The “15 Minutes of Your Time” Request

I'm taking a gamble that you'll just be nice to me

As I mentioned in theĀ first issue of this series on the CISO/security vendor relationship, almost all B2B security vendors want to reach CISOs and CSOs with their marketing efforts.

Take a step back and think about the receiving end of this equation. How are CISOs and CSOs supposed to manage their business if they also have to constantly manage all the security marketers vying for their time? They’ve got a tough enough job within the four walls of their organization in addition to dealing with the endless barrage of intrusions from all over the world. How are they supposed to entertain pitches from EVERY SINGLE SECURITY VENDOR ON THE PLANET?

Join the conversation on LinkedIn

Should ā€œ15 minutes of your timeā€ be a security vendor’s first request?

Recently, I had lunch with a CISO who I had previously interviewed on camera for one of my clients. We’ll call themĀ Company X. My video interview with the CISO appeared onĀ Company X’sĀ blog. It just so happens that someone atĀ Company X, who I didn’t know, was pitching the CISO through a barrage of emails asking for just ā€œ15 minutes of his time.ā€ With the continued non-response, the person just kept following up, sometimes with attempted jokes, trying to poke fun at the CISO’s non-response.

Annoyed by the constant ā€˜pay attention to me’ intrusion, my CISO friend showed me the emails and dejectedly said, ā€œThis is my life.ā€

My CISO friend is a nice guy, but you can’t count on that to get a meeting.

ā€œThey don’t have time to meet with you because they’re nice,ā€ said Bruce Barnes (@bbarnes84), co-founder ofĀ CIO Solutions Gallery.

ā€œIf you are in sales and request 15 minutes of my time, I request five minutes of yours first. Take five minutes and do a little external research on my company before you send over a note,ā€ said Mike Johnson, CISO atĀ Lyft, in a post on LinkedIn.

In this case, the security vendor didn’t spend five minutes. If he had, he would have known that this CISO was actually onĀ Company X’sĀ blog.

I asked my CISO friend, if the salesperson had mentioned his appearance onĀ Company X’sĀ blog, would he have responded.

He said, ā€œOf course.ā€

This salesperson’s request for time and the constant follow up begs two obvious questions:

  1. When has chronic pestering, especially with a C-level employee, ever worked as a sales technique?
  2. And when has ā€œcan I get 15 minutes of your timeā€ truly only been 15 minutes? The person who is asking for the time should set the clock and end the conversation at 15 minutes. That NEVER happens. Don’t try to take up as much time as possible to make the sale. It puts the onus on the CISO to awkwardly cut the meeting at the imposed time.

ā€œFifteen minutes of your time,ā€ the nuclear option

Some vendors are so desperate to get a CISO’s attention they’ll just show up at their place of business, hoping for a quick meeting. In other industries, such as entertainment, we’re sometimes pleasantly delighted when we hear stories of hopefuls stalking big executives for a ā€œchanceā€ run in and finally getting their big break.

That method doesn’t play so well with security-minded CISOs who won’t appreciate being ambushed. Such was the case with Peter H. Gregory (@peterhgregory), executive director – CISO advisory services,Ā Optiv. Here’s his tale:

One day our reception center called to tell me that a vendor was in the lobby for our meeting. I checked my calendar… no meeting. It was a busy day but I figured I’d see who it was.

I met the vendor – there were three people, and they thanked me for our meeting.

I replied, ā€œWhat meeting?ā€

They answered, ā€œWe sent you an invite!ā€

I said, ā€œI never responded because I have auditors here this week.ā€

They responded, ā€œBut we sent two people on flights to meet with you.ā€

I responded, ā€œSo sorry, but you should have confirmed this. I’ve got to go, nice meeting you.ā€

Join the conversation on LinkedIn