Asaf KatzGTM Advisory
← All articles

How to Book Meetings with Heads of Security in 2026

By Asaf Katz · June 14, 2026

Drafted with AI on my frameworks, stories and numbers. Judged and edited by me.

Quick answer

Heads of Security and Deputy CISOs receive over 300 cold outreach attempts per month and reply to fewer than 3% of them. The approach that books meetings in 2026 is not a better cold email — it is creating a reason to meet that is relevant to their current priority, not your product.

Why Cold Outreach to Heads of Security Fails

The average Head of Security, Deputy CISO, or VP of Information Security receives over 300 cold vendor outreach messages per month. They reject most within five seconds. LinkedIn outreach response rates in cybersecurity have fallen from 8% to under 3% since 2024.

Cold email is worse. The inbox of a Head of Security at a 500-person company contains dozens of vendor sequences at any given time. Getting through is not a deliverability problem — it is a relevance problem.

The short answer: Heads of Security will meet with you when you are not trying to sell them something. They will come to an event, a roundtable, or a peer discussion because it makes them better at their job. The meeting comes after.

What Heads of Security Actually Respond To

Based on patterns across LinkedOtter events in the cybersecurity vertical:

Peer-to-peer learning: Heads of Security respond to invitations where they will hear from peers, not vendors. Frame every outreach around what they will learn or contribute — not what you will pitch.

Current threat and regulatory context: If there is a major breach in the news, a new NIST framework, or a pending SEC disclosure rule change, any outreach tied to that context gets read. Generic sequences get deleted.

Specific role relevance: A Head of Security at a Series C fintech has completely different priorities than a CISO at a 5,000-person healthcare company. Personalization at the role and company level is the minimum bar for a response.

The Event Invite That Gets a Yes

LinkedOtter delivered 38 C-level security executives to one RSA-period event from 1,266 prospects. Here is the structure that works:

Subject line: Reference the specific topic the event addresses, not your product. Example: "Roundtable: how security teams are handling NIS2 third-party risk" — not "Meeting request from [company]."

One-sentence value statement: "We are bringing together Heads of Security from [similar companies] to discuss [specific topic] on [date]. Not a vendor pitch — structured peer conversation."

Social proof by role: Name the types of attendees who have confirmed, by title and company type. Heads of Security check whether peers they respect are attending.

Clear ask: A registration link or a simple "are you available?" — not a 15-minute call to discuss whether the event is relevant.

Timing and Cadence

Cybersecurity buying follows the conference calendar. RSA Conference, Black Hat, and regional CISO roundtables create natural moments when Heads of Security are in a discovery mindset. Events held in the 2-4 weeks before or after a major industry conference capture peak buying attention.

Send the first invite 21 days before the event. Send one reminder 7 days before and one 2 days before. Do not add a fourth touch — it signals volume over precision.

Post-Event Follow-Up

The meeting happens after the event. Within 24 hours:

  1. Send a personalized message referencing something specific they said or contributed during the event.
  2. Propose a 20-minute follow-up to share a relevant resource or benchmark related to the event topic.
  3. Do not pitch in the first follow-up. Ask a question about their current priority.

From 1,266 invites, LinkedOtter clients consistently convert 3-5% to qualified meetings within 14 days of event follow-up. In a vertical where 3% cold outreach response rate is the ceiling, that conversion rate represents a structural advantage.

Frequently asked questions

How many cold outreach messages do Heads of Security receive monthly?

Over 300 cold outreach attempts per month, according to cybersecurity marketing research. LinkedIn outreach response rates in cybersecurity have fallen from 8% to under 3% since 2024.

What types of invitations do Heads of Security actually accept?

Peer-to-peer learning events, roundtables, and topic-specific discussions where the focus is on what they will learn or contribute — not vendor pitches. Relevance to their current priority is the deciding factor.

When is the best time to reach Heads of Security?

In the 2-4 weeks before or after major industry conferences: RSA Conference, Black Hat, and regional CISO roundtables. These periods coincide with peak discovery and evaluation mindset.

What converts a Head of Security from event attendee to sales meeting?

A post-event follow-up within 24 hours that references something specific they said, proposes a 20-minute conversation around a relevant resource or benchmark, and does not pitch in the first message.

What conversion rate should I expect from a security-focused event campaign?

3-5% conversion to qualified meetings within 14 days of post-event follow-up, from an ICP-matched invite list. This compares favorably to under 3% cold LinkedIn response rate in the same vertical.

Related

Is your go to market ready to scale? Find out in 60 seconds.

Take the free check