Post image for Exposing the CISO/Security Vendor Relationship

Exposing the CISO/Security Vendor Relationship

on February 9, 2018

MAJOR UPDATE (10/09/18): The entire CISO/Security Vendor Relationship Series has moved to CISOseries.com. This is the news site. I’m leaving this post here as is with links updated to that site, but you can find everything there.

The relationship between security vendors and CISOs (Chief Information Security Officers) has become increasingly contentious, due in part to their co-dependency on each other:

  • CISOs need security vendors’ products to improve their security posture.
  • Security vendors need CISOs because they purchase security products.

Problem is that they sometimes drive each other crazy. The contention is evident  when reading  the flurry of industry posts on the subject on LinkedIn, and glancing at the rallying responses of security professionals and vendors alike.

I’ve reported on the security space for almost nine years and I see the frustration on both sides. My firm Spark Media Solutions works with both camps regularly, giving us unique vantage points.

I’ve decided to examine different aspects of the vendor/CISO relationship in a series for Forbes.  Below are descriptions of and links to the articles. Please join in the active discussions on LinkedIn. I’ll update this post with new installments as they are published.

The CISO/Security Vendor Relationship series on Forbes:

VIDEO: Testimonials from fans of the CISO/Security Vendor Relationship Series

At RSA, I ran into so many fans and contributors to the series. Here’s what they had to say about the articles, videos, and conversation.

Do CISOs Fall for Obvious Sales Ploys?

Should security vendors use the same fear tactic on a CISO that they use to scare my mom?

(discussion on LinkedIn)

VIDEO: Best responses to the article “Do CISOs Fall for Obvious Sales Ploys?”

  The “15 Minutes of Your Time” Request

The request of “15 minutes of your time” is seen as a gamble hoping that the CISO/CSO will be “nice to you.” Maybe that’s not the best tactic if what you’re selling is a solution to their security problems.

(discussion on LinkedIn)

VIDEO: Best responses to the article “The ’15 Minutes of Your Time’ Request”
  Should You Market to the CISO’s Direct Reports?

Who within an organization should a security firm select to pitch their product? Should they go to the top of the food chain, or start partway down?

(discussion on LinkedIn)

VIDEO: Best responses to the article “Should You Market to the CISO’s Direct Reports?”
  How to Uncover Security Concerns When CISOs Won’t Tell You

Most often a CISO won’t tell you their security concerns, but here are seven techniques you can use to figure out what they are.

(discussion  on LinkedIn)

VIDEO: How to Uncover Security Concerns When CISOs Won’t Tell You
  15 Ways to Make ‘First Contact’ with a CISO

CISOs universally agree that relationship selling is more effective than traditional marketing. How then do you form that initial relationship with a CISO?

(discussion  on LinkedIn)

VIDEO: 15 Ways to Make ‘First Contact’ with a CISO
How to Get a Prospect to Test Your Security Product

Here’s what cybersecurity professionals say works to get them to be aware and ultimately test a security vendor’s product.

(discussion on LinkedIn)

VIDEO: How to Get a Prospect to Test Your Security Product
Is Traditional InfoSec Marketing Even Necessary?

CISOs are repeatedly saying that they don’t respond to traditional marketing ploys. The way to get to them is through relationships. If that’s true, why even bother with traditional security marketing?

(discussion on LinkedIn)

VIDEO: Is Traditional InfoSec Marketing Even Necessary?
Hey Security, It’s Time We Had “The Talk” About PR

Security vendors are eager, aggressive, and sometimes make requests of their PR firms that aren’t in line with community behavior in the security marketplace. Here is a list of eight behaviors security vendors have historically requested that they should avoid.

(discussion on LinkedIn)

VIDEO: Hey Security, It’s Time We Had “The Talk” About PR
9 Reasons Why Selling Fear Does Not Work on a CISO

When InfoSec vendors sell FUD (fear, uncertainty and doubt) they’re causing far more problems than they’re aware of and it’s starting to hurt the industry as a whole.

(discussion on LinkedIn)

VIDEO: 9 Reasons Why Selling Fear Does Not Work on a CISO

 

Creative Commons photo credit to Flickr user davidd.

 

Previous post: