural for prospective buyers to 'wait out' sales outreach." Michelle Hecht of HiBob takes this further, advocating for experimentation over doctrine: "I'd AB test EVERYTHING and decide what works best for MY business. We're playing the long game here. Give without expectations." The underlying principle, as Monesh of Kanoo Elite notes, is that tactical refinements only matter "if we are successful in creating a personal connection with the engaging party."

When persistence becomes harassment

Aggressive multi-touch sequences generates backlash from buyers. "People don't respond to sequences, they respond to genuine outreach built on great research. If you can solve a problem and help them, they'll immediately respond," pleaded Kevin Kuhr of ServiceNow. The frustration runs deeper than mere annoyance. Howard Holton of GigaOm is blunt about the long-term damage, saying, "You are recommending 14 attempts with zero responses before saying 'goodbye'. And I have never, ever bought from an unsolicited phone call. Not once. Never will."

Playing the long game

The math of sales timing should inform broader strategy, not just one-off tactics. Todd Miller of Taylor Corporation points to a fundamental constraint: "I've heard a stat that at any given time, as few as 5% of our ideal customer profiles are in the market and prepared to engage." Given this reality, he questions whether aggressive short-term outreach makes sense if you aren't building long-term relationships. "Honestly, if you hit me up 15 times in two weeks, you are not endearing yourself or your brand to me at all. I would be pretty pissed and actively motivated to never buy from you. This is too much and feels non-consensual," said O'Ryan McEntire of Shimmer.

The necessity argument

Not everyone sees cold outreach as inherently problematic. Daniel Ibarra of KCV Capital frames it as an unavoidable reality. "Interesting that everyone hates to be sold, but everyone has to sell. Cold calling is a fact of life. You can't rely on just word of mouth or referrals. Until you have perfect information on your prospects (current vendor, other prospects, budget to buy something new), you have to do some level of outreach."

Thanks also to Jeff Williams of AWS for being an unwitting contributor.

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Huge thanks to our sponsor, Cyera

Subscribe
Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

NEW SHOW ANNOUNCEMENT: Department of Know

Many of our listeners have told us that they often use the news in the daily Cyber Security Headlines show in team meetings. Because of this, we thought that to serve our audience best, we should mimic that experience with a Monday "kick off your week" cyber show.

That's why we've decided to move our Friday "Week in Review" show to Monday and call it "Department of Know."

Join us LIVE every Monday at 4 PM ET/1 PM PT on the CISO Series YouTube channel to kick off your week with Department of Know: a live, roundtable-style cybersecurity news show built to launch your week in action.

Our first episode will happen on October 27th, 2025. Register here.

We’ll break down the stories that matter most to your business, your defenses, and your decisions for the week ahead. Join your peers, ask questions live, and walk away ready to brief your team with confidence.

Read more and watch the video here.

PREVIEW: CISO Series Podcast LIVE in NYC 11-5-25

The CISO Series Podcast will be recording live at FAIRCON25 in New York City. David Spark will be joined on stage by Saket Modi, CEO of Safe Security, for a candid and entertaining conversation about the biggest challenges facing security leaders today.

The event takes place November 4–5, 2025, at The Glasshouse in New York. Use promo code FC25CISOSERIESCODE for 75% off. Register here.

Watch the short video filmed in Times Square for a preview, and join us for the live recording at FAIRCON25.

Thanks to our sponsor, Safe Security

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be David Cross, CISO, Atlassian.

Thanks to our Cyber Security Headlines sponsor, ThreatLocker

Cleaning Up Cybersecurity Messes

This month’s AMA on r/cybersecurity brought together five seasoned security leaders who’ve all had to clean up after major cybersecurity incidents. They shared what really counts when chaos hits—how to stay accountable, measure value, and lead teams through the fog of fallout.

A huge thanks to our panel for diving deep into forensics, recovery, and leadership after the breach:

• Dan Holden (u/desmondholden), CISO, BigCommerce

• Montez Fitzpatrick (u/Beneficial-Expert635), CISO, Navvis

• Steve Zalewski (u/cybersecsteve), co-host, Defense in Depth

• Nick Espinosa (u/NickAEsp), host, The Deep Dive Radio Show

• Bil Harmer (u/wilharm3), information security advisor, Craft Ventures

From automating without losing accountability, to translating “no incidents” into business ROI, to handling the human side of cleanup, their insights offered a rare look into what it takes to lead after “the worst day” starts.

Read highlights from the AMA here.

Next up: “I’m a CISO who worked on many mergers and acquisitions (M&A). Ask Me Anything.” Starting Sunday, October 26 on r/cybersecurity.

Cyber chatter from around the web...
Jump in on these conversations

“If computer science isn’t the best field right now, then what is? What’s the “future job” everyone used to call CS?” (More here)

“Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data” (More here)

“F5 Security Incident - Nation-state Compromise” (More here)

Coming Up On Super Cyber Friday...
Coming up in the weeks ahead on Super Cyber Friday we have:

• [10-24-2025] [Hacking the Death of EDR]

• [10-31-2025] [Hacking CISO Self-Interest]

• [11-07-2025] [Hacking Remediation]

 Save your spot and register for them all now!

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.