Photo by Alina Grubnyak / Unsplash - not a self-portrait but handsome nonetheless

On the Art of Selling to Cybersecurity People

A primer to help sales people better prospect and sell cybersecurity products from a CISO's point of view.

Mike P
Mike P

Table of Contents

The average person sees between 6,000 to 10,000 ads every single day (if you believe the marketing about being marketed to).

Go ahead and add a couple extra thousand daily impressions on top of that for people working in the cybersecurity field.

Cybersecurity is field that has daily news of attacks, breaches, and failures combined with a barrage of marketing approaches promising solutions, fixes, and ways to solve all your problems.

It's a field with thousands of potential solutions to a never ending supply of problems. There is a lot at stake and a lot of money to make and save along the way.

All marketing and sales play to a psychological component.

The marketing in the cybersecurity field can be systematized to pull on the fear, uncertainty, and doubts (FUD) of the human psyche and can be extremely powerful.

This marketing combined with very real risks and consequences creates high stakes environments on both sides of the buying and selling process.

What you're left with is a hyper-marketed industry and an underwhelmed, skeptical, and sometimes reluctant receiving base.

But I'm not here today to talk about all the problems or bemoan the bad. I'm here to offer up something constructive to help both sides of the cybersecurity community.

I believe most people inherently want to do good most of the time. Most sales people in this industry want to sell the right solution to the right customer at the right time. The same goes for the buying end, we want to buy the right thing to fix our problems now.

There have been a few social media and blog posts on this topic, but most just say what NOT to do and try to make sales people feel bad for doing their jobs.

This is not another one of these posts.

This post is a primer from the perspective of someone who has been in the cybersecurity field for 15+ years and who has spent 10's of millions on buying cybersecurity software and hardware products.

The TL;DR:

  • Build a Relationship
  • Skip Show n'Tell
  • Canned Scripts Get Canned
  • Integration Matters

Build a Relationship

Relationship building and establishing trust upfront is important for any sales process.

The truth is it's hard to earn the trust of people who buy cybersecurity products.

Cybersecurity professionals often have to say 'no' for a large part of their function.

Their job is "risk management." Buying cybersecurity products is no different in this calculation.

Sales cycles can take time, so go into the process knowing that. Forced urgency does not work in your favor here.

Priorities change on a whim in most cybersecurity programs as do the solutions they need.

Build a relationship if you can, but don't force it.

Not forcing it applies to emails, LinkedIn messages, and cold calls as well. Empty attempts to just get any reply are not a winning strategy.

If you do get a chance to build a relationship you can go on to the next part.

Skip the Show n'Tell

Show n'Tell doesn't always show well to your perspective buyer.

It's good to be passionate about what you're selling. It's good to be excited and believe in what you're selling. Conviction often is the first step in closing customers in any sales process.

Strong convictions precede great actions. - Alex Hormozi

Side note: This is a good podcast for anyone trying to sell anything by the way:

Conviction aside, you potential buyer may not share the same level of excitement.

Don't waste time with how your company helped X other companies.

Don't waste time with your founding team's impressive background.

Don't waste time with how Gartner or Forrester put you in some pay-to-play category or quadrant.

Also, please don't make this into more than one call/meeting unless asked for.

Your potential buyer doesn't care about these things, at least not at first.

They only care about what they think you can do for them right now.

This information can become useful after they've made the mental decision to go a step further.

Let your logos, Gartner reports, and other collateral be tools your prospect can use with their internal stakeholders. Selling cybersecurity people is only one part of the process and they have to sell to other groups at their company.

Overloading your prospect with too much sales collateral and not enough problem solving early on can be off putting.

Save those slides for later and get on to your pitch.

Canned Scripts Get Canned

Avoid being too simple and broad in your pitch decks.

Please don't explain the history of cloud computing or how remote work has increased attack surfaces.

This is a common pattern I have seen time and time again as companies move further up the enterprise sales ladder. You can't always sell to all customers the same way so don't approach your pitch meetings the same way.

Templating rote pitch scripts and decks don't allow for the natural conversation and fluid nature of a prospect meeting.

Your prospects don't want generic use cases. They want to talk about their specific problems and see if you can solve them.

Cut to the chase about what you solve for without too much set up.

Lead with what your products commonly solve for and then let your prospect ask questions.

The more robotic or regimented this feels, the less your prospect is interested.

Integration Matters

Your point solution can't drive their program roadmap.

Many times a prospect will want your product, but they can't immediately see how to integrate it.

Other tools, teams, and processes have to be considered. Not to mention timing, budget season, changes of ownership, turf wars, etc.

Integration requires thought and the juice has to be worth the squeeze. Your goal should be to help your prospects realize the trade-offs you can offer.

Understanding your prospects' challenges are important, but realize they have a bigger picture to look at.

Wrapping Up

These aren't the only things you can do as a person selling cybersecurity products, but they can certainly increase your chances.

Let me know what I might have missed or am I just plain wrong about. I love having my perspectives changes and learning something new.

Thanks for reading!

Whenever you're ready, there are a few ways I can help you:

  • Get all the data I collect and create to make the newsletter and reports here. 📊
  • Work 1:1 with me to evaluate a company or product category here. 🤝
  • Sponsor the Security, Funded newsletter to get cybersecurity and investing decision maker eyeballs on your brand here. ✉️

Mike P