If tools are the bones of cyber defense, then cyber security
services comprise some of the connective muscle. As cyber leaders, we get
pitched all of the time - bones, muscle, and a lot of filler .
A fair number of organizations seem to be attempting to
resolve complex cyber security issues by simply throwing money at potential solutions.
Many vendors have pitches that reflect this reality.
Some pitches simply make no sense.
Part of our job as cyber leaders is have a process that
balances the value of our time with the value that a pitch might provide. We do this by asking questions that quickly establish
the value add for getting further down the sales cycle.
Mine include the following:
What gap does this cyber
security solution being pitched fit?
Determine what the tool actually does, not what the marketing says that
it does. This means cutting through the buzzwords. It also means determining
what functions today versus what is “on the roadmap”. The difference might radically change the gaps
that the solution solves for today.
Is there a match
between that gap the tool fits and a prioritized need to fill that gap in my
organization? There are lots of
tools and lots of gaps. Not all of the tools will match the program gaps and
not all gaps are prioritized enough to be filled this year. Time has value too.
Don’t waste it on shiny things that you don’t need.
What is the business
value of this solution to our organization in compelling non-technical terms?
You’ll need to some forward thinking about how to frame the business value in
non-technical terms to the business leadership. Even if those don’t have a role
in approving the buying decision, their teams will likely be impacted by its
use. The bland text that the sales team will
likely offer to provide probably isn’t compelling enough. Thogh there are
exceptions, sales professionals often have never sat in your seat and likely can’t
determine the level of true business value inside your organization. Only you
can.
What additional
resources will “getting to done” require in terms of implementation, process
development, friction reduction, training, and metrics? The license is only
a small part of being successful with a security solution. You’ll need to align resources and timelines
to begin providing value as quickly as possible. You’ll start thinking through
these requirements during the pitch so that you can ask pertinent additional questions.
Be wary of sales teams that aren’t trying to determine the
answers to your questions. Some simply have no interest in your organization at
all. They’ll work to convince you that
you need an “X” regardless of whether you need it or already have a different
brand of “X”. Some just want to sell the
license and move on to the next customer.
You own getting the solution from “purchase” to “providing
value”. They don’t.
There is an opportunity cost for solutions that don't provide the intended value.
Use your time wisely.
Follow me on Twitter
for discussion and the latest blog updates: @Opinionatedsec1. Or, start your
own discussion using #crazygoodcyberteams on twitter or Linkedin and I'll read
it.
SEE ALSO
No comments:
Post a Comment