The Power of Influence for Security Leaders
I was selected to speak at RSA Conference 2026 for the first time this year, and had the honor of sharing the stage with Deidre Diamond, CEO and Founder of CyberSN.
Carraig Stanwyck and Deidre Diamond @RSAC 2026
Our session, "The Power of Influence for Security Leaders", started from a simple observation. Adversaries study influence every single day. Social engineers, nation-state operators, ransomware negotiators. They train this skill deliberately. Meanwhile, the people defending organizations are expected to just figure it out on the job. Research from Harvard Business Review, McKinsey, and the Center for Creative Leadership consistently places influence in the top three skills required for leadership effectiveness. Yet almost nobody in cybersecurity receives formal training in it.
Deidre and I come at influence from opposite ends. I spent years working for our government in the HUMINT (human intelligence) field before eventually becoming a Fortune 200 CISO and then CEO of 3 Tree Tech, where I was hired with a charter to create the channel partner I wanted when I was on the customer side. Deidre built her career in enterprise sales, scaling Rapid7 to $50M in revenue before founding CyberSN and co-founding the Day of Shecurity Conference. What surprised us both during the planning process was how much overlap existed between intelligence techniques and high-stakes sales methodology. The language differs. The underlying psychology is identical.
We made a deliberate choice early on to avoid the standard conference format of thirty slides read aloud in sequence. Instead, we built an unscripted conversational flow where each slide served as a waypoint, not a teleprompter. We included live role-plays between the two of us, demonstrating techniques like the power of silence and strategic questioning in real time. A CISO at 90 days presenting to a skeptical CIO. The audience watched it happen, and we could see it landing because people started shifting in their seats. When you teach someone an influence principle and then use it on them in the same room, the lesson sticks in a way no bullet point ever could.
That format was also, without question, the hardest presentation I have ever given. Weeks of rehearsal went into making it look like we were having a casual conversation. Deidre was an incredible partner through that process. Patient, precise, and willing to grind through take after take until the timing and handoffs felt natural. I cannot overstate how much her rigor elevated the final product.
Three principles anchored the talk. Find the Mutual Win, Ask Before You Tell, and Say Less Mean More. We grounded each one in cognitive science and then showed what it looks like in practice, whether you are negotiating a security budget, leading an incident response, or trying to bring a resistant business unit around to controls they did not ask for.
The biggest lesson I took away from the experience has nothing to do with influence tactics. The best presentations are built in rehearsal, not in slide design. The audience should never see the work. They should only feel the result. Deidre and I are already planning to evolve this talk for future conferences, and I am looking forward to seeing where it goes next.
Proven people leader and program architect with extremely diverse background and extensive track record of immediate success.
Building cybersecurity programs across government and Fortune 500 companies taught Carraig one thing: most technology vendors weren’t really interested in understanding what his teams truly needed.
Linkedin
