Since starting the CISO/security vendor relationship series, all the CISOs I’ve spoken to have repeatedly said they are far more responsive to relationship making efforts than they are to any traditional marketing, email marketing, or sales calls.
If that’s the case, why don’t all vendors just double-down on relationship marketing efforts?
“Relationship marketing is critical, important, and frankly, the right way to do business,” admitted Michael Parker, VP of marketing, Armis. “However, relationship marketing is not scalable like traditional marketing.”
As Parker pointed out, the cost per digital marketing impression is $.01 and requires little management. The cost of a dinner or golf game with a CISO starts at $100 and requires some of your most expensive employees to attend and engage.
“Forming a relationship with each one of them is not possible, especially if you are a start up with a small staff,” added Parker. “Add to that the fact there are hundreds of security companies out there all trying to influence this same, executive, CISO, security professional target. The CISO’s attention ends up being a rare, precious, and expensive commodity.”
Trying to stay visible in a very crowded marketplace
This dynamic of “we have no choice, we must market ourselves” is most notable at trade shows.
“At some point, a vendor is big enough where they feel like they have to spend all this money on traditional marketing, even if it doesn’t make much (if any) difference,” added Tomhave.
At huge trade shows, like RSA and Black Hat, large security companies have little choice but to attend and sponsor with a very large presence. They’re not doing it to necessarily win, but rather to not lose. If they don’t, their competition will define their story.
“Why isn’t Company X here? Oh, I hear they’re having some major internal problems.”
Why aren’t the CISOs here looking at our huge expensive booth?
“It’s an awkward truth in the industry, but the last person most everyone in InfoSec ever wants to speak to again is yet another enterprise sales rep,” said Jeremiah Grossman (@jeremiahg), CEO, BitDiscovery. “This is predominately what customers experience when visiting trade show floors at conferences. It’s mostly hard sales and marketing claims, without anyone around with solid technical domain and product knowledge to answer questions. As a consequence, the real decision-makers (i.e., CISOs) rarely visit the booths, and the vendor/sponsor ROI diminishes.”
Grossman tries to push for smaller, more intimate, low-pressure social events like mixers or small dinners.
He’s had huge success with these events often delivering an ROI 10 times that of sponsoring a booth.
“When it comes to conferences, RSA and others, you have to treat each differently — as the attendees and overall setup is unique between them,” said Grossman. “Some conferences are worth the booth money, others are clearly not. So you have to track your spend and metrics closely year-over-year as you experiment. For many events, spending a couple of thousand dollars on dinners or parties for a dozen or two CISOs can far outperform $50K in booth expenses.”
But Grossman admits these small events don’t always work. He’s had situations where he’s been at a conference trying to lure attendees to his party and the evening schedule was far too competitive. Too many other vendors were also hosting small events vying for the attention of the same CISOs and industry influencers.
Even the best security products require marketing
“No matter how good the technology, security (and high tech companies) must market themselves,” said Parker. “Even Peter Thiel said in his book ‘Zero to One’ that you need marketing – great product alone will not sell itself.”
Relationship marketing alone is simply not a feasible strategy. At most you could develop a relationship with 20 CISOs in a six-month span.
“How many of them would actually have a need in your space, and the budget to back it up? It’s not likely all of them,” said Parker. “Traditional marketing reaches the goals of establishing visibility and awareness of a cyber security solution.”
For most B2B security vendors, making a sale through traditional marketing alone simply won’t happen.
“Word of mouth is very important in the security space,” added Parker. “I believe the right model is use traditional marketing as a gateway to that relationship-based marketing.”