Our Blog

Practical advice for cyber security entrepreneurs. Learn from our experience.


Selling Solutions to CISOs; A 5 Minute Guide

A lot of people claim they’ve done it before. And there’s a lot of empty talk about what and how we think the CISO thinks. Let’s make some order, and figure out what it really takes to meet the needs of a CISO and deliver enough value to close the deal.

Step One: Skip the ‘our solution’ and go straight to their pain. CISOs already knows precisely what their challenges are this year. They know where the gaps are and what their priorities should be. A salesperson will be better off having an open conversation about the problems that the organization is facing than by presenting your solution. The CISO has already heard about so many solutions. What he really needs is someone that understands his problems.

Step Two: Speak in terms of use cases. If you can sell 3-5 use cases that are both important aned well known, this will make it easier for the CISO to apply your solution to his or her pains and see how it might help the team. It is very likely that the CISO already has several ‘white elephants’ that have already been purchased, but aren’t being used. What the CISO is looking for is a viable solution for a real pain.

Step Three: Present a compelling TCO for your product or service. It is well known that CISOs are suffering from a severe lack of security talent. One of the very real pains is understaffing. A way to ensure that your solution is viewed as critical is if it can be automated and managed by as few people as possible.  You should demonstrate how your solution will enable the organization to detect and combat cyber threats with less manpower. If your solution requires additional manpower, the game is over. You will never convince the CISO to buy it.  

Step Four: Make sure your solution is as user-friendly as possible. It is not enough to sell your solution to the CISO, you need to sell it to the IT department. The CISO will need his colleagues’ full cooperation for deployment and implementation. If you can demonstrate additional value to the IT department – that’s a winner.

Step Five: Resist the urge to side-step the CISO. Don't cave into quarter-end or year-end sales pressures and try to close a deal before its time. If you try to shortcut the CISO's procurement cycle by 'helping out' and talking to others before being told to do so, then you may be short-circuiting your relationship with the ultimate decision-maker. This doesn't mean that a professional salesperson can't engage the CISO around how to move things along more quickly. CISOs appreciate frankness, even if they can't move as quickly as the vendor would like to.

Simple steps, but critical for getting your solution through the starting gate. This process will also help you to identify the right customers, the ones that are worth your time and investment, and weed out the ones that aren’t going to make it through to the finish line.