SeattleSaaS profile picture
SeattleSaaS profile picture

SeattleSaaS

BDR Manager

Contributor
Fire Starter

Getting a CISO/ VP Information Security to engage!?

Hey everyone! So selling into the security wing is rough. Seems like these guys/gals truly dislike sales professionals. What is the best way to break down their walls? Ive sold into many other csuite, VP positions before but this is another animal. Any help would be appreciated.

🔎 Prospecting
👑 Sales Strategy
💌 Cold Emailing
10

30 comments

Sort by:
BillLumbergh
Good Citizen
7
Vice President of Sales
Focus on the gap in their existing security program.  When you look at the early adopters of your solution or the most active customers, how do they use the solution?  What problem are they solving?  How did that gap impact their business prior to using your tool?  Most problems a CISO wants to address are not isolated to the security team but have an enterprise-wide impact.  They want to ensure operations can carry on safely and securely without adding additional hoops for their employees to jump through to do their daily job.

Tell the story on the challenge their peers face and determine if they might experience the same pain.  If they don't have the pain, it's all about educating them on what the risks are.  A proactive CISO is going to want to better understand what risks might be in their pipeline after they address the standard "blocking and tackling".

And not every security solution is a good fit for every industry -- sure there are outliers, but just because the company has a CISO doesn't guarantee that CISO sees the need for your product.  Focus on the profile of your top customers, most consistent customers and know the business problems you solve for them -- focus on that story and lead with it so your BDR team has a consistent story to tell.
Wolfof7thStreet
Valued Contributor
1
AE
This is awesome, thank you!

SeattleSaaS
Contributor
0
BDR Manager
Really good way of viewing this. Super helpful!
Prunetracey
Fire Starter
0
VP Growth
This is great advice.
braintank
Politicker
2
Enterprise Account Executive
Referrals are HUGE in security. Most CISOs I work with only work with vendors who come recommended by a colleague. Turn those customers into SDRs.
SeattleSaaS
Contributor
0
BDR Manager
Ive heard this a few times now.
Golden
Good Citizen
2
Enterprise Account Executive
Cyber security seller here, and I feel your struggle! I've sold to CISO and VPs at companies ranging from $50M to $60B in revenue, and I think the best way to resonate with them is going to depend, in part, on segment and industry.

CISOs at smaller companies are often in "we need to establish a baseline security program" stage and care more about time savings, resource efficiency, and implementing baseline measures like automation, pentesting, static analysis, and security frameworks. They may also have less budget unless they are B2B software company where security measures are critical for winning business and driving revenue. 

At larger companies, these baseline measures are in place already and the CISO is likely focused on business-level problems versus time savings, technical features, etc. Actually, I'd go as far to say that they don't give a shit about these low level things. They often report back to the CSO, CIO, or CTO, take directives from the Board of Directors, work on Product/Engineering alignment with Security, and focus on better measuring risk across various Business Units and Dev teams. 

Given these two very different perspectives, I recommend research that will help suss out where they are in this spectrum. I don't know which form of security you sell, but typically the interest/need/spending propensity is somewhat relative to how much code they build. How large their digital attack surface tends to be directly correlated with how concerned they are with cyber security and how much they're willing to invest. Extra points if you find that the company and/or the CISO speaks publicly or markets their security measures publicly.

Finally, I've made the best relationships with CISOs  using messaging that ties back to their strategic company goals (e.g., Digital Transformation, key upcoming Product Launches (digital), and Internal/External compliance mandates. If you're thinking about messaging, I would link your pitch directly back to these things. 

Still, outbound is rough and even this ^ doesn't get me the pipe I need so I look for common connections between that CISO and other CISOs we already work (or board members, or former colleagues) either for reference or to get a direct intro. In the end, the most common way I get to the CISO is actually outbounding lower levels in the org, creating a ground swell of interest, and clawing my way to the CISO once I've gained some credibility with their delegates! 

Best of luck!
SeattleSaaS
Contributor
0
BDR Manager
This hits home directly. I've been using the ground swell technique right now. Super helpful thank you for this!
UserNotFound
Politicker
1
Account Executive
Current Telecom Broker/Previous MSP& MSSP/ Previous Office Equipment & middlewear rep here.... 

So, instead of a true cold-close engagement, I've found nearly 1/2 of my success from networking in this space. I'm sure you're thinking "Networking?! With IT people?! *insert hysterical laughter here*" 

BUT hear me out. I found my way onto a local board for an IT Pro organization, as the secretary (ie least responsibilities on the board), where I'm SURROUNDED by top notch pros in the industry. Spend 6 months showing up, being overzealous about your note taking, introduce yourself as the 'new board member' at every event- and BAM. That has been a huge difference maker for me in both sales achievement, and career moves. The other way I leverage this is by reaching out to CISO's and VPs that otherwise wouldn't talk to me, "accidentally" from my work account, to ask them if they'd be interested in participating in the next event/ being on a panel, etc. 

I take every opportunity to be the person contacting these individuals for anything non-work related to get my name in front of them. Then, depending on tenure (if you're new to the space or sales in general) you can absolutely pull the "My boss would kill me if I didn't at least ask, what/who are you guys using for X". <-- this might only work well for females, I'm not sure. When I was early in my career it had a 100% success rate, but again I was selling to mostly middle-aged men who don't get a lot of attention from females. 
SeattleSaaS
Contributor
0
BDR Manager
An interesting tactic, with COVID, seems to be a hard tactic to implement right now.
TheQueenofDiamonds
Politicker
0
Account Executive
Why? What makes it different from the other csuite execs? 
SeattleSaaS
Contributor
1
BDR Manager
Great question. Their motivations are different, they are overworked, tired, and simply hate being sold to. So even when we are using more of a deposit messaging scheme nothing is catching. Like I've sold into VPs of Sales, CROs and if it can benefit the org can move the needle for the objectives they are willing to look. CISO, if it benefits the team and helps with their objectives they still won't say anything. It's like they are trapped in the '90s and don't want to break out of the status quo before their peers. So they in turn do nothing. frustrating to say the least.
TheQueenofDiamonds
Politicker
0
Account Executive
So if they are overworked and tired, maybe you could use this as your hook? Can your offer help them to Save time? 
SeattleSaaS
Contributor
0
BDR Manager
Already angling that approach. Lots of views on the emails not a lot of responses, unfortunately. 
Don_Ready
Politicker
0
AE
Also don't forget by nature they are skeptical of anything new. 
TheQueenofDiamonds
Politicker
0
Account Executive
Very good point 
Don_Ready
Politicker
0
AE
With that being said, offering low risk offerings or call to actions can be a great way to get a foot in the door. Many CISO's value long term partnerships with people they trust. Trust takes time to build. 
SeattleSaaS
Contributor
0
BDR Manager
We take a much softer CTA with them. We are really focusing on depositing not withdrawing with all of our security personas. Trying to build that trust its just difficult when you're moving so fast.
Don_Ready
Politicker
0
AE
That's a great way of phrasing it. It's definitely difficult at scale but having good structure and processes can help a bit. 
SeattleSaaS
Contributor
0
BDR Manager
Also trying to figure out the hierarchy. We are trying to un-silo the departments so we are prospecting into infosec analysts, managers, directors, etc...  We hear a lot from the worker bees that they arent even allowed to look at software even if they feel like it would help their day to day. It's very interesting.
Soiboi
Politicker
0
Account Executive, EIAS/Compliance
Really it’s focusing on where you fit in the space, and why it matters to consider exploring. For my last role it was time wasted on patch management and immutable infrastructure and they ate it up. 
SeattleSaaS
Contributor
1
BDR Manager
GRC is such a thick space. And legacy GRC has been such a pain for them because it's so hard to use it's like they don't trust new solutions coming into the market. But that's a keen point. When you positioned yourself to them did you find the liked a more feature-rich approach? ( I know don't sell features) They are such a cerebral prospect it's hard to gauge what they will grasp onto ya know?
Soiboi
Politicker
1
Account Executive, EIAS/Compliance
I lead in with solutions to a problem I’m confident that they’re facing, in that case they said yea, then I just explore that problem, blow it up to explain why that’s bad and then position a solution and what the net of it is.  Yeah GRC is pretty tough. 
theprideofmanagement
0
Account Executive
In a first engagement, we are after visceral response more than anything. The single most effective tool I've found for selling into IT is to tell them something simple about their current state that they "don't think you should know". In reality, it can be completely mundane & have little value. Whatever your product competes with, is based on, or interacts with - cold call/email them and say "Hey, since you're running xyz I wanted to call you personally". I nearly guarantee they will respond with "how do you know that?" & then you're having a conversation...
SeattleSaaS
Contributor
0
BDR Manager
That's an interesting approach, do you find they disengage after you tell them how you know and then pivot in with more questions?
theprideofmanagement
0
Account Executive
One of two things happens most often & neither of them is disengaging. I would directly answer how I know what I know & typically say "and the reason I'm calling you about that directly is <<problem statement>> (not value prop)." The second is that your info is out of date & they correct you, which then it's up to you to have a human conversation. 
rekled
Opinionated
0
Strategic Account Executive
How about offering consultative sessions? Don't try to sell them on your solution, but learn from them. Your discovery may lead to an opportunity. For example: our company is always looking for ways to improve our product. I'm reaching out to you as a cybersecurity leader in the [industry] space. Can I get 20-minutes with you to learn about the tools/solutions you're using to protect your organization and the ongoing challenges you face?  
SeattleSaaS
Contributor
0
BDR Manager
I think early stage or with enterprise companies this approach works. I feel like Directors and CISOs also don't have the time to waste, or perceive they don't have the time to talk. This would work if we could get over that hill. 
Wolfof7thStreet
Valued Contributor
0
AE
Best I've honestly gotten from CISOs is meetings with their subordinates through them. That being said I've had limited success focusing on niche topics in their job and tactical pains like managing network security
Prunetracey
Fire Starter
0
VP Growth
CISO ...... ugh

Related posts

4

Solutions Engineer to First Hire Account Executive - Your ADVICE needed.

Question
🎈
💰
6
13

Threat to Your Prospect's Job Security

Question
👑
🧠
🙅‍♀️
21
38
Members only

[Top Learnings] - AMA with CISO of ScotiaBank

Official
🏰
👑
🏹
8
Bravado is a community of trusted sales professionals endorsed by their customers.
Apple Store logo
Products
The War Room Jobs Salary Guide Tech Sales U
Company
About Us How It Works Blog Bug Bounty
Contact
Press Careers
© 2024 Bravado Inc. All rights reserved.
Privacy Policy Legal and Privacy Center Sales Jobs
If you are hired as a contract sales rep by a Bravado customer, we may ask you to prove access to the employee email account provided to you by that customer. This data will be shared with customers to track your sales productivity; customers can use this data to confirm you meet the minimum activity requirements to pay out your ramp stipend and commission.