Selling Security

Selling Cybersecurity: What We Can Learn From The Ice Bucket Challenge

In July/August 2014 the ALS Ice Bucket Challenge changed forever how charities should have organised their fundraising efforts. Replacing the usual guilt-trip approach with something fun/’socially mandatory’ resulted in hundreds of millions being donated to a cause few people had even heard of, let alone cared about.

People gave to ALS not because it was more deserving than other charities, they gave because to NOT do so attracted negative social repercussions most of us could not ignore. This was more than a little hypocritical as I expounded upon here, but this is now the social media-driven world in which we live.

But it WAS also fun! To do and to watch.

That said, I seriously doubt 99 people out of 100 who did the challenge either gave to ALS charities subsequently, or remember now what ‘ALS‘ is even the acronym for. They may have known at the time, but the details are no longer important unless ALS has a direct impact on their lives or the lives of a loved one.

These are not bad people, they are you and me.

The fact is that the number of diseases affecting humans is in the tens of thousands, the number of charities ‘serving’ them in the millions. 99.9% of these charities do the exact same thing, and have done this since time immemorial; show you the effects of the disease on someone else and ask you to care.

Almost all charities are still ‘advertising’ in the same way, when it’s only the ones that truly stand out that get the lion’s share of our money, let alone our volunteer time.

The problem is that we are so inundated with requests to give that we don’t even see/hear them any more. We are immune to the very feelings of guilt/societal obligation/altruism the charities are relying on to get you reaching for your wallet.

But in the end; “The definition of insanity is doing the same thing over and over and expecting different results.

Though far less dramatic and controversial, people trying to sell cybersecurity are doing almost the exact same thing. The original title of this blog was actually “Selling Cybersecurity: Fear is WHY the Board Don’t Care!” as those who should be worrying about security are simply numb to the whole thing. They just don’t care any more, if they ever did in the first place.

Headlines abound with data breaches, fines levied, and CEO’s disgraced. The more of this we see, the less we give a damn. We have already become ‘snow-blind’ to the possible, even likely consequences.

This is our fault. As security professionals it is OUR job to talk to our prospective clients in THEIR language. WE have to understand that our clients probably don’t care about security, and probably never will. WE have to give them an ROI.

As an analogy, do you care about your car insurance? What would a car insurance salesman have to do for you to be anything other than dismissive, or even downright rude?

It’s actually OK that they don’t care. If you said that you cared about all human diseases I’d say you were full of %^$£. But if you want them to actually buy something from you you’d better be able to change the conversation to something of interest. Interest to THEM that is, because of course they care as little about your business as you care about theirs.

Not caring does NOT mean doing business without ethics or integrity, in fact it’s more honest if, and only if BOTH sides benefit.

From PCI, to PSD2, to GDPR, to every regulation that will ever come down the pike, vendors will scramble to find ANY motivator to get organisations to spend money. The only motivator that will ever gain traction is one that’s good for their business. Fear of breach/fines/reputation loss are nothing in the face of how spending money on security affects the bottom line.

So how do we change this conversation?

Frankly I have no idea, and anyone who can get even close the effectiveness of the Ice Bucket Challenge in cybersecurity sales will rule this little slice of the world. But what I’m NOT going to do is waste my time telling clients things they could not care less about and expect them to throw money at me. In fact, I’m going to question why they think they want my services in the first place. Because if it’s not for a reason that make sense to their business the project will fail and it WILL be my fault regardless of any evidence to the contrary.

There will of course never be an Ice Bucket Challenge for cybersecurity as a whole, but there CAN be an equivalent paradigm shift in each organisation you talk to. You’re there because they have to do security, not because they want to, nothing you say about security outside of a business-benefit context will matter to them.

You just have to find what that benefit is.

[If you liked this article, please share! Want more like it, subscribe!]

Don't Hate the Salesperson

Don’t Hate Salespeople, Hate the Person

[OK, so you shouldn’t hate anyone, but; “Don’t Have Significant Issues With…” is nowhere near as catchy.]

In an otherwise spot-on article by Peter Smith; “Why do we hate (our own) sales people?“, he made what I believe is a fundamental error. Especially given his premise.

He says of salespeople that they are the “…life blood of the company…”, that; “If they don’t sell, the rest of the company doesn’t work.“, and finally that “These are your top performers.“. It’s that many salespeople actually see themselves this way that causes a lot of the resentment or even hatred.

There is absolutely no questions that sales is a critical function in any organisation, but it’s not the most important. There is no such thing as a most important department. It’s like saying the heart is the most important organ in body, just try living without your liver.

Who makes the products or services they sell? Who delivers them? Who arranges all the financing etc? Who ensures the contracts are in order? Without any one of these things no company can survive. A real salesperson is only ever as good as the things they sell, and the teams around them.

I say a ‘real’ salesperson because they are the ones with both the integrity to only sell what the client needs (not asks for), and to use his/her entire support team in the process to ensure mutual benefit.

From my experience, the majority of my issues with salespeople fall into three main categories:

  1. Lack of Product/Service Knowledge: We’ve all met salespeople like this, all smiles and no substance. This is not a salesperson, this is a clown, a real salesperson is extremely well versed in his/her wares. They may not be an expert in the overarching subject (cybersecurity for example), but they know who is, and whom to bring to the table when required to answer the prospect’s questions. The best salespeople I’ve worked with are facilitator who piece together solutions by putting the right people in front of each other.
    o
  2. Selling to Their Quota: I use the word hate way too often, but I REALLY hate the American way of selling. The quota system is ridiculous, and forces salespeople into a never ending spiral of price compression and end-of-quarter discounts. You sell my time as a consultant for half what it’s worth just to reach your target and we’ll having a very short conversation. Words like ‘fired’ and ‘incompetent’ will be used liberally.
    o
  3. Selling Outside of Their Skill-Set: To me there are two types of salesperson:
    o
    Hunters
     – Very aggressive, easily bored, hates detail, DESPISES paperwork. Basically, these folks want to get in, get the deal signed, and move on to the next ‘battle’.
    o
    Growers – Less aggressive, and tend to prefer to relate to the client on a more personal level. These are the folks who will take the initial sale and turn it into years of up-sells / cross-sells though their deepening understanding of a) the client’s business b) the client’s people, and c) the state of their security program.
    o
    Selling outside of your skill-set is a sure way to mess the whole thing up for everyone.

A real  salesperson does none of these things, and I have met some truly exceptional salespeople whom I am also honoured to call friends.

So if you hate salespeople, you either have a company full of bad ones, or you have no idea what they do. Selling is difficult, VERY difficult, and a good salesperson has a skill-set most of us cannot even hope to duplicate. As an introvert, the very thought of doing what they do every day gives me the willies. And that is just the tip of the iceberg. From research on prospective customers, to getting the first meeting lined up, to pitching an appropriate statement of work, the amount of work that goes into a sale is enormous.

From the other side, and as Peter Smith said very eloquently; “If a person is worried about having sales in their job title, then they probably do not have the right DNA.“.

Salespeople are necessary, they are NOT a necessary evil. But if you think you have what it takes to be one, try it for 6 months, 99% of you will beg for your old job back.

I know I would.