MAJOR UPDATE (10/09/18): The entire CISO/Security Vendor Relationship Series has moved to This is the news site. I’m leaving this post here as is with links updated to that site, but you can find everything there.

The relationship between security vendors and CISOs (Chief Information Security Officers) has become increasingly contentious, due in part to their co-dependency on each other:

  • CISOs need security vendors’ products to improve their security posture.
  • Security vendors need CISOs because they purchase security products.

Problem is that they sometimes drive each other crazy. The contention is evident  when reading  the flurry of industry posts on the subject on LinkedIn, and glancing at the rallying responses of security professionals and vendors alike.

I’ve reported on the security space for almost nine years and I see the frustration on both sides. My firm Spark Media Solutions works with both camps regularly, giving us unique vantage points.

I’ve decided to examine different aspects of the vendor/CISO relationship in a series for Forbes.  Below are descriptions of and links to the articles. Please join in the active discussions on LinkedIn. I’ll update this post with new installments as they are published.

The CISO/Security Vendor Relationship series on Forbes:

VIDEO: Testimonials from fans of the CISO/Security Vendor Relationship Series

At RSA, I ran into so many fans and contributors to the series. Here’s what they had to say about the articles, videos, and conversation.

Do CISOs Fall for Obvious Sales Ploys?

Should security vendors use the same fear tactic on a CISO that they use to scare my mom?

(discussion on LinkedIn)

VIDEO: Best responses to the article “Do CISOs Fall for Obvious Sales Ploys?”

  The “15 Minutes of Your Time” Request

The request of “15 minutes of your time” is seen as a gamble hoping that the CISO/CSO will be “nice to you.” Maybe that’s not the best tactic if what you’re selling is a solution to their security problems.

(discussion on LinkedIn)

VIDEO: Best responses to the article “The ’15 Minutes of Your Time’ Request”
  Should You Market to the CISO’s Direct Reports?

Who within an organization should a security firm select to pitch their product? Should they go to the top of the food chain, or start partway down?

(discussion on LinkedIn)

VIDEO: Best responses to the article “Should You Market to the CISO’s Direct Reports?”
  How to Uncover Security Concerns When CISOs Won’t Tell You

Most often a CISO won’t tell you their security concerns, but here are seven techniques you can use to figure out what they are.

(discussion  on LinkedIn)

VIDEO: How to Uncover Security Concerns When CISOs Won’t Tell You
  15 Ways to Make ‘First Contact’ with a CISO

CISOs universally agree that relationship selling is more effective than traditional marketing. How then do you form that initial relationship with a CISO?

(discussion  on LinkedIn)

VIDEO: 15 Ways to Make ‘First Contact’ with a CISO
How to Get a Prospect to Test Your Security Product

Here’s what cybersecurity professionals say works to get them to be aware and ultimately test a security vendor’s product.

(discussion on LinkedIn)

VIDEO: How to Get a Prospect to Test Your Security Product
Is Traditional InfoSec Marketing Even Necessary?

CISOs are repeatedly saying that they don’t respond to traditional marketing ploys. The way to get to them is through relationships. If that’s true, why even bother with traditional security marketing?

(discussion on LinkedIn)

VIDEO: Is Traditional InfoSec Marketing Even Necessary?
Hey Security, It’s Time We Had “The Talk” About PR

Security vendors are eager, aggressive, and sometimes make requests of their PR firms that aren’t in line with community behavior in the security marketplace. Here is a list of eight behaviors security vendors have historically requested that they should avoid.

(discussion on LinkedIn)

VIDEO: Hey Security, It’s Time We Had “The Talk” About PR
9 Reasons Why Selling Fear Does Not Work on a CISO

When InfoSec vendors sell FUD (fear, uncertainty and doubt) they’re causing far more problems than they’re aware of and it’s starting to hurt the industry as a whole.

(discussion on LinkedIn)

VIDEO: 9 Reasons Why Selling Fear Does Not Work on a CISO


Creative Commons photo credit to Flickr user davidd.



AT&T’s ever-erratic pricing has forced me to cancel my service.

Every year I put a note in my calendar to contact AT&T to get on yet another plan to reduce my phone/TV/Internet bill. The provider always has deals that last a year. For five years I’ve called their customer loyalty department and they usually give me a good deal. Nobody wants their bill to increase, yet every year I have to to go through this pointless exercise that I know is a waste of my time and is surely wasting AT&T’s money. It doesn’t make me more loyal. In fact, this year it forced me to quit.

More than a year ago I switched my Internet service to a local option that offered the same price yet was four to five times faster than AT&T.

Once I made the switch I still used AT&T for TV and home phone.

Just recently I received a $177 bill from AT&T. I didn’t remember what my monthly bill was, but I thought that was extraordinarily high. I had made a one-year deal with them but forgot for how much (Turns out it was for a little more than $100 a month). I looked at my bill history and noticed that my one-year fixed contract had been gradually creeping up month after month. I’ve never paid for any additional services ever. It should stay the same, but it hasn’t. AT&T has gradually increased my bill.

Service Month Bill Amount
July, 2016 $104
August, 2016 $108
September, 2016 $121
October, 2016 $121
November, 2016 $121
December, 2016 $120
January, 2017 $128
February, 2017 $128
March, 2017 $128
April, 2017 $128
May, 2017 $141
June, 2017 $177

After seeing that $177 bill I called up AT&T’s customer loyalty department to see what they could do to lower it. They could get it down to $140 plus taxes but also offered to completely switch me to DirecTV for $100 a month plus taxes. I didn’t want DirecTV. I asked them if they could lower my bill anymore as I wanted it back to the original pricing, not 75 percent more. They said they couldn’t go any lower than $140. I asked if $140 the final amount and they said that there would be taxes and fees but they couldn’t quote me that amount over over the phone. The next day I received a quote via email which was for $183! So, they “lowered my bill” by raising it yet another $6. I shouldn’t have ever called.

It’s now time to leave AT&T

I had enough of having my chain yanked and I was tired of making these yearly calls and tracking my ever increasing bill and paying for hundreds of stations I never watch.

First step is to see how I’m going to replace the services I have with AT&T, which includes home phone, general cable channels (with sports), and HBO.

I currently pay $65/month for my Internet service through a local provider. I can add local phone to that package for an additional $34/month.

YouTube TV is available in my market and that costs only $35/month

I can purchase HBO à la carte through HBO Now for $15.

Now to compare the two TV and phone packages:

  • AT&T: $183
  • My package: $84

That’s a savings of $99/month or $1188 a year!

Wait! I can’t leave yet

I went to my local provider to make the switch away from AT&T for my home phone. I wanted to keep my phone number.

I signed up for YouTube TV and then called AT&T to cancel my TV service. Turns out that because my phone is going to be ported in two weeks my account is locked. They can’t make any changes to it even though the TV is a completely different service. I was forced to keep AT&T for another two weeks. I asked what I could do. They said I should contact the phone provider about moving up my date (not possible) or releasing the port.

I called the local provider and told them my story about my locked account and they said they had never heard of this before. Releasing the port is not an option as it would make the number I want to keep available to anyone. I asked AT&T if they can put a cancellation request for the switch over date in two weeks. They said they can’t do that and I have to call back again and make the request.

I’m of course aggravated, but none of this would have happened if they hadn’t been so sneaky about increasing the pricing of my never-changing service. But I’m happy that they did it because now I’m going to save more than $100 a month. AT&T and their competitors are up against competition that’s both lower and consistent. It’s only a matter of time before everyone wises up. Their days are numbered.


Creative Commons photo attribution to smswigart.


Why Online Privacy Matters Even if You’ve Got Nothing to Hide #privacystory

April 13, 2017

These stories should sufficiently freak you out as to how others, often well-meaning people, abuse our online privacy.

Continue Reading

How to Get Kicked Out of An Event

March 30, 2017

Even if you never did want to get thrown out of an event, wouldn’t you just like to know how far you could push someone until they say, “ENOUGH!”?

Continue Reading

The Worst of the Worst Malware – RSA 2017

March 22, 2017

From RSA, really bad malware stories, especially the last one.

Continue Reading

Highlights from RSA 2017 on TWiT’s Tech News Today

February 19, 2017

Hey all, I made an appearance on This Week in Tech’s “Tech News Today” just this last Friday, summing up the entire week at the 2017 RSA Conference. It’s all about security. Give the show a watch.

Continue Reading

It’s Either “The Jetsons” or “Mad Max” for the Future of Trade Shows – Content Marketing Tips

January 25, 2017

Are trade shows headed for a Tomorrowland future or are they about to fall apart because nobody wants to pay for a trade show booth anymore?

Continue Reading

10 Years in. How We Started, Evolved, Survived, and Succeeded Running a Content Marketing Business

January 18, 2017

In our first ten years in business we’ve had to adapt, adapt, and adapt. Here’s what we’ve had to do to stay relevant.

Continue Reading

20 Horrific Conference and Trade Show Staples That Need to End

December 14, 2016
Overhead view of half-filled auditorium

NO! Make it stop. These conference tropes have gone on for too long. What to end and new solutions.

Continue Reading

A No-Nonsense Approach to Building Trust for Security Vendors

October 31, 2016
Relationships Relationship Relations and security vendors

For years IT and security vendors have been frustrated with building trust with their audience. With all the advertising and trade show money spent, many core issues around relationships are missed.

Continue Reading