Join us tomorrow for "Hacking the Security Poverty Line"

Super Cyber Fridays!
Join us TOMORROW, Friday [07-25-25], for "Hacking the Security Poverty Line"

"Hacking the Security Poverty Line"

Join us Friday, July 25, 2025, for “Hacking the Security Poverty Line: An hour of critical thinking about minimum viable security.”

It all begins at 1 PM ET/10 AM PT on Friday, July 25, with guests Samantha Jacques, vp, clinical engineering, McLaren Health Care, and Ross Young, CISO-in-residence, Team8. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Defense in Depth
Why Salespeople's Knowledge of Cybersecurity Is Critical for the Ecosystem

Why Salespeople's Knowledge of Cybersecurity Is Critical for the Ecosystem

Do many cybersecurity sales professionals lack a deep understanding of cybersecurity? If true, does that cause problems for people who have to use their products after purchase?

Check out this post from David Colombo of Alaris Security for the discussion that is the basis of our conversation on this week’s episode co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining them is Jason Thomas, senior director, technology security, governance, and risk, Cystic Fibrosis Foundation.


Listen to the full episode here.

The trust deficit

Poor vendor practices and overselling have created a credibility crisis that undermines the entire cybersecurity ecosystem. Isabelle Meyer of ZENDATA pointed to how users "purchase based on the trust of salespeople and then they get hacked, breaking that level of trust not only in vendors, but in the whole system of protectors." This cycle of broken promises gives leverage to threat actors while allowing vendors to maintain control over market trends and narratives. Zachary Hyde emphasized that addressing this issue requires vendors to hire marketers with actual cybersecurity experience, noting that "even just a Security+ can help understand the basic concepts behind the product." He stressed the importance of speaking to customers "in their language, with their jargon," which requires genuine understanding rather than superficial marketing speak.

Defending the non-technical roles

Industry veterans push back against the notion that only deeply technical professionals can contribute meaningfully to cybersecurity. Danick Wiberg of Atea argued that cybersecurity isn't "a one-man job" and highlighted the diverse skill sets required, noting that salespeople "need to know the attack vector and how the control works" without necessarily needing to understand coding. Thomas Ballin of Cytix dismissed the technical elitism as "a simple way to explain away challenges while feeling superior," pointing out that there are "plenty of competent people in cyber, including decision makers, marketers, and salespeople." He argues that seemingly buzzword-heavy language serves practical purposes, creating ambiguity for broader value propositions and keeping pace with competitive messaging, while acknowledging that different audiences require different communication approaches. For top of the funnel awareness, that may be perfectly fine.

The business accountability gap

The real cybersecurity challenge often lies in organizational dynamics rather than technical implementations. John Mackenzie of CyberEQ emphasized that "cybersecurity is a non-technical problem that interfaces with technology," arguing that the greatest challenges don't involve technical solutions at all. Nina Wyatt of AHEAD placed the responsibility squarely on businesses themselves, noting this is "a multi-dimensional issue that fails to place blame on businesses (those truly accountable for mitigating the risk) that fail to hire those skills and think a product or tool will fix everything." She pointed out that while consultants and salespeople have their limitations, organizations ultimately "fail to prioritize accordingly, assess accordingly, and invest accordingly to address the risks that they have."

The communication imperative

Effective cybersecurity requires professionals who can bridge multiple worlds and speak different organizational languages. Jessica Buerger of IESE Business School emphasized that cyber professionals must master three distinct communication modes: "selling strategies, briefing executives and front-lines prevention and remediation," noting that understanding both business metrics and technical measures is essential in today's environment. However, Ethan Carter of Datavant warned about the consequences of poor communication, explaining that the "cybersecurity boom" created "a glut of Chicken Littles that executives and sysadmins alike learned not to take seriously."

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Huge thanks to our sponsor, Query

Query AI

Subscribe
Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Nick Espinosa, host, The Deep Dive Radio Show.

Thanks to our Cyber Security Headlines sponsor, Nudge Security

Nudge Security

Cyber chatter from around the web...
Jump in on these conversations

How much you code in your job? (More here)

Setting up a malware analysis lab on my laptop — what free tools and setup do you recommend? (More here)

What does “technical” really mean in cybersecurity, especially in GRC? (More here)

Coming Up On Super Cyber Friday...
Coming up in the weeks ahead on Super Cyber Friday we have:

  • [07-25-25] Hacking the Security Poverty Line

  • [08-01-25] Hacking the Talent Myth

  • [08-08-25] Hacking Toxic Culture

  • [08-15-25] Hacking Burnout

  • [08-22-25] Hacking Tabletop Exercises

 Save your spot and register for them all now!

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.