Defense in Depth
Do We Want CISOs Dictating How Salespeople Should Engage?

Sales is a tough job in cybersecurity. But does that make it okay to bombard a CISO for a meeting?

Check out this post by Marc Ashworth, CISO at First Bank for the discussion that is the basis of our conversation on this week’s episode co-hosted by David Spark, the producer of CISO Series, and Shawn Bowen, vp, deputy CISO - Gaming, Microsoft. Joining them is Ken Athanasiou, CISO, VF Corporation.

Frustration is a two-way street

It can be frustrating to get so many shallow cold calls from vendors. However, this reflects how hard it is for vendors to find their customers. "It isn't always easy for salespeople to find the customer with the problem you can solve, so it just ends up being a numbers game. Sales is hard, and hunting for new business is by far the hardest, so it is generally inside sales teams trying to get five minutes of your attention because they are paid to get meetings or they don't keep their jobs,” said Tim McLaren of GuidePoint Security. The frustration with sales goes both ways. No one benefits by stringing either a CISO or a salesperson along; as Mark Timothy Mandrino of Terry’s Grill JAX said, "I prefer for someone just to tell me to take a hike so I don’t spin my wheels or waste my time with them. Salespeople are also busy, and it’s our job to open doors and sell something to someone willing to listen."

Sales is data driven

Why do CISOs get so many cold calls and follow-ups? Because there’s data to support the behavior. Daulton Capps of Hook Security Co. said it’s “gospel in sales' circles” that reaching someone takes around nine touch points. Persistence statistically pays off since you’re likely not booking a meeting after one email. “While it may piss off a few, the data says to keep cadences longer and not stop after your first or second email," said Kevin Mallen of Contentsquare. While sales tactics might be annoying, John Haden of Trend Micro also aggressive behavior is the result of the expectations of the business, saying, “Every company whether old or new is expected to grow, sometimes at unreasonable rates. While most of us would love to sit back and let you guys do your research and contact us when you’re ready, the reality is we can’t."

Give customers the tools they need

Customers seek new and better solutions but often don’t feel well served by the sales apparatus. Vendors need to give customers the tools to do their own research if they want to. "Do not expect to ‘schedule a demo’ with nothing but an email description. If your product does not have a publicly available demo video, it is assumed vaporware. If the demo video is interesting, then the lead will follow," said Jason Keirstead of Simbian. When sales email become perceived as spam, no one benefits. For Eric Rosenberg of BHM Healthcare Solutions, it’s gotten to the point they are looking to “block the domains of the many companies that overdo it.” 

Start a conversation

Customers want to solve a problem. “Leading with value is the key rather than asking for a call without establishing any need,” said Tom Happé of Trueleads. As popular as cold calls are in sales, they are a poor substitute for building a real relationship. As Brian D. McCarthy of 327 Solutions explained, "Dialogue is usually where most relationships are built, not out of a cold email or LinkedIn engagement. I think value and trust must be present in any communication, or the efforts are moot and tire everyone out."

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Listen to the full episode.

Thanks to our podcast sponsor, Noma Security

Subscribe
Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

Super Cyber Fridays!
Join us Friday [01-24-25], for "Hacking Platformization"

Join us Friday, January 24, 2025, for “Hacking Platformization: An hour of critical thinking of how stitching together data, tools, and processes is necessary for the success of your security program.”

It all begins at 1 PM ET/10 AM PT on Friday, January 24, 2025 with guests Elad Koren, vice president, product management, Palo Alto Networks and Yabing Wang, vp, CISO and CIO, Justworks. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thanks to our Super Cyber Friday sponsor, Palo Alto Networks

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Phil Beyer, Head of Security, Flex.

Thanks to our Cyber Security Headlines sponsor, Dropzone AI

Cyber chatter from around the web...
Jump in on these conversations

"What positions require you to fly abroad?" (More here)

"Why does it seem like data breaches are becoming more and more common?" (More here)

"In your own experience and analysis, which job roles provide the most job satisfaction in cybersecurity?" (More here)

Coming Up On Super Cyber Friday...
Coming up in the weeks ahead on Super Cyber Friday we have:

• [01-24-25] Hacking Platformization

 Save your spot and register for them all now!

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.