Defense in Depth: When Vendors Pounce on New CISOs

A security professional announces a new position as CISO. As a vendor you see this as good timing to try a cold outreach to sell your product. Why do so many vendors think this is a good tactic, when in reality it’s exactly what you should not do?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Yaron Levi (@0xL3v1), CISO, Dolby.

Got feedback? Join the conversation on LinkedIn.

Huge thanks to our sponsor, Anjuna

Anjuna Confidential Cloud software effortlessly enables enterprises to safely run even their most sensitive workloads in the public cloud. Unlike complex perimeter security solutions easily breached by insiders and malicious code, Anjuna leverages the strongest secure computing technologies available to make the public cloud the most secure computing resource anywhere.

Full transcript

[David Spark] A security professional announces a new position as CISO. As a vendor, you see this as good timing to try a cold outreach to sell your product. Why do so many vendors think this is a good tactic when, in reality, it’s exactly what you should not do.

[Voiceover] You’re listening to Defense in Depth.

[David Spark] Welcome to Defense in Depth. My name is David Spark, I am the producer of the CISO Series. Joining me for this very episode is Geoff Belknap who’s the CISO over at LinkedIn. Geoff, the sound of your voice, it would sound something like…?

[Geoff Belknap] It would sound something like this.

[David Spark] You know what? You keep consistent every episode, I appreciate that.

[Geoff Belknap] Aye, it’s what I’m here for.

[David Spark] Our sponsor for today’s episode is Anjuna. They are a cloud security company and specifically, they work on creating secure private environments on public cloud. More about that later in the show. But today’s topic comes from a guest who hasn’t been on our show in quite some time, thrilled that he’s back. It’s Yaron Levi who’s the CISO over at Dolby and he complained about the flood of vendor pitches he got when he announced his new CISO position on LinkedIn. Now, this behavior, the new CISO pounce, is so prevalent. Now every time I talk to a brand new CISO, I ask them how many pitches do they get, and they light up and go, “Oh, my God. They’re still coming in.” So, it’s always in the hundreds and I get the sense that vendors believe that the CISO is kind of raw meat when they get a new position. That they are kind of staring at a blank slate, and they don’t know anything, and they are looking for some guidance from vendors they’ve yet to meet. Geoff, how wrong is this kind of thinking?

[Geoff Belknap] Oh, is it wrong? No, probably not. Is it incredibly annoying for a new CISO? Incredibly yes.

[David Spark] And just the headline and we’re going to get into this. And also I want to not make this a vendor bashing session but more how better to handle it. What is it, the issue?

[Geoff Belknap] I think for new CISOs, the job – even if you’re not a new CISO – the job can be so daunting sometimes. If you’re brand new to the job, it’s incredibly stressful. You have to learn the company, you have to learn your team, you have to sort of learn everything you need to know about how to do that job at that new organization. And to just be flooded with vendor reachouts, it’s just one more thing that you probably don’t have the cycles to deal with right then. But at the same time, when else are you going to make your intro to this new CISO? And who knows? Maybe me starting a job or Yaron starting a job, maybe we don’t need the vendor reachout, but maybe somebody else does, I don’t know. I think I’m of the team now where it’s pretty easy for me to filter my emails and manage my stress. So, if you got to send them, send them. You’re just doing your job and I’m just doing mine.

[David Spark] Good point, all right. I want to introduce our guest who we’ve had on before, and I’m thrilled to have him back on again, and I’m thrilled that he brought this conversation to us. Because we’ve talked about this on the other show, and I’m thrilled that we’re going to dedicate the entire show to just discuss this topic. And I do definitely want suggestions on better ways to handle this than, “Just stop doing it.” So, thrilled to have him on, it is the CISO over at Dolby, Yaron Levi. Yaron, thank you for joining us.

[Yaron Levi] Thank you, David. Thank you, Geoff. I’m thrilled to be back here again. It’s an honor to be on your show always, so thank you.

What are we going to do now?


[David Spark] So, the beginning of Yaron’s thread was a lot of complaining from sales professionals saying that that their job is hard and, “How else are we going to do it?” And so a couple of quotes here. David Helkowski of Dry Ark said, “I just think everyone deserves the benefit of the doubt before you write them off completely.” And Joel Fulton over at Lucidum noted that after 22 hours there were already 1300 likes – referring to your post – cheers, etc. for your post, Yaron. And in the end though, there were actually 2500. So, updating his numbers for his comment, Joel said, “Only 1 in 10 will report their dissatisfaction. If 25,000 buyers feel this way, that’s meaningful and extremely valuable sales intelligence.” In essence, stop complaining and think about what this response means. So, I’m going to throw that actually to you first, Yaron. What does this response mean?

[Yaron Levi] Yeah. So, first of all, I have to say that I have a lot of empathy for the sales professionals. They have a very difficult job, and they’re under a lot of pressure to hit their numbers. And in many cases, if they don’t hit their numbers they get replaced. So, when someone is under constant threat of being fired, they’re fighting for survival.

[David Spark] Yes.

[Yaron Levi] And that’s doing a lot of things that are, let’s say, not optimal. So, often there’s a significant misalignment between the sales professionals and the CISOs. Sales professionals are focused on hitting the numbers short term, and what they do is fairly transactional. But for the CISOs, to deal with what we are dealing with, you have to play the long game which is a completely different mindset. So, I think kind of going to Joel’s point and the point he made that what the market is telling the vendors is that, “We need you also to play the long game.” Which is based on building relationship and trust and not just closing a deal.

[David Spark] And by the way, you brought up a really good point, Yaron, and I do not know the answer to this, and if you think you do, I would love to hear it from both of you. But the problem is the way that these salespeople are compensated, essentially it invites this kind of behavior. Yes, Geoff?

[Geoff Belknap] Yeah. Well, and it really depends on what role that person’s in. If you’re a sales development representative or an SDR or a BDR, which is really the person who your whole job is to send cold outreaches to try to develop leads, yes, at the end of the day this is your job, you have to send these out. And that’s very hard, it’s sort of like going door to door. You’re going to get a lot of doors slammed in your face and you have to develop some thick skin. And you know what? I have a lot of empathy for that like Yaron does, but I think it’s the way that you reach out that really matters, right?

I understand SDRs, the frontline sales folks are not incentivized for building long-term relationships necessarily, but if you reach out with a, “Hey, congratulations on the job. This is what I sell, this is the company I represent,” whatever it might be, “Let me know if you need something.” I’m fine with that, that’s great. It’s these reachouts that are… I watched a YouTube video about how to send a “gotcha” email to grab somebody and you get sort of like the subject line is, “You’re vulnerable right now.” And if you’re tricking me into reading your email, we’re not going to have a great relationship. And those are very frustrating and annoying, especially if you’re new in the job. So, I think it’s a matter of – we understand, there’s a lot of symbiosis here – just if we could just rethink how we’re sending these notes out, I think that would make a big difference.

[Yaron Levi] And if I may add to the point that Geoff made about trickery, when people are trying to trick you into taking their call, or just kind of break your defenses or whatnot. You’re dealing with security people. One of the core tenets of security or core values of security is integrity. If you are trying to trick somebody, you are compromising the integrity. How do you expect me to do business with you if you compromise my integrity? Just think about it.

How did we get here?


[David Spark] Sharmane Tan of Sekuro said, “The market has always been saturated with many inexperienced business development people who are not trained and sometimes do not have the desire or passion in understanding our industry properly and hence, many CISOs have become jaded along the way in their dealings with them.” And Jules Okafor of Revolution Cyber said, “Most CISOs would prefer a pull rather than a push strategy by sales teams. “Engage, share content, and attract me to explore for information. Stop broadcasting to me unwanted information,” they say. So, I’ve heard that a lot and I will also say, just because I talk to a lot of vendors, the number one story I hear again and again and again is, “We’re small. We’ve got an amazing product. Nobody knows we exist. People are just trying to get on your radar.” Geoff, I mean… And they just see this as your announcement is a great way to get on your radar. And like what you said before, just saying, “Congrats, this is what I do,” that’s kind of a good way to do it.

[Geoff Belknap] Yeah. I think that would be my preferred way. I realize I’m not selling a product and I don’t have a startup that I’m letting people know about so it’s much easier from my position to say that. The main thing I’ve needed when I’ve changed roles is just be there for me when I need you. Not deleting all my email. I’m going to search it at some point. A friend of mine, Yaron’s going to mention to me that he’s using something, I’ll be like, “Oh, that’s cool. I’m going to go see do I have an email from that vendor.” That is how I use my inbox. I would prefer that approach, that’s great. At the same time, I get it. You need to get your name out there. Fantastic. Just to Yaron’s earlier point, just don’t trick me, don’t tell me you’re already my vendor with one of these, “Oh, I cover your company for this product.” Just let’s be upfront with each other.

[David Spark] And I would also sort of add, and this is kind of a plug just for the CISO Series, but we’re kind of building a community. I very much know many vendors solely because they’re participants in the community and I know other CISOs know that they are. We have a whole section on our website that says, “Participate.” You don’t need to sponsor anything with us to get the acknowledgement and the visibility with the CISOs that listen to us. Yaron?

[Yaron Levi] Yeah, that’s true. I mean, I think people are struggling like, “Okay, how am I going to stand out? How will people know about me?” Well, do something awesome. Participate in the conversation. Do something for somebody else. People will notice. And like Geoff mentioned, people will talk and they will share.

[Geoff Belknap] Yeah. Be a member of the community.

[Yaron Levi] Absolutely.

[David Spark] So, let me ask. I just mentioned one example is just through the stuff we do, like through our video chats and also commenting on posts that we put out there and we quote people, whatnot. And just by the way, LinkedIn is just a phenomenal space for the cybersecurity community. I mean, it seems like 70% plus of our audience comes through LinkedIn. Where else – may I ask sort of advice for the community – where else do you think you have found great cybersecurity communities which you actually listen to what vendors are saying there? Geoff?

[Geoff Belknap] Well, I think LinkedIn’s a very fine website, maybe I’m biased. But I also think, look, pre-pandemic, I’d tell you Black Hat and DEF CON are a fine place to put together some people, and especially in those situations you’re prime for that. If I’m going to a Black Hat or DEF CON, I know that I’m going to interact with vendors. And honestly, I’m looking to like, “Great, I’m going to connect with some vendors and hear about them in a hopefully low-pressure scenario where I’m going to see a bunch.” If there’s not that, and I understand Black Hat and DEF CON and RSA are not things that are easy to do right now because of the pandemic, I’m looking for opportunities like that.

I, for a long time, hated doing these webinar things, but I have definitely eased more of the like, “Hey, we’re going to do an evening where we talk about three or four vendors and do a whiskey-tasting or something,” right? I think it’s as much on CISOs as it is on vendors to try to buy into events where it’s like we can have a safe place to have these conversations, and we need to be willing to do more of them. I also think it’s on us – and I’m curious what Yaron thinks about this – but I think it’s on us as leaders in the security profession to make a safe place to engage with vendors, right? It’s not like we can’t do security without any single vendor or any single salesperson involved, so we can’t necessarily pretend like they’re not a part of the community.

[David Spark] Yaron, where do you like to see vendor engagement in the community?

[Yaron Levi] Yeah. So, in all of the local communities… And by the way, I completely agree with Geoff and same things coming from my side. I don’t think about vendors as vendors, I think about them as partners. Because in order to win that fight, I mean, we need to have those partners that can help us. We can’t do it on our own, we’re all in the same boat. And a lot of the times, it’s the conferences which unfortunately we cannot go to right now, but there are many local groups and meetups and people who make it important and make it a priority to stay in touch.

We have one here in Kansas City, for example. We have the CISO Forum here with about 60 people. We used to meet pre-pandemic in person every month. Post-pandemic, we moved everything to Zoom. But we are meeting and we are making an effort to go and do that. We have some Slack channels we can collaborate on. So, we [Inaudible 00:12:48] that, but in some cases we also invited the vendors to those sessions to have thought leaderships, to talk about different things, I mean, to provide feedback to the vendors.

One of the ways that I started to get involved more more recently, probably in the last couple of years, is with the VC community. Because they will bring a lot of new and fresh ideas, and some of them are great, some of them are terrible. But that collaboration with those new companies and the ability to give them feedback on, “Hey, these are the problems we need fixing, here is where you can help us,” I think it’s a win-win for both. So, a lot of it is we are sourcing [Phonetic 00:13:19] but I think there are many, many opportunities to get involved.

Sponsor – Anjuna


[Steve Prentice] What’s in store for 2022 for your data and your business? Anjuna wants you to know. According to Anjuna customer Michael Schrank who is Group CISO of Adidas, privacy regulations like GDPR are getting bigger and sharper teeth.

[Michael Schrank] In the last couple of years, GDPR fines have been growing. I expect that in 2022, we will see GDPR fines that are above 100 million, so be prepared and open your pockets.

[Steve Prentice] This is not without precedent. Amazon was fined $877 million and WhatsApp was fined 255 million. Schrems II has also removed the shield that US companies use to transfer data in compliance with GDPR. This means that companies everywhere must pay close attention to the placement of their data, and not just in the EU.

[Michael Schrank] My predication for 2022 is that many companies will realize that they need to do more about GDPR in general. And that also means we need to think about how can we still use services that are outside the European Union, but keep the data secure in a way that the providers of the services don’t have access to that data. Because after all, the grace period of the Schrems II is more or less coming to an end and all the companies will need to take action.

[Steve Prentice] This insight has been brought to you by Anjuna Security. Anjuna provides software that builds completely private confidential clouds on the public cloud. Protect against attacks and fines by securing your data in any cloud. Learn more at

What are they doing right? Wrong?


[David Spark] Jules Okafor, again, from Revolution Cyber said, “So much of sales will need to shift to a focus on content marketing and better thought leadership, focusing on providing value once a prospective buyer has decided he or she has interest,” and that’s a tease of her last comment in the last segment. And Ovidiu Catrina of StepStone said, “If you follow that model of referral and then your friend does the same and so on, the smaller entities will never get the opportunity to show their added value.” Now, this is a complaint we’ve heard often. And we talk about sort of the CISO echo chamber, because CISOs talk to CISOs, and how does a new company get in if just CISOs are getting their information from other CISOs? So, I’m going to throw this to you, Yaron. How do CISOs get information about new companies if they are only talking to other CISOs?

[Yaron Levi] So, there are many channels, right? Yes, one of the big source for us is the other CISOs in the community. That’s definitely a big, big part of it.

[David Spark] Because it’s a known trusted network, right?

[Yaron Levi] Exactly. It’s based on trust.

[David Spark] And the thing is if you’re talking to another CISO, you don’t know they have something specific to push on you.

[Yaron Levi] Right.

[David Spark] They’re going to be honest about their experience with their products.

[Yaron Levi] Right.

[David Spark] And with a vendor.

[Yaron Levi] Yep. And oftentimes, it’s going to be something like, “Hey, I have this problem. Did anybody else do anything about it?” or, “What do other people think about it?” and they will say, “Yeah, we did that.” So, like, “Okay. Well, let’s talk about how you did that.” So, that would be one. I think there’s a lot of variance within the community, also within the vendor community, so you can usually get several vendors or several perspectives, it’s not just, “Okay, yeah. We all go with this one tool,” and that’s it. So, that’s going to be one source. If you have a good VAR and partner that you work with, I know it’s a hit and miss in many cases. I’m lucky to have a great one that I’ve been working with for years and they do a fantastic job. I mean, they know how we operate. They have their insight into the market. They see different things, they bring us new ideas. But they bring ideas that are aligned to our strategy and roadmap, they don’t just say, “Hey. We see this new thing. Do you want to buy it?” “No.” So, that’s another source. And I do a lot of my own research, reaching out to VCs, reaching out to companies, looking online, reading different things. That’s how I do it.

[David Spark] So, Allan Alford had done it one time and he kind of made it very public that he was dedicating, I think it was an hour a week, to just talk to vendors and setting up time to speak with them. It might have been actually more than that, actually. It seems great because it was a mechanism for him to educate himself. He was sort of filtering what he did and didn’t want to speak to. But Geoff, where on sort of the value chain of doing something like that, because I know carving out that much time to just speak with vendors just to educate yourself, it’s a tough call but you do see the value in it, yes?

[Geoff Belknap] Yeah. Absolutely. And not every CISO will go to that extreme that Allan was doing, but every CISO is meeting some new companies, right? We’re not completely shutting the door. There is a lot of noise that gets to us, and some of those things stand out, or for whatever reason they reach us. And I’ll say that’s valuable. I see it as my job. I have many hats, one of them’s sort of attracting and retaining good talent, one of them’s sort of helping the business understand where the risk is and what we can do about it. And yeah, one of them is understanding what’s out there. What solutions are available to make my job easier? Like offload some of the problem that my team is having. Or what’s a completely new approach to a completely new problem? That’s as much my job as it is my chief architect’s job, right? I should be building relationships with those folks. So, I think that’s really valuable and it is effectively part of the job. It’s just I don’t have the time to be a VC, I can’t meet with everybody that wants to pitch something, there’s got to be a connection there.

And that’s why, like I started the show, send the emails, it’s fine. I’m going to not read most of them but some of them I am, it’s a numbers game. So, I don’t hold it against people that send them. The other thing I’ll just mention before we wrap this segment up is a lot of CISOs talking to other CISOs is not, “Hey, anybody have any solutions for this?” It is some of that but it’s also like, “I’m thinking of using product X. Does anybody have any experience with that?” It’s not, “I hate product X. Do you hate product X also? Okay. Let’s all agree to never buy from product X.” It really is just, “I’ve made a decision, I’m looking for feedback. If anybody else is using this, let me know. Let’s compare notes.” So, I’m not doing all my discovery through my CISO network but I am getting like…

[David Spark] It’s a touchpoint, essentially.

[Geoff Belknap] It’s a touchpoint. I’m getting enriched information. And yeah, I’m hearing people like Yaron and other people in our network talk about something they’re doing and I’m going like, “Oh, all right. I’m going to remember that for later if I need something like that.” So, I think it is important but I think it’s really important that just you have to be part of the community.

If you looked at the problem this way


[David Spark] Rich Mason of Critical Infrastructure gave this advice, “Participate in a metricplace instead of a traditional marketplace. Let your metrics do the talking. If you can really move the needles that customers care about, they should come to you.” And then he goes on and says, “Yelp! is an example of a successful metricplace. I’ve yet to have a Cordon Bleu chef call me at home and ask me if I’m hungry for Italian food tonight. Why is that?” And I love that comment.

Now, I will say this, and this is something that is going to be on something we’re actually going to be recording later, is there is not a good Yelp! equivalent for cybersecurity products. While his analogy is great and I love it, it doesn’t hold up just because we don’t have something that good. And that’s, in fact, one of the major problems of our marketplace is there isn’t something to look at like that. Right, Yaron?

[Yaron Levi] Yeah, absolutely. I love his comment and it makes me chuckle and I was thinking, “Yes, I wish we had Yelp!” and when I go on Yelp! usually I’m looking for something I’m craving. So, if I crave a good Kansas City barbecue, there is no way that a salad bar will be able to convince me to spend my 20 bucks with a salad bar. Yeah, I wish, I mean, there was something like that, that you know, hey, CISOs, what they crave…

[David Spark] And there are attempts, like G2 is a company that’s trying to do that but it’s not populated enough by any stretch.

[Yaron Levi] Yep, I agree, I think you’re right.

[David Spark] But it’s also hard to review and this is something we’re going to be talking about, Geoff. It is hard to know even if your product’s doing well when you have it.

[Geoff Belknap] It 100% is. There are so many different ways to compare these products and to talk about them, and a lot of the metrics right now come down to throughput or how much volume they can handle. There’s not really a metric for how good a security tool is today. Which is why I go back to the comment from Jules earlier, it’s like don’t be a content marketer, be a thought leader. And when I say be a thought leader, it’s have people on staff that are out there opining and sharing their opinions and relating it to the product that they’re marketing, about how to solve a given problem in the threat landscape that we’re dealing with. Those are people I want to talk to. Even if I disagree with you, I want to engage with that and talk about why I disagree and give you the opportunity to like win me over, convince me, maybe I’m thinking about this wrong, maybe you have some information to inform my thinking about it. But that’s the equivalent of, great, instead of Gordon Ramsay calling me and asking me if I’m interested in this food he’s making, and the answer is, “Yes, Gordon, feel free to call anytime,” I want to see your equivalent of Gordon Ramsay putting on a demonstration and talking about the thought and the passion and the technology behind what they’re doing. That’s going to draw my interest because I know now there is good R&D behind this product. There’s more to it than just the product itself.

[David Spark] A couple of quotes here. One is – I think you might be both familiar with – Andy Ellis has this form letter, this form rejection letter he sends out. And part of that rejection letter is the comment of, “How do I get on your radar?” and he says, “Just be awesome and I’ll find out about you.” And similar too, there’s a famous quote from Steve Martin, which I’ll paraphrase because I don’t know it exactly, but I think the line is, “Be so good that they can’t avoid you,” or, “They can’t ignore you.”

[Yaron Levi] They can’t ignore you, yeah.

[David Spark] So, Yaron, I’ll ask you this in kind of closing. Can you think of a vendor that was so good that you weren’t working before but you just couldn’t ignore them because of their, I guess, awesomeness in the community, they were creating great content, or anything like that?

[Yaron Levi] I don’t know if I can think about somebody in the security space right now kind of on the spot, but I think one of the examples that come to mind, at least for me, is Zoom.

[David Spark] Sure.

[Yaron Levi] I mean, if you think about when Zoom started, Webex dominated the market. People said, “Why do you even need another videoconferencing solution?” right? And Zoom just kind of was the little thin guy who came and did something good and something awesome. And then the pandemic came…

[David Spark] Well, Webex definitely needed a swift kick in the…from a competitor.

[Yaron Levi] Yep. And when the pandemic started they just kind of gave it for free to everybody, so they did something awesome to the community, and look where they are today.

[David Spark] Yeah.

[Yaron Levi] So, I think if you do something good, good will come back to you.

[David Spark] The community will…

[Geoff Belknap] Let me give a couple specific examples here.

[David Spark] Sure.

[Geoff Belknap] If I dial the clock a ways back, it’s like look at FireEye when they first came out 10, maybe 15 years ago. That was something very new and interesting and different. And while that specific technology might not be as relevant today, that was an example of you came to that because it was so new and interesting, it was exciting. I’ll point at Duo when they first came out with their 2FA technology, that was new, the whole different approach to how people were doing that and they were an amazing organization that drew people in and wanted to connect with them. And I think even in the same way, you can look at Carbon Black, you can look at Microsoft with what they’re doing with the Defender, and just there are so many products like that and companies like that that stand out because what they’re doing is so interesting you’re drawn to it. And now I know that’s really hard, if you’re a niche player or if you’re a brand new company it’s hard to do that. But it’s like just be awesome. Even if your product is not as competitive as you might be, be awesome at customer service, be awesome at building relationships, be awesome at delivering your product and your service to customers. That stuff will stand out just as much as somebody’s giving an amazing talk on the internet or something like that. We’ll hear about how great you are, even if you can’t get airtime with Gartner versus somebody else.



[David Spark] And that brings us to the close of today’s show. This was excellent. Thank you both very much. Now, we’ve come to the point of show, and I’ll start with you, Yaron, tell me what was your favorite quote and why? Which one was it?

[Yaron Levi] Yeah, I was torn between Rich Mason and Joel, between those two quotes, but I’m just going to go with Joel. So, I think it’s spot on.

[David Spark] And to remind people, Joel’s comment was about listen to the fact that the way people responding to Yaron’s post because only a small percentage will speak up, so this is saying a lot.

[Yaron Levi] Yep, absolutely. Use that feedback. And it’s easy to get defensive and I understand why people are getting defensive. But the goal behind his post was not to shame or blame or anything else like that. It’s try to educate, try to deliver feedback that people are going to actually use for the betterment of everybody.

[David Spark] Good point. And Geoff, your favorite?

[Geoff Belknap] Well, my favorite quote here is Rich’s about Cordon Bleu chefs calling me asking me if I’m hungry for Italian food, that – bravo, Rich, very good job – but I’ll…

[David Spark] But hold it. Let me pause for a second. Wouldn’t you take that as quite a stellar invitation?

[Geoff Belknap] Absolutely, I’d be like, “You know what? Now I am. I’m hungry now.”

[David Spark] I didn’t think about it but huh, I don’t know.

[Geoff Belknap] Yeah. Like I said, Gordon Ramsay, you want to call me, I’m accessible, hit me up. But I really, in all seriousness, go back to I think Jules Okafor’s comment here which is, like, so much of sales will need to shift from a focus on content marketing to better thought leadership, and focus on improving value once a prospective buyer has decided he or she has an interest. That really hits the heart of what it is, for me at least. Don’t just pitch me content marketing or a webinar or something like that. Focus your efforts on thought leadership. And to be specific here, I’m not saying focus your efforts on thought leadership through whatever these research development programs are where you announce vulnerabilities and you’re getting your name in the paper through sort of shenanigans. I don’t care about that. But if your product solves problem X, have some thought leaders on the team about that problem set that you’re working on and have them putting out thoughts. Let’s connect with them. I want to talk to those people and I want to talk about the products that they’re supporting with their thought leadership. That’s interesting to me. And I think that’s a way to really be part of the community without any of these shenanigans that are very distracting for us.

[David Spark] And by the way, just to clarify Jules. She said actually content marketing and better thought leadership. So, a lot of people do develop their content marketing as a thought leadership effort but I totally get what you’re getting at there. All right. Well, thank you so much, Geoff. Thank you so much, Yaron. Yaron, I’m going to let you have the last comment and as you know, I always ask are you hiring, so make an answer for that. Geoff, I know you’re always hiring and I know that the area to go is to LinkedIn for just that. Anything else you want to say about that?

[Geoff Belknap] That’s it. I feel like I’ve got you well trained now. I’ll have to get you doing bumpers for us.

[David Spark] [Laughter] Yaron, are you hiring over at Dolby?

[Yaron Levi] Yes, I am. But if I may, I actually want to do something different.

[David Spark] Sure.

[Yaron Levi] I’m actually mentoring a young lady that is trying to get on [Phonetic 00:28:21] her first steps in the security world and we’re trying to help her find somebody who is going to give her her first shot.

[David Spark] Okay.

[Yaron Levi] Her name is Ava, she’s awesome, she’s very sharp, very capable. Unfortunately, I don’t have an opening on my team right now, otherwise I would hire her for that level of role. But if there’s somebody out there who is looking for a sharp uppercomer, somebody who just needs a first shot to get into security, she’s awesome. So, let me know, I’ll be happy to make the connection.

[David Spark] Entry level.

[Yaron Levi] Entry level, yes.

[David Spark] Ava. So contact Yaron, which you can get him through LinkedIn, and we’ll have a link to him, or on Twitter, also a link there, to connect with Ava for her first entry-level position in cyber.

[Yaron Levi] Absolutely. Yes, thank you.

[David Spark] Awesome. I like that.

[Geoff Belknap] Awesome. Yeah, that’s great, Yaron.

[David Spark] All right. Well, I want to thank our audience as well. Thank you so much for your contributions and for listening to Defense in Depth.

[Voiceover] We’ve reached the end of Defense in Depth. Make sure to subscribe so you don’t miss yet another hot topic in cybersecurity. This show thrives on your contributions. Please write a review, leave a comment on LinkedIn or on our site: where you’ll also see plenty of ways to participate, including recording a question or a comment for the show. If you’re interested in sponsoring the podcast, contact David Spark directly at Thank you for listening to Defense in Depth.