Why Cold Outreach Has Stopped Working for CISO-Targeted Vendors
At RSA Conference 2026, over 600 vendors competed for CISO attention with nearly identical messaging. The result: CISOs have stopped reading vendor homepages and have moved their real vendor research into private peer communities, Slack groups, and curated roundtables.
LinkedIn cold outreach response rates from cybersecurity vendors to CISOs have collapsed from 8% to under 3% in 2026. Email sequences fare similarly. The buyers are still there, still evaluating vendors, still spending budgets. They have simply moved their research and trust-building process somewhere vendors cannot easily follow.
Where CISOs Actually Research Vendors in 2026
Private peer communities. CISO Slack groups, LinkedIn communities with member vetting, and Gartner peer connect forums are where CISOs discuss what is actually working, which vendors are overselling, and which problems remain unsolved. Vendors who show up here uninvited get removed. Vendors who contribute genuine insight get shortlisted.
Curated roundtables. Small, practitioner-led discussions with 10-20 CISO peers on a specific challenge (AI threat surface management, board reporting on cyber risk, post-quantum migration timelines) are the highest-trust B2B format in cybersecurity. CISOs will accept a roundtable invite they would delete as a cold email.
Peer referrals. A CISO referral from a trusted peer bypasses the entire awareness phase. The vendor goes directly to evaluation. This is the most valuable pipeline source for cybersecurity companies, and it is not replicable with volume outbound.
What Event-Led Outbound Does That Cold Sequences Cannot
Event-led outbound earns access by offering something genuinely valuable: a live conversation with peers on a challenge the CISO is actively navigating.
When LinkedOtter runs a CISO roundtable for a cybersecurity client, the invite is not a pitch. It is an invitation to a curated peer discussion on a specific topic the CISO cares about. The vendor facilitates; they do not present. The result is a room of 30-40 CISOs who have chosen to engage rather than been cold-prospected into a funnel.
That room converts differently. These are buyers who showed up on their own terms. The follow-up is a continuation of a conversation, not an interrupt.
The RSA Program Example
In a recent RSA-adjacent program, LinkedOtter identified 1,266 CISOs and security leaders matching a client's exact ICP, ran a curated event invite campaign tied to a live roundtable on a topic with no good public answer, and placed 38 C-level attendees in the room. Within 60 days, the client had booked 43 qualified meetings from that program.
None of those meetings came from a cold LinkedIn message or a generic email sequence. Every one came from an attendee who chose to show up.
How to Build a CISO Roundtable Program
Step 1: Pick a topic with no easy answer. Not "how to improve your security posture." Something specific: "How are CISOs structuring board reporting when the board has no technical literacy?" or "What does a post-quantum migration actually cost at a 5,000-person company?"
Step 2: Build your invite list from your exact ICP. Use Apollo or ZoomInfo to filter CISOs, VPs of Security, and Heads of Information Security at your target company types and sizes. 500-1,200 is the right invite volume for a 30-40 person roundtable.
Step 3: Send a plain-text invite from a named person. Not a Mailchimp template. A plain-text email from a named colleague, referencing the specific topic and why this particular CISO's perspective would add value.
Step 4: Follow up on engagement, not on the click. The day after the event, a human reaches out to each attendee who asked a live question, referencing what they said. One question. Not a pitch.