lore

Sales Manager

Security questionnaires! How to handle them if you're an AE from a seed stage startup?

I've been struggling with this for a while. Every enterprise deal that comes to the pipe asks for these questionnaires.

Being a seed-stage startup we don't have a dedicated team to review these and I don't want to ask developers to leave what they're working on to answer 44 sections of very tough data security questions.

Can you guys give me some help here?

Cheers

👑 Sales Strategy

📈 Closing

12 comments

Sort by:

poweredbycaffeine

WR Lieutenant

☕️

Couple of options:

1) Leverage a partner like SecurityPal. We send them over the questionnaires, they get them back in 48 hours or less. However, here's the secret: most questionnaires have common questions. So, record the responses from SecurityPal in a common google doc and you'll only have to search for them in the future. Boom, a security library is built.

2) Your CEO/CTO should be the individual required to fill these out in the place of Option A. One of them is deemed the compliance/security officer by most business organizational structures, so they'll know what to do.

payton_pritchard

Executive

RSM

Most of these questionnaires will be pretty generic and have a lot of overlap, so definitely keep past answers handy to quickly answer.

Your company should also have a CISO/Security Officer (or someone acting in this capacity) who can answer these questions.

To save time and get ahead of these I suggest having whoever owns security complete a detailed CAIQ (example here - https://cloudsecurityalliance.org/research/cloud-controls-matrix/) that you can proactively send to customers. This should answer the bulk of the questions you're getting, especially some of the generic/repetitive ones and takes some of the work off your plate.

CuriousFox

WR Officer

🦊

Source out?

Rallier

Politicker

SDR Manager and Consultant

I think you really don't have a choice but to ask those developers. Maybe talk with your manager and see if you can find a way to incentivize them with something

LordOfWar

Tycoon

Blow it up

These drive me nuts, especially in the defence market. Thank god I have a quality team I can dump them on now.

When I used to deal with them I would always just pick the most under-developed answer but one not likely to disqualify us. That or put "in development" or "will be compliant prior to project start".

TBH in my case most were just lazy prime contractors who copied requirements they got from the Gov't contract without bothering to check if we even needed to be compliant. Self-reporting is a joke.

FinanceEngineer

Politicker

Sr Director, sales and partnerships

I work with the tech/success team to help with them. Since I've done dozens of them now, I just copy and paste answers from previous ones and send them to the tech/success guys to review.

Diablo

Politicker

Sr. AE

Did you try hiring 3 party vendors? Outsourcing could be the best best on a long term

techsales

Politicker

Enterprise Account Executive

Most of those questionnaires have some boiler plate questions around security certifications, etc. I'd start with your CEO as a first pass, record everything in an excel or RFPio so you can copy/paste in the future, then save the juicy questions for the dev team.

At the end of the day, if you join a seed stage startup, you should want to help the company win business, including your devs.

saashunter2.0

Executive

Mid-Market Account Executive

Had a post on this here a few weeks back too: https://bravado.co/war-room/posts/security-and-legal-reviews-pain-in-our-ass-right-now-thoughts-on-how-to-accelerate

Justatitle

Big Shot

Account Executive

Oh god. Yes I had to do these so many times. We got a security packet as a resource from our IT team and I used to make half the other shit up. I would ask questions and never get responses in a timely manner. Whatever

brrr

Good Citizen

Account Executive

99.9% of the questions will be the same so you can create ask your engineer to create a VSA with the answers to those standard questions and share it proactively. Hs gotten me out of so many of these.

ColdCall

Valued Contributor

Account Executive

Depending on what servers you use, a lot of answers can be found on their website. For example Azure/AWS will have a lot of security baked into their offer so you can defer a number of questions there.

You should also be able to recycle answers as others have said here.

If this does keep happening probably good to anticipate this when you start speaking. You should also

Bravado is a community of trusted sales professionals endorsed by their customers.

Products

The War Room Jobs Salary Guide Tech Sales U

Company

About Us How It Works Blog Bug Bounty

Contact

Press Careers

If you are hired as a contract sales rep by a Bravado customer, we may ask you to prove access to the employee email account provided to you by that customer. This data will be shared with customers to track your sales productivity; customers can use this data to confirm you meet the minimum activity requirements to pay out your ramp stipend and commission.

lore

Security questionnaires! How to handle them if you're an AE from a seed stage startup?

12 comments

Related posts

Need advice : Go to a Big Company (Google/SFDC) or early stage startup [8+ years of Experience]

What are your thoughts when it comes to working at a startup? Funding? Tech? Investors?

Moving to my first VC funded SaaS Start-Up: What to Expect?