Join us tomorrow for "Hacking Trust in Security"

Author

Josh Peets
April 23, 2026

Join us TOMORROW, Friday [04-24-26], for "Hacking Trust in Security"

Join us Friday, April 24, 2026, for “Hacking Trust in Security: An hour of critical thinking about moving from a cost center to a trusted partner.”

It all begins at 1 PM ET/10 AM PT tomorrow, with guests Will Gregorian, CISO, Galileo Medical, and David Nolan, former CISO, Asurion. We'll have fun conversation and games, plus at the end of the hour we'll do our meetup in breakout rooms.

Defense in Depth
What Makes a Successful Security Vendor Demo?

Far too many vendor demos are falling short on just delivering the basics of what a security professional expects to see. Isn't the point of a vendor demo to get the potential buyer interested in the product?

Check out this post from Adam Palmer for the discussion that is the basis of our conversation on this week’s episode co-hosted by David Spark, the producer of CISO Series, and Geoff Belknap. Joining is Ken Beasley, BISO, Kaiser Permanente.

Listen to the full episode here.

Show me the problem, not the product

A demo that leaves a buyer wondering what the tool does has already failed. Nadeem Rehman of Goldmark Real Estate wants to see "the interface, the workflow, the friction points, and how you eliminate them." If the demo doesn't map to his top three headaches, "it's a missed opportunity." His preferred framing borrows from incident response: "What went wrong, why it mattered, and how your tool would've changed the outcome. That's how you earn trust — and budget." Jim Sneddon, CIO at Agentantics, brought the vendor-side perspective from years of running sales engineering teams: research the customer's sector, identify common pain points, show the top three use cases customers see value from, then ask about specific pain points and show how you address them. "If you can't, tell them straight up. If you are not confident you can reduce risk, increase efficiencies, or reduce costs, you should not be sitting in front of the customer. 

Walking in blind

A demo without context is a search for problems, not a path to solutions. Ludvik Jerabek of Proofpoint described that kind of experience, saying, "You walk in as an engineer like a blind person with a long pole, carefully feeling your way around, hoping to find what's really there. The meeting ends up feeling generic, more like a search for problems than a path to solutions." Wyman Bartlett of Hilton Grand Vacations flagged a separate friction point: proprietary terminology. "If I need to watch a video on your password-protected training site just to understand the arcane trademarked names for your flavor of a feature, you're already losing me."

Discovery is the demo

The best demos are built before the screen share starts. "If a vendor hasn't spent time asking sharp discovery questions to pinpoint the CISO's pain, the demo is guesswork. No discovery, no demo," said Mariusz Przybyla of ProLimes. David Higgs of Rapid7 described the engagements he finds most effective, ones where the majority of time goes to discovery, "and then maybe even just demonstrating three key features that map to pain points extracted. They may have only seen 10% of the platform at this point, but the combination of that and the in-depth discovery is where they see the value." Ran Nahmias of Palo Alto Networks framed it as a sequence: "Learn the CISO's actual challenges and current priorities. Too many assume the problem they solve exists and is top of mind — often not the case. Next, align the value to that context, then earn the right to demo."

Define the use case, set the clock

Even when vendors get the format right, they often get the scope wrong. Martin Kuppinger of KuppingerCole has seen it all, like demos that were requested but never materialized, demos that were "highly generic," and screenshots passed off as demonstrations. His advice to buyers is to take control, saying, "Define a few use cases and scenarios you'd like to see covered, define and restrict the time for the demo." A brief look at UX and differentiating concepts has its place, but concrete scenarios are what make a demo useful. "Many demos I have seen were good," he noted. "Not all, though."

Please listen to the full episode on your favorite podcast app, or over on our blog, where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Thanks to our podcast sponsor, Fenix24

Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

Your security team has a brand, whether you've built one or not.

Dread and relief are the two gut reactions from an interaction with security. These moments of engagement define the security team's reputation more than any policy or metric. The most effective security teams earn trust by partnering with the business, enabling speed with guardrails, and embedding a civil defense mindset across the organization.

Thanks to our participants:

  • Krista Arndt, associate CISO, St. Luke's University Health Network

  • Mark Eggleston, CISO, CSC

  • Sam Jacques, vp, clinical engineering, McLaren Health Care

  • Chris Ray, field CTO, GigaOm

Join the conversation tomorrow, 04-24-26, on Super Cyber Friday. Our topic will be "Hacking Trust in Security." Register here.

What it actually takes to build a security team that works

The most effective security teams aren't the ones with the biggest budgets. They're the ones who made security feel like a resource rather than a roadblock.

Six security leaders joined r/cybersecurity for an AMA on hiring, culture, and building teams that actually work inside a business.

Thanks to our participants:

  • Charles Blauner, (u/OG_CISO), operating partner, Crosspoint Capital

  • Joshua Scott, (u/threatrelic), CISO, Hydrolix

  • David B. Cross, (u/MrPKI), CISO, Atlassian

  • Shaun Marion, (u/MarshaunMan), vp, CSO, Xcel Energy

  • Derek Fisher, (u/Electronic-Ad6523), director of the cyber defense and information assurance program, Temple University

  • Caleb Sima, (u/CalebOverride), builder, Whiterabbit

Read the full article here. Join us again on r/cybersecurity for our next AMA, starting this Sunday, April 26. We’ll be focusing on the unique challenges of security professionals in the healthcare industry.

Join the CISO Series Podcast LIVE in Boston (4-30-26)

CISO Series Podcast is recording live at the offices of Aqueduct Technologies in Canton, Massachusetts. David Spark will be joined on stage by Andy Ellis, principal at Duha, and Dmitriy Sokolovskiy, svp of cyber resilience at Semrush.

All are welcome. Whether you're just getting into cybersecurity or you're a seasoned veteran. Space is limited.

It's all happening on Thursday, April 30, 2026 at 5:00 PM. Register here.

Huge thanks to our sponsors, Dropzone AI and Strike48.

Cybersecurity Headlines - Department of Know

Our LIVE stream of The Department of Know happens every Friday at 4 PM ET / 1 PM PT with CISO Series producer Richard Stroffolino, and a panel of security pros. Each week, we bring you the cybersecurity stories that actually matter, and the conversations you’ve been having at work all week long.

Friday’s episode will feature Michael Bickford, CISO, New York State Gaming Commission, and Brett Conlon, CISO, American Century Investments. Join us on YouTube and catch up on what shaped the week in security.

Thanks to our Cybersecurity Headlines sponsor, ThreatLocker

Cyber chatter from around the web...
Jump in on these conversations

  • "What I wished someone told me before my first real cybersecurity job" (More here)

  • "Cyber Security from having a job that is prestigious and genuinely cool to "AI is taking all of our jobs away" (More here)

  • "Anthropic's MCP Protocol has critical flaw affecting 200,000 servers" (More here)

Coming up on Super Cyber Friday:

  • [04-24-2026] “Hacking Trust in Security”

  • [05-01-2026] “Hacking the Death of Entry-Level Jobs”

  • [05-08-2026] “Hacking the End of Compliance”

Register for and add all of these events to your calendar on our Events Page.

Cybersecurity Headlines - Daily News Shorts

Subscribe to the CISO Series YouTube channel, for daily shorts videos from CISO Series reporter, Rich Stroffolino. You can find all of the stories he’s covered, plus new content every weekday, at the Cybersecurity Headlines Shorts YouTube playlist.

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.