How Should Security Vendors Engage With CISOs?
CISO Randall Frietzsche of Denver Health has had enough of the security vendor marketing emails and cold sales calls. He's blocking them all. But it's not a call to avoid all salespeople. He just doesn't have the time to be a target anymore. So how should vendors engage with such a CISO? And does this CISO represent most CISOs today?
Check out Randall's post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark , the producer of CISO Series , and Geoff Belknap , CISO, LinkedIn . We welcome our guest Joy Marie Forsythe , VP, security, Thrive Global .
Persistent follow up often generates the opposite effect. “The sales ‘system’ is essentially broken and really needs to be reworked,” said Brian Teusink, CISSP of 安永 . Teusink was speaking of the volume demands of calls, emails, and outreaches sales managers impose on their staff. Persistent follow up, and going over a CISO’s head to the CIO is not landing well, resulting immediately in lost trust, said both Rich Chen of West Monroe and Al Berg , CISO of Tassat . "Escalating tactics are a great way to get my attention, but probably not the attention you want,” said Justin Kingston , CISO of Farnsworth Group, Inc. .
It may be a numbers game, but many security professionals don’t want to be caught in the numbers. "For all the folks who will block the sales attempts, some will be open to a discussion and that is enough to solve lots of problems. People are busy and don't typically respond with the first attempt. So what may seem annoying to you is necessary to reach the intended audience," said Tracy Aymond of CBM Technology . John Overbaugh , CISO of ASG , doesn’t like getting caught in the funnel. "Sales come from building relationships,” said Overbaugh. "’Sales Bro’-oriented environments don't get that, so they live, sleep and die by the funnel - make 200 calls, make a sale. I refuse to be part of those 200 calls."
Part of a CISO’s job is being aware of solutions in the market. We got a lot of controversial discussion in response to Pierrot Ferland of SPAK chastising the CISOs who didn’t welcome vendor outreach. Ferland said, “Your job as a CISO is to be open to the market and evaluate new products. By doing this (ignoring calls and marketing emails) you will miss a lot of opportunities to learn about new trends.”
The marketplace is confusing and it’s expensive to get recognized. Given the sheer volume of security vendors in the marketplace (I’ve heard 4,500 being repeated) it can become very expensive just to be visible, noted Magdalena (Maggie) Kernie of Egnyte . "The vendor landscape is already huge and crazy,” said Mark Fermin of 英迈 . “We're all trying to get a piece of the addressable market, but at the end of the day we need to go back to basics and focus on the things that ultimately bring mutual success in solution sales: building TRUST and RELATIONSHIPS."
Please listen to the full episode here, on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast , please go ahead and subscribe now.
Thanks to our podcast sponsor, Code42 (acquired by Mimecast)
Cyber Security Headlines - Week in Review?
Make sure you?register on YouTube ?to join the LIVE "Week In Review" this Friday for?Cyber?Security?Headlines?with?CISO Series?reporter? Richard Stroffolino .?We do it this and every Friday at 3:30 PM ET/12:30 PM PT?for a short 20-minute discussion of the week's cyber news. Our guest will be Allison Miller , cybersecurity and technology executive.
领英推荐
Thanks to our Cyber Security Headlines sponsor,? 趋势科技
Jump in on these conversations?
"US/EU bans TikTok"?(More here )
"Go back to government/clearance work or lose my clearance"?(More here )
"What news website do you use to keep up with the latest threats & emerging technologies?"?(More here )
Coming up in the weeks ahead?on?Super Cyber Friday?we have:
Save your spot and register for them all now!
Thank you for supporting CISO Series and all our programming
We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!
Everything is available at?cisoseries.com .
Interested in sponsorship,?contact me,? David Spark .
UNC Health, CISSP, CISM, CPHIMS
1 年I liked the quote from Joy Marie Forsythe: “Honestly, I think if there is one type of cold email that is successful, it’s when vendors actually send out sort of webinar invitations talking about a topic that’s of interest.” Come for the interesting conversation, stay for the sales pitch. True story - I do at least one webinar a week like this. I get CPE credits while I eat lunch, they get brand name exposure, and everyone wins.
Principal, US Sales Strategy and Consulting
1 年I think the secret here is to learn your buzzwords… Amirite Christopher Prewitt ?
Data Strategy @ Rudderstack
1 年Great show all around. I learned so much on how to adjust my strategy, thank you David Spark Geoff Belknap and Joy Marie Forsythe. Here’s a thought that definitely caters to Geoff Belknap, let’s promote these community events better on LinkedIn! As you can search candidates, senior leaders, and so called “sales targets” it would be massively beneficial if I can do the same thing for these events which we all enjoy. Have we ever thought that maybe it is the devices that that gives us this culture of cold out reach? My intent in a cold email is to build this trust that we all want, but as you get so many and can’t respond to all, sales people go to different desperate strategies to get your attention to begin this cycle. Example: todays marketplace approach. We need to address the root cause, which is the tools we use to get in touch with you. I think this could be a great adjustment to see success, building of trust, and efficiency from all parties!
Founder/Product | AI/ML, Data Analytics
1 年Great insights, David Spark. CISOs already have a lot on their plate. Isn't it a lot to expect a CISO to focus both internally on securing assets and externally on keeping up with the technology and working with vendors? Do you think it's scalable and sustainable unless CISO is a functional org within the company instead of a person?
Chief Information Security Officer | Board Member | Adviser Currently not open to unsolicited vendor offers.
1 年I appreciate the engagement on this episode, from both sides of the table. In my experience, sales happen at the intersection of need, budget, and solution. I have a need your solution fills, and it's at a price I can afford. The challenge is bringing solution and need together. Years ago, I would get a call or two per week. The industry was immature and there wasn't much competition (for instance, in 2012 when I needed SAST, there were really just 3 options). Now the market is so oversaturated that I am getting 5 or 10 calls a day (and if I ever find out who gave out my phone number...), and easily 20 emails a day. There is no way I can do my job as husband, father, and Pops, my full-time job as a CISO, AND keep up with all those offerings. We almost had a solution for this, and I hope Victoria Germanova sees this period as a pause and a regroup. Callity has/had a business model much like Tinder. CISO's had a need, vendors had offerings, and Callity matched us. The challenge came in getting enough momentum that the market saw the intrinsic value. In an oversaturated market with too much noise, old techniques just won't work.