Our team looks to connect and profile buyers from around the world.
This week we sat down with the Chief Information Security Officer at Xactly Corp, Matthew Sharp. Matt is a 2x CISO with over 20 years of IT and cyber experience and co-author of the CISO Evolution. Matt shares his insight on what sales people can do right to win their deals. Learn what Matt has to say about mistakes CISOs make, how sellers can help them, and help themselves
What mistakes do you think many CISO make when attempting to make a purchase for a solution & how can they remedy it?
RFPs represent a significant misstep for cybersecurity leaders, effectively neutralizing the unique competitive edge and features that vendors offer by reducing their propositions to lowest common denominators. This process often results in vendors appearing indistinguishable from one another, which stifles innovation and overlooks potentially superior solutions.
For instance, in my previous role, a valuable tool that significantly outperformed traditional SIEM systems was identified without an RFP. It offered advanced telemetry and a more comprehensive signal set, highlighting how RFPs can inadvertently eliminate groundbreaking products from consideration.
Furthermore, RFPs can be counterproductive, particularly when they are influenced by competitors, leading to biased specifications that favor predetermined outcomes. This not only wastes the time of vendors but also prevents organizations from adopting the most effective cybersecurity solutions.
What else can CISOs do?
CISOs should strategically assess their cybersecurity needs by initially selecting a list of suitable vendors that align with their specific requirements. This involves leveraging insights from trusted partners, engaging with peer networks in CISO forums, and consulting authoritative sources like the Gartner Magic Quadrant for expert analysis.
Upon defining core requirements and establishing budget constraints and technological frameworks, CISOs ought to refine their choices. Engaging with internal teams to pinpoint existing security gaps is critical, as is the subsequent interrogation of potential vendors regarding their capabilities to address these vulnerabilities and their potential to introduce beneficial innovations.
Key considerations should extend to the availability and expertise of the vendor’s support team, cost-effectiveness, and confidence in the vendor’s capacity to not only address immediate challenges but also to scale and evolve as a long-term partner in fortifying the organization’s cybersecurity posture.
Thoughts on Gartner? Some vendors will say “it’s pay to play.”
The notion that industry analysis and peer review platforms like G2 operate on a “pay to play” basis is often overstated. These platforms play a significant role in shaping the decisions of CISOs and security teams, providing objective analyses and reviews that contribute to the development of an organization’s security infrastructure.
Such analyses are pivotal, potentially influencing up to 50% of purchasing decisions. While opinions on the value of services like Gartner may vary, the impact of the data and insights they provide cannot be dismissed. Even if one personally doubts the objectivity of these platforms, their influence on less technically versed decision-makers underscores their importance in the broader decision-making landscape.
Gartner states a purchasing decision for IT projects involves at minimum 7 people with 5 not being involved in IT at all. Those 5 individuals, what are they most focused on and how can a salesperson help address some of those key questions/topics discussed?
Recognizing that many key stakeholders in IT purchasing decisions are outside the IT department underscores the need for CISOs to master business communication, as highlighted in my book, “The CISO Evolution.” It’s crucial for CISOs to articulate cybersecurity concerns in terms relevant to business risk and growth opportunities, facilitating project approval.
For sales professionals, the strategy lies in comprehensively understanding the buyer’s ecosystem and the roles various individuals play within the purchasing process. Employing a structured approach, like MEDDPICC or Vista’s proprietary framework, to navigate the sales lifecycle and engage influencers and decision-makers is essential. Tailoring communication to the unique perspectives of diverse stakeholders—including consumers, economic and technical buyers, as well as legal, finance, HR, and end-users—enhances the likelihood of successful engagements. This approach not only involves identifying each stakeholder’s role within the purchasing cycle but also maintaining active engagement with all parties to secure deals effectively.
What are sales people doing right these days and what are they doing wrong? How can salespeople improve to help their prospect sell internally?
Effective sales differentiation arises when sales professionals thoroughly understand the economic impact on a client’s industry and tailor conversations to address specific concerns. Success hinges on demonstrating a deep comprehension of the customer’s challenges and how these can be mitigated. Sales efforts should prioritize the customer’s needs over product features, incorporating a comprehensive grasp of broader macroeconomic factors, such as AI and industry-specific issues, into their solutions.
The practice of making unfounded claims about the simplicity of product integration, often contradicted by the complexities of change management and system tuning, can severely undermine credibility. A more constructive approach involves clearly outlining the onboarding process, showing empathy for the customer’s procedural landscape.
To effectively support a customer’s internal selling process, sales representatives must be well-informed about the customer’s problem areas, risk assessments, and relevant success stories. This requires a holistic understanding of the decision-making ecosystem, including the distinct needs and concerns of all stakeholders involved in the purchasing decision.
Any other information for sellers
Avoid using AI to generate emails based on LinkedIn profiles. The overuse of similar introductory lines and generic requests for time reveal a lack of genuine effort in understanding the recipient’s role, industry, and personal achievements. Genuine research and personalization are crucial; arriving at a meeting unprepared is a surefire way to fail.
Being unaware of significant achievements, such as published works, indicates insufficient research and interest. Effective communication involves seeking permission and showing respect for the recipient’s existing knowledge and experiences, rather than making assumptions about their needs or challenges. Engage meaningfully by asking if the recipient is familiar with concepts like the “kill chain” before offering insights, demonstrating a respectful and personalized approach to addressing their potential problems.
How can people learn more about you
Discover more about my professional background and insights on LinkedIn. My book, “The CISO Evolution,” available for purchase, offers valuable perspectives for sales professionals. It delves into the daily challenges CISOs encounter and their strategies for overcoming them.
Reading it equips sellers with the knowledge to transition from mere vendors to trusted partners, fostering a deeper understanding of the internal selling dynamics faced by CISOs.
