AMA about Cyber Security with braintank

Interested in getting into cyber security but confused by the sea of acronyms?


Wondering why CISOs won't respond to your outreach?


Curious which unicorn you should apply to and which to avoid?


Want to make sure you don't get your credit card info isn't stolen this holiday season?


You've come to the right place.


I've been selling cyber security solutions to a variety of segments (from SMB to Fortune 10) over the past decade. I've worked at scrappy series A's, trendy unicorns, and stodgy public companies. I came from outside (martech) and took some lumps as I shifted industries. Learn from my mistakes and let me help you punch your ticket to president's club in the lucrative, zany world of cyber security.

๐Ÿ˜Ž Sales Skills
๐Ÿ” Cybersecurity
๐Ÿคด AMA
29
Sunbunny31
Politicker
7
Sr Sales Executive ๐Ÿฐ
This is a very timely AMA, considering how many reps are looking for solutions that are more stable and a need-to-have, so I have a couple warm up questions for you: Whatโ€™s the best advice you could give to someone wanting to transition out of Martech sales to cybersecurity? Iโ€™ve seen a lot of reps asking if getting certifications help - is that a consideration for cyber?
braintank
Politicker
11
Enterprise Account Executive
The tech can seem intimidating, but you don't have to know how it all works at the successful.

Remember, the job of a CISO is to reduce risk. If you can wrap your head around how your tech reduces risk without pissing off users, you can be successful in security. A lot of CISOs and VPs in security aren't technical, so they appreciate someone who can speak to them in business terms vs. going into the weeds.

There are so many free resources available between youtube, podcasts, etc. that I don't think a certification is necessary.

If you want to make the switch it's more important to have prior success in sales and willingness to learn about the space than a piece of paper.

Personally, I got in by (1) having a good resume and (2) doing basic research about the company I was applying to.
By basic research I mean:

1) Read their website to understand how they talked about themselves
2) Read some case studies to hear how their customers talked about the solution
3) Looked at review sites to see how they compare to competition
Sunbunny31
Politicker
1
Sr Sales Executive ๐Ÿฐ
Really helpful. Iโ€™m not looking to make a move, but this comes up a lot!

Always appreciate your insight.
oldcloser
Arsonist
7
๐Ÿ’€
@braintank I gotta call you out as a seasoned tactician with unrivaled command of product. Youโ€™re a tank of few words, but when they appear they have impact. Always appreciate your take. I wanna know this: At what point in your cyber sec journey did you feel comfortable steamrolling a technical CISO. And what path did your training take?

Please donโ€™t shatter my mental image of you by saying you never have. I know better. Also, I need a steamrolled CISO story for morale. I think theyโ€™re the hardest nuts to crack.
braintank
Politicker
13
Enterprise Account Executive
My liege...

I'll be honest. Never steamrolled a CISO. They're a bristly bunch that like to hold grudges.

My approach is to do their work for them.

When I meet with a CISO I boil down everything I need to say into 1 slide:

โ€ข Here's the problem we've identified working with your team
โ€ข Here's what we did to solve the problem
โ€ข Here's social proof that this is a wise investment

I usually say my piece in <2 minutes, ask them what they think, and then go on mute. They'll usually ramble for 5-10 minutes, ask some random question to show you they still know something about tech, then they give the nod while I wait for the PO.
oldcloser
Arsonist
4
๐Ÿ’€
I knew you wouldnโ€™t let me down. โ˜๏ธ wisdom. The non-steamroll steamroll.
FoodForSales
Politicker
6
AE
that's a good plan for any sales presentation.
braintank
Politicker
6
Enterprise Account Executive
Agreed. Cisos are people too. Respect their time and have your shit together and you'll win.
jefe
Arsonist
5
๐Ÿ
We know your feelings about Series A, both from your comments here and the War Room in general.
I'm curious about how important name recognition is in the space? And being somewhere established? I know very little about cyber security, but are there actually new solutions that break into the market and do well? And how varied are the actual offerings in that are out there?
Edited to Add - Glad you're doing this, as @Sunbunny31 said, a lot of Savages seem quite interested in this field.
braintank
Politicker
3
Enterprise Account Executive
Great questions jefe.

There's an old saying "no one ever got fired for buying IBM". In the security world that adage holds true for CrowdStrike & Palo Alto Networks.

This is precisely why I've advocated people trying to break into the industry join industry titans. You'll get a lot of at-bats and they have well developed training programs to get you up to speed on tech.

However, there are always new contenders. Usually, they emerge to address emerging threats. Take Wiz for example. They went from 0-$300M in ARR in 3 years because they have a novel way of solving a new problem (cloud security). As attackers adapt, new solutions will emerge to address those vectors. Startups have some advantage here because they can typically develop products quicker than the OGs. In this example, Palo Alto Networks has suite of tools to address the same risks Wiz does, but Palo's suite is actually comprised of dozens of disparate products that don't always work cohesively. Wiz was able to build a solution from the ground up vs having to re-arrange existing products without breaking things.

However, another reason Wiz has been so successful is that it's founders already had an exit under their belt (Microsoft acquired their first company) so they had cache.

There are startups with little name recognition that emerge, but it's usually because they solve a niche problem and are ahead of the market. Good recent examples are OT & IoT security.

How varied are the offerings is an interesting question. Based on my experience a lot of them are similar. A network firewall is a network firewall. What differentiates is ease-of-use and pricing.
jefe
Arsonist
0
๐Ÿ
Makes a ton of sense! Thanks again for sharing, tank,
Kosta_Konfucius
Politicker
4
Sales Rep
Since you are also a consistent series A hater, do you have a war story working for them
braintank
Politicker
8
Enterprise Account Executive
Majority of series A's I worked at were earlier in my career.

One was a two-sided marketplace (think upwork but before upwork). Technology and team were decent, primary issue was that it's fucking hard to build a two-sided marketplace.

Worked for a Series A in edtech later. Pretty sure it was a money-laundering operation masquerading as a tech company. Tech barely worked and no strategy to speak of. One time our CEO disappeared for 3 weeks. No notice, no communication. Waltzed back in with a tan and told us he had been on a sailing trip.

Did another Series A in data science. CEO was an egomaniac and leased a HUGE office in downtown Austin with all the amenities. We were a company of <50 but this space was meant for 200+. Even bought office furniture anticipating explosive growth. When that didn't pan out they had to sub-lease the space. So our HQ basically became a WeWork.

The security Series A I worked at is still around, although they laid off about 40% of the company. This came <1 month after our company retreat in the Caribbean. Our recently hired CFO realized the company was hemorrhaging cash so they made cuts after we'd spent a week partying. Not a good look.
Kosta_Konfucius
Politicker
2
Sales Rep
Damn knew there had to be some stories behind it

What is your advice when interviewing with the B, C and D. Especially given most of them with exaggerate their runway
braintank
Politicker
6
Enterprise Account Executive
You can generally get a good idea of burn rate by looking at the size of the company and how it operates. Avoid ones burning cash (duh).

Dig into year over year growth and net revenue retention.

Company should be doubling (or tripling) every year early and NRR over 120%.

If you ask a VP of sales about these metrics you can suss out winners from losers.
antiASKHOLE
Tycoon
4
Bravado's Resident Asshole
I know very little about Cyber Security outside of what I need to do to protect against identity theft.
Give me some key things that I should know and how to apply it for personal use.
braintank
Politicker
6
Enterprise Account Executive
You'll protect yourself from 99.999% of threats with basic hygiene.

1) Use a password manager. This lets you create long, complex passwords for every service. I personally use 1Password but BitWarden is a good free option. NEVER store your passwords in the browser.

2) Use MFA everywhere. I personally use Duo and a YubiKey (https://www.youtube.com/watch?v=PeF0Y8pT7UQ). Even if someone compromises my password, they'd have to also steal my Yubikey to get into anything. The risk of that happening is effectively 0.
antiASKHOLE
Tycoon
2
Bravado's Resident Asshole
I keep clean, so that is a check. Definitely noted the other two points. Thanks!
braintank
Politicker
1
Enterprise Account Executive
CTO at previous company used to put his password in first slide of presentation to prove point. Even with stolen credentials can't do anything without access to their authenticator.
CuriousFox
WR Officer
2
๐ŸฆŠ
What has been the best introduction you've used to grab their attention without using a scare tactic of a current hack in the news?
braintank
Politicker
7
Enterprise Account Executive
Honestly there's nothing too special about my outreach.

I keep my subject lines short and bland so they look internal.

I use a lot of the Lavender frameworks (https://blog.lavender.ai/sales-email-frameworks/)

I do share 3rd party articles so I'm being helpful, not just needy.

I also make a LOT of calls. Yes, I end up leaving a lot of voicemails, but if I can connect live I virtually guaranteed a meeting.

My cold call approach is straight from 30 minutes to president's club:

โ€ข Have you heard our name tossed around? (Thankfully, the company I'm at now has high name recognition).

โ€ข Typically we help people with X and Y.

โ€ข Are either of those issues?
braintank
Politicker
5
Enterprise Account Executive
If you're looking for creativity, I also do a lot of personalized gifting. I'll plumb social media for obscure hobbies and interests and then send them something related to that along with a handwritten note.

One CISO surfed in lake superior, so sent them some cold weather surf wax. Another was an avid cyclist so sent them chamois cream.

Chat GPT has been a huge boon here. Since I want the somehow connect the hobby to my product.

So I'll ask AI (for example): "What do surfing and penetration testing have in common?" Or "give me 25 cybersecurity related puns about surfing". This'll give me a good jumping off point.
BTQ
Politicker
1
Account Manager
How did it go giving the wax to the great lakes surfer?
braintank
Politicker
1
Enterprise Account Executive
We got the meeting! People appreciate the personal touch. CISOs are bombarded with low effort outreach (like most executives). So doing just a little bit extra goes a long way.
BTQ
Politicker
2
Account Manager
Do you think having a security clearance helps getting a sales job in cyber security?
braintank
Politicker
3
Enterprise Account Executive
I'm sure it wouldn't hurt if you already have one. But I can count on 1 hand the number of people I know who have them. Some are former military turned solution architects. One sales guy I know who has been exclusively selling to DoD for 10+ years has one. However 99% of roles won't require one. And if they do, the company will likely help you get one.
GDO
Politicker
1
BDM
I always hear it's extremely difficult to speak to decisionmakers in your industry. is that the case?
braintank
Politicker
4
Enterprise Account Executive
It can be.

The easiest way to get there is to have your champion take you. Most CISOs have incredible faith in their team. They enable their subject matter experts to find solutions to problems, and only ask to get brought in when necessary.

For cold outreach, CISOs are tough, but not impossible.

โ€ข Keep it short and speak to a business problem.
โ€ข Don't feature dump. They hate buzzwords and jargon.
โ€ข Don't lecture them about how your product could've prevented the latest breach.
โ€ข Bring relevant social proof.

Also, be present in the community. CISOs are much easier to approach at meetups and events with a drink in their hand than when they're triple booked during the day.
GDO
Politicker
1
BDM
thanks for the answer!
HappyGilmore
Politicker
1
Account Executive
Would be interested to hear a) how to break into cyber security and b) things to look for & avoid in a cybersecurity org
Beans
Big Shot
1
Enterprise Account Executive
I've always been curious about the technical skillset needed for this field.
Job postings are pretty aggressive about knowledge in the space.
braintank
Politicker
1
Enterprise Account Executive
Personally, I broke into the industry based of having a background in SaaS. For a lot of positions that's enough.

Some more seasoned roles do want you to have experience in the space, but I suspect that's more about having a rolodex of people to call on than knowing how every button & switch works.
Maximas
Tycoon
0
Senior Sales Executive
Talking about podcasts, what're your favorite ones you recommend following that assist with getting to the field asap!!
braintank
Politicker
5
Enterprise Account Executive
30 minutes to president's club is still the goat for sales.

For cyber security my favorites are: Risky Biz, Darknet Diaries, and all of the CISO series podcasts (https://cisoseries.com/ciso-series-shows/)
Maximas
Tycoon
0
Senior Sales Executive
Great,gotta check em out,many thanks.
Revenue_Rambo
Politicker
1
Director, Revenue Enablement
Completely agree 30MPC is the real deal. Check out their live cold call blocks too.
goldengophers21
Opinionated
0
Incoming SDR
As I am currently located in the midwest, I have bumped into recruiters from ISSquared and Netspi but I totally don't really understand the industry. Could you possible explain the value prop of one of those vs say a Palo Alto? By the way, still have yet to try the Juicy Lucy on campus yet.
8

Looking to break into Cyber Security Sales

Question
10
19
Members only

Cyber security or Fintech?

Question
33