Here’s a short synopsis of an article written by our managing editor, Mark Weatherford. For the full article, check this out. 

In my roles as both a former CISO and now a security vendor, I have unique insight into what customers do and don’t want to hear in a security product pitch. After sharing this numerous times over the past year, I’ve developed what I call my 10 Rules for Cybersecurity Salespeople:

  1. The customer’s time is valuable, treat it like the valuable thing it is. Remember that if a CIO or CISO works 60 hours a week, giving you 1/60 of that week is a considerable sacrifice. Don’t squander the opportunity.
  2. Do your homework. Then do some more. Know the customer, professionally and personally (the Internet and LinkedIn are your friend) and know the customer’s challenges (any recent media activity for the company?).
  3. Tailor your presentation. The CIO is different from the CISO is different from the cloud architect is different from a security engineer.
  4. Never talk down to the customer. Don’t assume you are smarter than them, because you probably aren’t.
  5. Don’t waste even one slide of your vendor pitch telling me how bad the cyber threat is and who the bad guys are. I’m a security professional in the technology business – I already know this. It insults my intelligence and makes me question yours.
  6. NEVER, NEVER, NEVER, say, “My company would have “prevented Mirai, or WannaCry, or Meltdown/Spectre.” It may be true (doubtful) but you’ll only appear arrogant, which is never endearing to a customer.
  7. Don’t talk about how bad or incompetent security staffs are these days. That’s my tribe you’re talking about. I’ve put my life-blood into building my team and many of these people are my personal friends who are way smarter than me.
  8. Make a sale opportunity so compelling that the customer can’t lose. Be creative with timing, pricing, and services, and be prepared to close today. Make it easy on the customer.
  9. LISTEN! LISTEN! LISTEN! Don’t be so focused on your sales script that you miss what really matters to the customer because you are talking too much and listening too little.
  10. Help the customer be a hero in their own organization. Who doesn’t want to be Batman?

These rules have evolved over the years and ​are cobbled together not just from my personal experience​,​ but from the experience of a lot of other CISO’s I respect like Ed Amoroso, who has his own Top 10 Rules here, and Dan Lohrmann who wrote a great piece here.

If you’re a security product vendor or a security salesperson, know a security product vendor or a security salesperson, or run a security product sales team, please feel free to share these rules. And if you’re a CISO, there are some gems in there for you, too.

You can read the full article here.