Forget Trying To Help Clients Become Compliant

fireImminent Danger, Not Compliance Requirements, Will Move CISOs

Undeniable justification is built when the client sees imminent danger.

The security sale is powerful simply because every company you deal with has inadequate security protection. And they always will because the hackers are always one step ahead of the rest of us. As technologies continue to evolve, you should be providing more DETECTION type controls, and upgrading your client to more sophisticated, and perhaps remotely managed security systems. Compliance concerns will not drive this initiative – but danger will.

Squashing the Typical IT Response

I’ll never forget a sales call I had with an electronics manufacturer in the southeast years ago. After weeks of trying to get a meeting, we finally made our way in to see the CIO and several members of the IT support staff. It seemed like every question we came up with, and every issue we referenced, they “Had if covered.”

That seems to be the common theme with IT people – they always have it covered.

After about 45 minutes of this back and forth conversation, we were clearly headed nowhere. This meeting was a waste of time. Gathering our documents, I made one last ditch effort. Looking at the CISO I simply said, “It sounds like your team has it covered. It’s amazing to me when a small company like yours has such as sophisticated security strategy. Over the past year NASA, the Pentagon, the FBI, and the CIA have all been compromised. I don’t think I’ve even been inside a company that had better security than these organizations. How do you do it?”

On my way out the CISO stopped me. “We need to talk,” he said. Apparently his team thought they had it covered, but he wasn’t so sure. Finally we were ready to engage is some honest discussion.

Compliance and Cyber Crime Threats Don’t Work – So What Does?

IT People, according the recent reports from the Wall Street Journal, are afraid to admit they have security problems. So, where do you take these meetings? If compliance and cyber-crime are not sufficient motivators, what will create the justification needed for the security sale?

Two Powerful Pathways to New Opportunities :

  1. Demand Generation Events: In my Event Marketing Success Kit, I lay out a complete strategy for inviting key decision makers to an educational event, with a well planned program that will convert them to clients using risk assessments. On average we see conversion rates of 75% or more from attending to participating in the assessment process.  Why? Because the need is real – but it requires some honest discussion at the asset owner level.
  2. Client Business Initiatives: Companies all around us are in the process of migrating to new, disruptive technology applications. We see a tremendous migration to cloud, BYOD (Bring Your Own Device,) big data, and collaborative technologies. Each of these represents a major change in the computing architecture, requiring a new look at security. This is the perfect time to raise the security issues.

In either case, asset risk levels are affected, and there’s an opportunity to review security with your clients. Notice that we’re not waiting for them to initiate the requisition of security product. That’s the third way to sell, but not a good one. Product proposals without proper justification only lead to price wars.

© 2014, David Stelzl


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s