As I mentioned in theĀ first issue of this series on the CISO/security vendor relationship, almost all B2B security vendors want to reach CISOs and CSOs with their marketing efforts.
Take a step back and think about the receiving end of this equation. How are CISOs and CSOs supposed to manage their business if they also have to constantly manage all the security marketers vying for their time? Theyāve got a tough enough job within the four walls of their organization in addition to dealing with the endless barrage of intrusions from all over the world. How are they supposed to entertain pitches from EVERY SINGLE SECURITY VENDOR ON THE PLANET?
Join the conversation on LinkedIn
Should ā15 minutes of your timeā be a security vendorās first request?
Recently, I had lunch with a CISO who I had previously interviewed on camera for one of my clients. Weāll call themĀ Company X. My video interview with the CISO appeared onĀ Company XāsĀ blog. It just so happens that someone atĀ Company X, who I didnāt know, was pitching the CISO through a barrage of emails asking for just ā15 minutes of his time.ā With the continued non-response, the person just kept following up, sometimes with attempted jokes, trying to poke fun at the CISOās non-response.
Annoyed by the constant āpay attention to meā intrusion, my CISO friend showed me the emails and dejectedly said, āThis is my life.ā
My CISO friend is a nice guy, but you canāt count on that to get a meeting.
āThey donāt have time to meet with you because theyāre nice,ā said Bruce Barnes (@bbarnes84), co-founder ofĀ CIO Solutions Gallery.
āIf you are in sales and request 15 minutes of my time, I request five minutes of yours first. Take five minutes and do a little external research on my company before you send over a note,ā said Mike Johnson, CISO atĀ Lyft, in a post on LinkedIn.
In this case, the security vendor didnāt spend five minutes. If he had, he would have known that this CISO was actually onĀ Company XāsĀ blog.
I asked my CISO friend, if the salesperson had mentioned his appearance onĀ Company XāsĀ blog, would he have responded.
He said, āOf course.ā
This salespersonās request for time and the constant follow up begs two obvious questions:
- When has chronic pestering, especially with a C-level employee, ever worked as a sales technique?
- And when has ācan I get 15 minutes of your timeā truly only been 15 minutes? The person who is asking for the time should set the clock and end the conversation at 15 minutes. That NEVER happens. Donāt try to take up as much time as possible to make the sale. It puts the onus on the CISO to awkwardly cut the meeting at the imposed time.
āFifteen minutes of your time,ā the nuclear option
Some vendors are so desperate to get a CISOās attention theyāll just show up at their place of business, hoping for a quick meeting. In other industries, such as entertainment, weāre sometimes pleasantly delighted when we hear stories of hopefuls stalking big executives for a āchanceā run in and finally getting their big break.
That method doesnāt play so well with security-minded CISOs who wonāt appreciate being ambushed. Such was the case with Peter H. Gregory (@peterhgregory), executive director ā CISO advisory services,Ā Optiv. Hereās his tale:
One day our reception center called to tell me that a vendor was in the lobby for our meeting. I checked my calendar… no meeting. It was a busy day but I figured I’d see who it was.
I met the vendor ā there were three people, and they thanked me for our meeting.
I replied, āWhat meeting?ā
They answered, āWe sent you an invite!ā
I said, āI never responded because I have auditors here this week.ā
They responded, āBut we sent two people on flights to meet with you.ā
I responded, āSo sorry, but you should have confirmed this. I’ve got to go, nice meeting you.ā