Security Vendor Noise Is Deafening
I’m sure it’s no surprise, but there is a recurring conversation among security practitioners that was only heightened by the recent RSA Conference week. The early stage expo alone had nearly 50 exhibitors and the main expo floors had hundreds more. Almost every conversation I have with CISOs and their teams circles back to comments on the number of vendors in the security space and the overwhelming amount of noise in the industry.
They all agree. The noise is deafening.
One CISO shared that he gets a vendor email about once a minute. He routes all of them into a special folder — and then deletes them. Another told me he gets approximately 20 voicemails a day — and promptly deletes them. Others have said in the past that they have completely removed phones from their offices.
As a solutions provider, this can be disheartening to hear. It makes our job as sales and marketing professionals that much more difficult, but it is important to understand the immense amount of communication and noise your buyer experiences every day while also trying to manage the day-to-day pressure of securing their organizations.
As solutions providers, you are feeling the effects, too. There is so much pressure to deliver on growth targets and make the next sale that we have become super aggressive in our outreach (more on this in a future blog). Overall, this is a failing strategy and will leave a bad taste in the mouth of many a CISO.
Here’s the hard reality. It’s time to do a serious audit with your team to see if they are following the best practices. Here’s where to start in enterprise-class information security.
Understand appropriate, responsible, and account-based marketing. You’ve added account-based marketing to your mix, where you strategically target a collective group of stakeholders. If not, it’s time. Stop sending random items or calling the most senior buyer in the organization with a random value proposition in the search for nibbles and to juice your marketing qualified leads (MQLs). Sure, it’s totally fair game to call folks who work for CISOs who have opted in, downloaded materials, etc., but never the CISO directly. That’s what your relationships are for.
Offer value to educate and solve a specific problem. Security professionals are intellectually curious, and knowledge-based material or research goes a long way. Teaching them something new that will help them in their mission to protect their organizations will garner more attention than an email about your product or ambulance-chasing the latest threat. Sales sheets won’t cut it. Neither will most of your sales emails. They want to hear use cases about how certain technologies solved a problem for their peers and glean insight from meaningful research that also helps them solve problems.
Be a true partner and your existing clients WILL refer you to their peers. Don’t just check in at contract time. Don’t only push your products. Work with your customers to learn their challenges, ensure your solutions are satisfying their needs year-round, and make connections for them to others in the space that can provide services/support that your organization can’t. This partnership builds trust and value that will bring returns for you tenfold.
Sell to the user, too — not just the CISO. As the CISO role has expanded to incorporate more non-technical responsibilities, many rely heavily on their team for recommendations. They shared that the individuals who are using the solutions and working day to day within the infrastructure often have more valuable insight as to how tools will integrate. When selling into a new organization, take time to find the key influencers, establish trust with them and treat them well in order to get on the CISO’s radar. By the way, again, that’s called account-based marketing (ABM), in case you missed that point the first time around.
Sell on THEIR timetable, not yours. Procurement cycles for security buys can take as many as six to nine months, or even longer in some cases. And not all budget cycles will align with yours. Take the time to identify when your targets are buying, how long the cycle will take and who the key influencers are. If that organization’s budget cycle aligns with the federal budget, for instance, the CISO’s budget for 2019 may be due as early as summer 2018. Because budget cycles are different for every company, it’s worth taking the time to learn and capturing that information to be saved with your contact’s record.
And while we are discussing time… When security pros attend conferences, they often take meetings, and setting these up early is critical. Many shared with me that they started booking RSA meetings with strategic partners and potential vendors three to four months in advance. Others indicated the same for conferences like Black Hat and FS-ISAC. It is crucial to stay ahead in the game and respect their time by booking early, being flexible, and understanding that there are 400 other vendors trying to get on their calendar.
Here’s a bonus tip: If you want to know what an organization’s security priorities are, check their job listings. The positions they are looking to fill and the skills they are seeking will give you an idea of what problems they need to solve.
This blog post is the first in a series about using account-based sales and marketing strategies in order to establish relationships and sell to CISOs and security teams in a more individual, human, and respectful fashion. Stay tuned.