As RSA Conference 2025 took over San Francisco, 10Fold Communications once again gathered some of the sharpest minds in cybersecurity for its signature Security Never Sleeps panel. Now in its 13th year, this invite-only event is known for cutting through buzzwords and bringing executive-level candor to the issues that matter most.
Moderated by Carl Wright, Chief Commercial Officer at AttackIQ, the panel featured:
- Brigadier General Paul Craft, former Deputy Commanding General, U.S. Cyber Command
- Sumit Johar, CIO, Blackline
- Mark Tomallo, CISO, Victoria’s Secret
- Sachin Vaidya, CIO, Heritage Bank of Commerce
- Pete Luban, VP of Cybersecurity and IT Risk, Dimensional Fund Advisors
These leaders shared practical insights for vendors, peers, and partners alike. Here are the key themes that stood out:
1. Trust Is the Currency – And It’s Earned Over Time
In a world where cold calls have become cold emails (often sent to your former employer), genuine relationships still reign. “Friends equal built-in trust,” one panelist shared, emphasizing that buyers value long-term relationships and reputations over flashy demos.
Executives also echoed that their teams – those still “in the trenches” – remain the best source of truth. Listening to their feedback is essential for identifying what’s working and what’s noise.
2. Don’t Talk at Me, Show Me the Outcomes
Customer advocacy carries more weight than any deck, demo or presentation. Panelists underscored the importance of investing in customer success teams and letting satisfied users speak on your behalf. “We want to hear from your customers, not your marketing team,” said one panelist. Real-world impact beats jargon every time.
3. AI Is Everywhere – but Ambiguity Is a Red Flag
Not surprisingly, AI dominated vendor messaging at RSA Conference, but leaders are already tuning out the hype. “Everyone says they’re AI-first,” one panelist said, “but no one explains what that means.” Buyers want specificity. What part of your process uses AI? How does it improve outcomes? And how does it fit into a broader protection and response strategy?
4. Know the Room Before You Enter It
Buyers aren’t wandering the show floor hoping to stumble upon solutions – they arrive at RSA Conference knowing exactly who they want to meet. If you don’t already understand where your company sits within their tech stack or peer ecosystem, they won’t take the meeting.
Don’t lead with product features. Lead with relevance. How can you help with the problems they’re currently facing? The panelists highlighted that, too often, marketers are leading with the capabilities they think are cool and innovative versus how that helps with the security challenges burdening CISOs and their teams.
5. Back to Basics: Risk, Visibility, and Metrics
Amid all the AI talk, panelists made it clear that some of the most critical cybersecurity priorities are still foundational – asset management, configuration, visibility, and third-party risk. Especially as boards become more security-conscious, CISOs are under pressure to clearly communicate how their teams deliver measurable protection and ROI.
Bottom Line: The cybersecurity buyer journey is more selective, more strategic, and more relationship-driven than ever before. If you want to earn a seat at the table, focus on building trust, delivering real outcomes, and communicating with clarity – not just noise.