TLDR: CISOs ignore most cold outbound. The approach that works in 2026 is not a better email sequence. It is a live cybersecurity event they actually want to attend. ZoomInfo helps you build the list. This guide covers the filters, the intent signals, and how to convert that list into a filled executive webinar and then into meetings.
Why CISOs Are the Hardest B2B Buyer to Reach with Cold Outreach
CISOs receive more unsolicited outreach than almost any other enterprise buyer. Every security vendor, platform, and consultancy is trying to reach them. Their inboxes and LinkedIn messages are saturated. Cold email reply rates in B2B have dropped to 3.43% on average in 2026, and for CISOs, the real rate is likely lower.
The reasons go beyond inbox saturation:
CISOs are gatekept. At larger organizations, CISO outreach is often filtered by an EA or a security operations team. Direct contact details are deliberately hard to find.
CISOs are risk-averse by profession. Clicking unknown links and responding to unsolicited emails is exactly the behavior their job trains them to avoid. Cold outbound runs directly against their professional instincts.
CISOs buy differently. Peer trust, conference conversations, and community recommendations drive most security purchase decisions. A vendor email is low-trust by default. A trusted peer introducing a topic at a live event is a completely different dynamic.
The implication: reaching CISOs requires a different approach, not a better subject line. You need to create a context where the CISO chooses to engage. That is what a well-run cybersecurity executive event does.
Step 1 - ZoomInfo Filters That Find Active CISOs, Not Just Job Titles
The default ZoomInfo search for "CISO" returns a long list of people with that title. The useful list is much shorter: CISOs at companies where your solution is a plausible fit right now.
Here are the filters that matter:
Title variations. Search for CISO, Chief Information Security Officer, VP of Information Security, VP of Cybersecurity, Head of Information Security, and Director of Cybersecurity. Titles vary widely, especially at mid-market companies where a Director may hold CISO-level responsibility.
Company size and stage. Filter by employee count aligned to your ICP. For most enterprise cybersecurity vendors, the relevant range is 200 to 5,000 employees. Above that, security organizations are complex and procurement cycles are long. Below that, CISOs may not exist as a dedicated role.
Industry verticals. Narrow to the industries where your solution creates the most value: financial services, healthcare, critical infrastructure, SaaS, or defense contractors. A CISO at a 500-person fintech has fundamentally different priorities than one at a 500-person retail chain.
Recent hires. New CISOs almost always review and reassess their vendor stack within the first 90 days. Use ZoomInfo's "recently started role" filter to surface CISOs who joined in the last 60 to 90 days. This is one of the most reliable purchase-intent signals in cybersecurity.
Company growth signals. Filter for companies that have recently raised funding or hit growth milestones. Growing companies expand their attack surface and often accelerate security investment.
A well-filtered ZoomInfo list of 200 to 500 CISOs in your ICP is more valuable than a raw list of 5,000.
Step 2 - Layering Intent Data to Find CISOs Actively Evaluating
ZoomInfo contact data tells you who exists. Intent data tells you who is looking right now.
ZoomInfo Streaming Intent and Bombora topic intent can surface accounts where security decision-makers have been researching topics relevant to your solution: zero trust, endpoint detection, identity management, compliance frameworks, or whatever your solution addresses.
Here is how to use it practically:
Define your intent topics. Pick three to five topics that signal an active evaluation. For a SIEM vendor, those might be "security information and event management," "SOC automation," and "threat detection platform." For an identity security vendor, "privileged access management" and "zero trust identity" are strong signals.
Filter for surge accounts. In ZoomInfo, filter your target account list to show only accounts where intent for your topics has surged in the last 30 days. These are accounts where someone is actively researching. The CISO may or may not be the researcher, but senior security leadership is almost always in the loop on active evaluations.
Cross-reference with recent news. Accounts that have recently suffered a breach, announced a compliance initiative, or disclosed a significant security investment are also high-priority. ZoomInfo's news filters surface these triggers.
The combination of title filters, company fit filters, new CISO hires, and topic intent reduces a 5,000-contact list to a prioritized 300 to 500 that are worth a genuine outreach effort.
Step 3 - Using the List to Fill a Cybersecurity Executive Webinar
Here is where most sales teams go wrong: they take a good ZoomInfo list and immediately load it into a cold email sequence. For CISOs, this destroys the list faster than it generates pipeline.
The approach that actually works is using the list to fill a live event worth attending.
Choose a topic the CISO actually cares about. Not your product. A real operational challenge: third-party risk in a post-supply-chain-breach world, operationalizing AI governance before regulators force the issue, building a security program that survives budget cuts without increasing exposure. The topic should be something a CISO would want to discuss with peers regardless of whether they buy from you.
Invite, do not pitch. The outreach for a webinar invite is fundamentally different from a cold sales email. You are offering access to a conversation, not asking for a meeting. That distinction changes the response rate dramatically.
Keep the event small enough to feel exclusive. Executive roundtables of 20 to 40 CISOs convert better than large-scale webinars. The intimacy signals that the event is worth the CISO's time. Larger webinars work well when the topic and speaker lineup are strong. LinkedOtter regularly runs events with 460 to 577 live attendees.
Follow up based on attendance. The CISOs who attended are your warm list. They have already signaled interest by showing up. The follow-up is a conversation continuation, not a cold pitch.
What a 1,266-Prospect Event Campaign Looks Like in Practice
At RSA Conference 2026, a LinkedOtter campaign reached 1,266 prospects in the cybersecurity space and secured meetings with 38 C-level executives. That is a C-level meeting rate that cold email cannot approach.
The structure was not complicated:
- Build a target list using the filters above, focused on CISOs and security VPs at relevant account types attending RSA.
- Send event-specific invites that connected the live conference context to a meaningful follow-on conversation.
- Qualify based on engagement signals: who responded, who asked questions, who engaged with pre-event materials.
- Follow up with the highest-signal contacts immediately after the event, with a personalized message that referenced what was discussed.
Separately, a cybersecurity-focused webinar campaign generated 754 signups in 26 days, with more than 100 registrations from named target accounts. The conversion from those registrations to qualified meetings was significantly higher than anything the same team had achieved with cold outbound.
LinkedOtter events start from $6,000 per event. For a pipeline motion that reaches 38 C-level buyers in a single campaign, that math works.
The playbook is repeatable: build the right ZoomInfo list, invite it to the right event, follow up with the people who showed up. That is how you reach CISOs in 2026.