There’s a stench wafting through the cybersecurity industry lately — and no, it’s not just the latest zero-day or headline-grabbing breach. It’s something more insidious. Something that’s been whispered about for years but lately has started showing up with its own dirty fingerprints all over the place.

I’m talking about CISO Payola — a term I never thought I’d have to use in this industry, but here we are.

Over the past few months, I’ve seen more than a few stories pop up — some on LinkedIn, others in backchannel threads, and even a couple whispered in confidence from folks I trust — about CISOs engaging in what can only be described as unethical at best, and felony-level bribery at worst. I’ve been in this business long enough to recognize smoke when I see it. And lately, there’s been a lot of smoke.

Let me walk you through what I’m hearing, and you tell me if it smells right to you.

The $20K Table of Trust

Here’s how one of these stories goes: A cybersecurity vendor reaches out to a CISO. Nothing shady so far. They have a solid product, some traction, and they’re looking for a shot. The CISO is intrigued — says he wants to hear more. In fact, he’s got a group of CISO buddies who’d be interested too. Sounds like a golden opportunity, right?

And then comes the catch: For $20,000, you can be a sponsor at our exclusive CISO dinner or club.

Now maybe that fee goes to pay for the steak and wine. Maybe it goes to an LLC tied to the group. Maybe it just disappears into the void. Who knows? But what I do know is this — it’s not sitting right.

The vendor doesn’t get a commitment, mind you. No one’s promising to buy anything. But if you don’t pay the fee, well… you’re not sitting at that table.

Is that illegal? Probably not. Is it unethical? I sure think so.

We’ve all paid for booths, webinars and sponsored roundtables. But when the line between marketing spend and “buying access” to influence blurs that hard, we should all be uncomfortable.

The Equity Ask: The Line Gets Crossed

Now, if that story didn’t leave a bad taste in your mouth, try this one on for size.

I heard from a vendor who was making real progress with a security leader at a large enterprise. The CISO loved the product, saw the potential, was ready to move. Just one more step: The CISO wanted some equity in the company before the deal closed. Or maybe it was a cash bonus. Depends who you ask.

Let’s not sugarcoat it — that’s bribery.

You can put a bow on it and call it a “consulting fee” or an “advisory role,” but when it’s tied to a vendor getting a deal with your company, and you’re in a position of authority over that deal, it’s corruption. And it undermines everything this industry is supposed to stand for.

Why Vendors Keep Playing the Game

Now, before we throw every vendor under the bus, let’s acknowledge the reality: Most vendors aren’t looking to break the rules. They’re trying to survive. And the way many go-to-market plans are structured today, everything revolves around getting in front of CISOs.

We hear it all the time at Techstrong: “Can you guarantee CISO eyeballs?” That’s the holy grail.

So when some shady “executive roundtable” comes along and says, “You want access? Pay up,” it’s not hard to see why some vendors reach for the checkbook. I’m not excusing it, but I understand the pressure.

Still — just because you can doesn’t mean you should.

This Isn’t New, But It Feels Worse Now

If you’ve been around this industry long enough, you’ve probably heard stories like these before. I have. Decades ago, I knew a few security execs who left their posts under mysterious circumstances. Rumors swirled. Payments. Kickbacks. Quiet exits.

Back then, it felt like isolated incidents. One-offs. Now? It’s starting to feel like a pattern.

Maybe it’s just more visibility. Maybe it’s social media exposing things that used to stay in the shadows. Or maybe, and I hope I’m wrong here, we’re normalizing behavior that would have been scandalous a few years ago.

We Need to Talk About This — Out Loud

I’m not here to name names. That’s not my role. But I am here to call bulls**t when I see it — and this stinks.

The vast majority of CISOs I know are honorable, hard-working pros who care deeply about their teams, their missions and their integrity. They don’t need this stink clinging to their title. And the vendors doing things the right way? They deserve a fair playing field — not one rigged by backroom deals and hush-hush handshakes.

So what do we do?

We talk about it. We shine a light on it. We tell our peers it’s not OK. We say no when someone offers us a shortcut that compromises our ethics. And maybe — just maybe — we build an industry where integrity matters more than influence.

Because if we don’t clean this up ourselves, someone else will. And we may not like how they go about it.