A Cyber Sec Love Story: CISOs and Sales

Helen Rabe Header

Helen Rabe is the Head of Global Security Information & Operations at AbCam, and one of the most respected figures in the industry. We met with Helen to discuss:

  • Why CISOs should invest in building relationships with great sales people.
  • Why so many sales people get it all wrong.
  • How both parties can take much greater value from the relationship.

 

Introduction

As CISO, it’s my job to stay on top of new technology and assess how its adoption could benefit our strategy. A key part of that is forming the right relationships with the sales people of vendors, and if managed well this can represent a valuable, symbiotic partnership that benefits all concerned.

I have built relationships with some fantastic sales people. They are not only great conduits for information, but trusted advisors. In return, I help them any way I can, from speaking at events to making introductions.

However, too often people go about it the wrong way; sales people treat CISOs as nothing but a means to hit their target, and CISOs treat sales people as an irritant to be avoided. Everybody loses.

 

4 recommendations to CISOs

1. Keep an open mind

We’ve all been burnt by the silver bullet promises of unscrupulous sales people, but that mustn’t close our minds to future relationships. A great sales person is not only highly informed and well connected, but will work hard to add value to your working life. These are people you want in your network. Finding the great ones, of course, is not always easy – they are a rare breed – but the first step is to keep an open mind and treat them with respect.

 

2Look out for the ones who don’t claim to have all the answers

Trust is critical. The sales person who claims to know everyone and everything is likely to disappoint. Instead, listen out for those that acknowledge their limits, tell you when they don’t know the answer and have the self-confidence to introduce you to people better placed to handle those challenges.

 

3. Offer to help

The relationship has to work both ways. If you don’t want them to view you as a mere sales target, then you need to be clear on the value you can add elsewhere. What information can you share to help them better understand the market? Who can you introduce them to? There may be a peer out there who has a need for their solution. And what mistakes can you help them avoid?

Above all, don’t play games. Don’t lead them on or waste their time. Treat them with professional courtesy.

“Don’t play games. Don’t lead them on or waste their time. Treat them with professional courtesy.”


4
. Check in with your peers

When I’m approached by a vendor or seller with whom I have no existing relationship, one of the first things I’ll do is reach out to my network to get a sense of their credibility, both as a person and organisation. If it’s a particularly big investment, peers who have been through similar challenges can even assist during the sales process and offer an objective, neutral perspective on the suitability of the solution to fit our needs.

 

7 recommendations to sellers

1. Don’t spam

This one seems to be a particular issue for the new vendors. They don’t seem to realise that there are a limited number of CISO’s, and once bridges have been burnt they’re going to struggle to repair them. I had one sales individual recently send me 9 emails, each one more direct than the last. Their final email stated “I’ve repeatedly tried to get hold of you. I feel like I’m shouting into the abyss.”

This was the only email I responded to, but needless to say that it wasn’t the reply they’d been hoping for. Let’s just say that I was “diplomatically assertive”.

Not only has this person ruined any chance they may have had of engaging with me, but she’s also tarnished the reputation of her company.  I appreciate sales people have targets to achieve, however a CISO’s role is incredibly busy. If the CISO hasn’t responded after 3 emails, they are unlikely to respond at all; leave them be and move on.

 

2Be clear on your value proposition, then deliver it with imagination

Your proposition needs to be clear and relevant, but with so much noise in the day and life of a CISO even that may not be enough to get their attention. You have to think creatively.

Someone recently sent me a postcard following a conversation we had at a vendor sponsored event, as a means of generating a follow up conversation. Brilliant. Of course I read that.

Is an email faster and cheaper to send than a postcard? Of course, but the value is in the personal touch. If you show that you’ve taken effort to make contact, I’m going to make the effort to acknowledge it.

 

3. Come to the table well armed

This is the single most important point – do your research.

This research can cover:

  • The CISO – how long have they been in the role? Where were they before? Do you have mutual contacts? If so, what can those mutual contacts tell you about the person prior to your first meeting?
  • See if you have any contacts in common and reach out to these people.  Ask if they know me and how well, and are they aware of my challenges in my current role? It isn’t easy but if I hear that you have been making the effort (and we often do hear of these activities via our networks) it shows me you are committed and taking the time to understand my needs.
  • The company – look at their annual reports. Research their website. What are their key strategic goals and how can you help the CISO play their role in achieving those goals?

“If you combine deep product insight and clear value proposition with extensive research into the CISO and their company, it’s going to be very difficult for that CISO to turn you away.”

If you combine deep product insight and clear value proposition with extensive research into the CISO and their company, it’s going to be very difficult for that CISO to turn you away. Even if they can’t buy from you today, your care and attention to detail will have made an impression and sooner or later it will pay dividends. The time is never wasted.

 

4. Quality over quantity

Rather than trying to contact every CISO, you will achieve far more by investing in just a handful of relationships. Become the trusted advisor to two or three really well respected CISOs and you will find just about any door can be opened.

 

5. Don’t neglect relationships with other suppliers

This is often undervalued. Find another great sales person with existing relationships and see how you can build a strategic partnership.

Rather than coming directly to me, a sales person will probably achieve more by building a relationship with one of my existing suppliers. There is one supplier in particular who I consider a trusted advisor, and if he tells me to meet with someone then I’m almost certainly going to say yes.  It may sound counter intuitive to network with the competition, but I have seen it work.

 

6. Offline vs digital

Nowadays, it seems as if companies want a digital solution to every problem. But how can you be unique in a world of digital saturation?

When so many people are overwhelmed by digital activity, it’s often the traditional communication methods that cut through the noise. CISOs tend to lose focus very quickly, so you need to find a way to stand out and keep our attention. In other words, if your only method is digital, you are likely to be ‘drowned out’ by the noise and be passed by. Making a cold call is unlikely to succeed but a small personal note in the mail with a new eco friendly mug may be the right way to go. Research your CISO and see what their likes/hobbies are to ensure your approach resonates.

 

7. Events

Events are a great example of how the real world can outperform digital. I get invited to loads of webinars, but I just can’t commit that much time to staring at my screen in the hope of learning something new. An event on the other hand, where I know I will be mingling with great people, is often of interest as it allows me to network with peers while asking questions to those who have either experienced the service/solution or are thinking of it.

The key is to get the format right. Typically I take the greatest value from the small, intimate events where real care has been taken over getting the right people, ensuring the content of the topic is relevant and offers a great, personal experience. Those will always keep me engaged and coming back for more.