MAJOR UPDATE (10/09/18): The entire CISO/Security Vendor Relationship Series has moved to CISOseries.com. This is the news site. I’m leaving this post here as is with links updated to that site, but you can find everything there.
The relationship between security vendors and CISOs (Chief Information Security Officers) has become increasingly contentious, due in part to their co-dependency on each other:
- CISOs need security vendors’ products to improve their security posture.
- Security vendors need CISOs because they purchase security products.
Problem is that they sometimes drive each other crazy. The contention is evident when reading the flurry of industry posts on the subject on LinkedIn, and glancing at the rallying responses of security professionals and vendors alike.
I’ve reported on the security space for almost nine years and I see the frustration on both sides. My firm Spark Media Solutions works with both camps regularly, giving us unique vantage points.
I’ve decided to examine different aspects of the vendor/CISO relationship in a series for Forbes. Below are descriptions of and links to the articles. Please join in the active discussions on LinkedIn. I’ll update this post with new installments as they are published.
The CISO/Security Vendor Relationship series on Forbes:
VIDEO: Testimonials from fans of the CISO/Security Vendor Relationship Series At RSA, I ran into so many fans and contributors to the series. Here’s what they had to say about the articles, videos, and conversation. |
|
Do CISOs Fall for Obvious Sales Ploys? Should security vendors use the same fear tactic on a CISO that they use to scare my mom? (discussion on LinkedIn) |
|
VIDEO: Best responses to the article “Do CISOs Fall for Obvious Sales Ploys?” |
|
The “15 Minutes of Your Time” Request
The request of “15 minutes of your time” is seen as a gamble hoping that the CISO/CSO will be “nice to you.” Maybe that’s not the best tactic if what you’re selling is a solution to their security problems. (discussion on LinkedIn) |
|
VIDEO: Best responses to the article “The ’15 Minutes of Your Time’ Request” | |
Should You Market to the CISO’s Direct Reports?
Who within an organization should a security firm select to pitch their product? Should they go to the top of the food chain, or start partway down? (discussion on LinkedIn) |
|
VIDEO: Best responses to the article “Should You Market to the CISO’s Direct Reports?” | |
How to Uncover Security Concerns When CISOs Won’t Tell You
Most often a CISO won’t tell you their security concerns, but here are seven techniques you can use to figure out what they are. (discussion on LinkedIn) |
|
VIDEO: How to Uncover Security Concerns When CISOs Won’t Tell You | |
15 Ways to Make ‘First Contact’ with a CISO
CISOs universally agree that relationship selling is more effective than traditional marketing. How then do you form that initial relationship with a CISO? (discussion on LinkedIn) |
|
VIDEO: 15 Ways to Make ‘First Contact’ with a CISO | |
How to Get a Prospect to Test Your Security Product
Here’s what cybersecurity professionals say works to get them to be aware and ultimately test a security vendor’s product. (discussion on LinkedIn) |
|
VIDEO: How to Get a Prospect to Test Your Security Product | |
Is Traditional InfoSec Marketing Even Necessary?
CISOs are repeatedly saying that they don’t respond to traditional marketing ploys. The way to get to them is through relationships. If that’s true, why even bother with traditional security marketing? (discussion on LinkedIn) |
|
VIDEO: Is Traditional InfoSec Marketing Even Necessary? | |
Hey Security, It’s Time We Had “The Talk” About PR
Security vendors are eager, aggressive, and sometimes make requests of their PR firms that aren’t in line with community behavior in the security marketplace. Here is a list of eight behaviors security vendors have historically requested that they should avoid. (discussion on LinkedIn) |
|
VIDEO: Hey Security, It’s Time We Had “The Talk” About PR | |
9 Reasons Why Selling Fear Does Not Work on a CISO
When InfoSec vendors sell FUD (fear, uncertainty and doubt) they’re causing far more problems than they’re aware of and it’s starting to hurt the industry as a whole. (discussion on LinkedIn) |
|
VIDEO: 9 Reasons Why Selling Fear Does Not Work on a CISO
|
Creative Commons photo credit to Flickr user davidd.