Find images and links for this episode on CISO Series (https://cisoseries.com/defense-in-depth-how-cisos-discover-new-solutions/)

Are security professionals so burned out by aggressive cybersecurity marketing that they're giving up on discovering new and innovative solutions? What are the best ways for cyber professionals to discover new solutions?

Check out this post and discussion for the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest for this episode is Yaron Levi (@0xl3v1), CISO, Blue Cross and Blue Shield of Kansas City.

Thanks to this week's podcast sponsor, ComplianceForge

ComplianceForge is a business accelerator. ComplianceForge offers a full-stack of cybersecurity documentation that ranges from policies and standards, to controls, metrics, procedures and program-level documentation to provide evidence of due diligence in managing risk, vulnerabilities, secure design and other pertinent areas that requires clear and concise documentation.

On this episode of Defense in Depth, you'll learn:

• The two tactics of carpet bombing with marketing emails and cold calls are universally hated, but they must produce results and that's why they continue.
• If a CISO wants to discover new solutions, they must expose themselves somehow to what's out there. New solutions aren't magically going to land in your lap.
• Many CISOs rely on their networks of CISOs but that can limit your thinking if none of the CISOs are willing to venture outside of the group.
• Don't rely on your own discovery. Task your staff members to do it as well. Encourage and reward the showing of new ideas to the group which can and will foster disruption and innovation.
• You need a trusted partner, a reseller, or a vendor who can be your eyes and ears. Finding that trusted partner doesn't come easily, but when you find it, hold onto it because you're going to need them.
• Your trusted partner should be proactive about giving you quarterly updates.
• Large conferences and vendor emails act as touch points, but they don't act as a valuable source of information.
• Engage in smaller local conferences where you can meet and build trust with your local experts.
• If you do go to a large conference, and you walk the trade show floor, aim for the edges where you find the smaller companies.
• Best advice for CISOs was to create a form for vendors to fill out if they want the chance to meet with you.
• Yelp-like review sites have questionable credibility, but they are a touch point in tool discovery. Lean on podcasts and discussion groups, such as Slack.