Breaking the cycle of poor vendor-CISO relationships: First and foremost, both sides need to embrace empathy and candor as foundational principles. Vendors must approach every conversation with empathy, recognizing that engaging with sellers is often just 10 to 20% of a CISO’s time, while engaging with CISOs may represent 90% of a seller’s focus.Sellers need to understand that CISOs juggle immense responsibilities and need conversations that are as value-packed and efficient as possible. Sellers who embed themselves in the security community take the time to understand nuanced challenges, and approach CISOs with genuine intent to help will stand out in the crowded marketplace.Likewise, buyers need to appreciate that sellers are not just “pushing products” but are trying to do their job. Sellers play a critical role in keeping their organizations afloat, which directly ties to budgets and the sustainability of the products CISOs rely on. When approached with sincerity and candor, sellers will often go to great lengths to build business cases, fight for discounts, or secure additional resources for buyers. It’s a two-way street, and the more both sides approach each other as partners rather than adversaries, the more productive the engagement becomes.Candor also has a critical role in improving vendor-buyer dynamics. Far too much posturing exists in these engagements, often creating unnecessary friction. While the origins of this dynamic are complex and rooted in cultural and structural issues, the best engagements I’ve had as a security leader are those where both parties cut to the chase. For example, a CISO might say, “We like your product and see value in XYZ areas. If we can agree on $XXX, I’ll push for a December purchase.”Similarly, sellers should be upfront about their priorities, whether it’s pricing, timing, or implementation details. This level of transparency eliminates guesswork and sets the stage for a much smoother process.
Creating a cybersecurity-specific marketplace would help: One potential enabler of these principles is to create a marketplace specifically designed for the cybersecurity world, a neutral platform where vendors and buyers can find each other based on real compatibility. Imagine a space where CISOs could explore solutions on their own terms, guided by peer reviews, detailed use cases, and industry-specific contexts. Vendors, in turn, could showcase their offerings in a way that aligns with what CISOs are actively seeking, rather than guessing or relying on cold outreach.This marketplace would go beyond just matchmaking. It could streamline the entire engagement process, from initial introductions to final agreements. For instance, it could incorporate tools for managing NDAs, proofs of concept, and master service agreements, making the path from discovery to decision as frictionless as possible. Vendors wouldn’t have to gamble on cold emails, and CISOs wouldn’t have to wade through irrelevant pitches. Instead, both sides could engage in a way that feels intentional and mutually beneficial.Ultimately, the goal is to move from a fragmented, often adversarial process to one that feels collaborative and aligned. The current model of cyber sales isn’t serving anyone well, but it’s not beyond repair. By addressing the root causes of frustration, the mismatched priorities, misaligned incentives, and lack of trust, we can create a system that works for everyone.In an industry built on principles of efficiency and security, our approach to sales and engagement should reflect those same values. It’s time for a refresh, and I’m optimistic that by working together, vendors and CISOs can create a better way forward.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3843082/the-cybersecurity-product-sales-process-is-broken-but-it-doesnt-have-to-be.html
