I hope I'm not saying anything revolutionary here, but you'd be surprised how many people don't use this one simple tactic to learn more about their clients/customers before blindly sending them a "I want to talk to you about cybersecurity" e-mail.
Sales person: "I want to sell cyber security technology to this customer."
Me: "What technology do they currently have in place? What are their business objectives? What are their goals?"
Sales person: "I don't know, they won't take a meeting with me. :("
Me: "Do some homework, go look at their job openings and see where they need help and what you can learn."
Let's go through a hypothetical here. Here's an opening from a hometown company:
So what can we learn from looking at this opening?
- They need A LOT of help on the application security side of things. It's listed 1st and 2nd (vulnerability management included). They also don't realize its "CI/CD" pipeline, so security and DevOps probably don't have much interaction today. Ok, it could be a typo, but let's be honest, 90% of the app sec conversations I'm having don't include one team or the other. Their main tools are Rapid7, Sonarqube, JFrog, and Burpsuite. So they have a decent toolset in place today, but it's geared towards security/technical teams and not DevSecOps minded folks. Probably run from behind a security curtain and lobbed over to dev teams. (I should rant about why security is the most hated team in another blog later....)
- They're probably a bit behind on cloud adoption/migration as there is no mention of containers (besides the randomly thrown in JFrog reference), AWS/GCP/Azure, serverless infrastructure, etc. So cloud discussions could go a couple ways: "We're staying away from the cloud, because ewww" or "We're looking to digitally transform ourselves by moving services/apps to the cloud". The Tetration piece is a tell as well.
- They have a Cisco EA..... Or at least they should.
- They're short-staffed and need "real" help, not someone to sell them more tools they can't manage. This opening requires someone who knows Vulnerability Management, Application Security, Possibly DevSecOps, DNS/CASB, Endpoint Security, Network Security, Network Access Control, and Email Security. If you try to sell one more tool to this customer, this poor security engineer's back will break. Possibly related, the reason why this job is open in the first place....
So what helps this customer? An email saying "We sell things"? Maybe, just maybe something pointed detailing how you can help solve the real problems they're having. I bet if you answered these questions in an email, your response likelihood would dramatically increase.
- How can you help automate application, code, and pipeline security? Can you do it with fewer resources? Can you do it with fewer tools?
- How can you accelerate their move to abstracting apps and services from code and technology? Can you automate migrations? Can you reduce consumption costs?
- How can you help them get the most use out of all those Cisco tools? Big hint here.... SecureX
- How can you make this engineer's job easier managing what seems like 40-50% of a security tool stack for a Fortune500 company? Is there expertise or services you can provide?
LinkedIn posts, word of mouth, and curated lists are great. But go to the source. They're telling you what they need in their job postings. Take a look, you might be surprised at what you can find and ways you can help your clientele.
