Archives For Sales Strategy

Some of the Most Powerful Hacks Are Low Tech – But Extremely Creative

A Clever Ruse Is Priceless When It Comes to Justifying The Security Sale

Today I want to show you the one hack that always succeeds…with some practice, you’re assessment team will get in every time!

Continuing on in a series of articles on Assessing Risk, no assessment would be complete without testing the users. Once simple test comes in the form of social engineering. The problem is, most assessments leave out end-users altogether!!!!

Get The Details On Selling With Assessments In My Book, The House & The Cloud – Here’s a special offer that’s almost FREE

In this short video, a woman (Cleverly disguised as mother w/ crying baby) takes over the guys phone account in just minutes. This is the kind of thing your business-leader clients have to see…it’s so simple, it’s unbelievable.

…So simple, my son did this very thing to me just a couple of weeks ago – needing to make a change to his account (under my name) while I was traveling!  (Shame on Verizon – they let him in!!!)

SE-1

The End-User Is Your Client’s Biggest Hole In The

The balance between customer service, time crunch/deadlines, and keeping the security policy is not an easy one.

The baby crying in the background (an MP3 playing on this woman’s computer) creates the perfect “I’m an innocent, ignorant mother just trying to get this done for my husband…” scenario.

Who wouldn’t feel compassion for this poor woman? What would your clients do?

The Guy In The Video Is The Skeptic…This Is Your Client – The Decision Maker

As the video begins, you know it’s only 2+ minutes long. How can this be possible.

However, once she fires up the baby-crying audio, and starts with her dumb-blond act, you know she’s going to win!  It’s almost unfair!

Watch the Video – It’s Short…any ideas on how you can incorporate this?

I’m not saying you should make a call to their phone company with a crying baby in the background. But look at her face – who’s NOT going to help her?

I AM saying, you want to test the end-user’s ability to spot a ruse. That’s where the attack is going to happen…

I’ve heard it a million times – we don’t do free assessments!

This, my friends, is an assessment done in under 3 minutes! How much did it cost?

It’s a pen test…It’s not comprehensive, but it doesn’t need to be. This 2+ minute example demonstrates how just about anyone (willing to play the role) can break in, in minutes, with ZERO hacking kills.

So what is the likelihood someone will break into your client’s data?

It’s 100% every time, because, every time, there’s at least one sympathetic, authorized user, who will eventually succumb to the ruse of a creative hacker. It’s time to start thinking more strategically about assessments and closing business.

Copyright 2017, David Stelzl

Get The ONLY BOOK on Selling Security and MSP services: The House & The Cloud

SIEM viewpointWhat The Lazy MSP Companies Aren’t Showing Their Clients

Assessing Risk is the fastest way to land new logo business in the MSP arena. And if you want to build a long term, profitable business, you’re MSP is going to have to go MSSP…

(Note: I’ve purposely left out the heavy technical jargon to make this readable by sales – if you actually do the engineering work, you’re probably wanting a more technical deep dive. My goal here is to help sales reps sell the one thing that will overcome any IT budget objection.)

While 90% of the tech companies I speak to CLAIM they do security (on their website), only a handful actually do.  If you want to set yourself apart, learning to discover urgent issues (already present) on your client’s network will do it.

Over the past several months I’ve written numerous articles on how to sell, deliver, and convert assessments to long term annuity business.  This one last step in the actual assessing process is arguably the most important.

You Can’t Just Look At Perimeter Scans and Configurations

2017-06-22_07-57-50

In this YouTube video (published by Alienvault – below), the speaker is explaining the dangers of connecting to Tor or using BitTorrent, as examples of traffic symptomatic of botware. Check out 0:48 in the video below for more threats he uncovers…

These are the urgent issues you need to move deals forward!!!!

Traffic patterns also reveal reconnoissance efforts underway by hackers – thieves gathering information to be used in a future attack.

You also want to know if malware is already installed or in the process of being installed through phishing attacks or web-threats of any kind…port scans in most cases will not do this.

The problem is, most assessments I review in my coaching calls show nothing regarding traffic or connection activity between workstations and the outside.  Why?

Because it’s not easy.

In other words, the MSP providing the assessment is either too lazy or too cheap to do it, or just doesn’t know what they’re doing.

If you sell (or use pro bono) assessments, with the goal of opening new doors in the accounts you serve, make sure your professional services team understands the importance of traffic analysis and has the tools to do it….

Lots Of Data, No Connection, Equals Meaningless Data

AV SIEM

Today’s technology is great at logging data…but not so great at drawing out intelligence.

That is unless you know SIEM…Security Information & Event Management.

The ability to take all of that data from AV software, UTM firewalls, IPS devices, etc. and make sense of it has been a road block for just about any company short of large enterprise…

Until now…

There are several options including some UTM firewalls, products like AlienVault and Arctic Wolf (positioned for mid market), and BlackStratus’ recent entry into mid-market and SMB…Cybershark (Which can be white-labeled and offered with full SOC services – with little of no investment!)

With SIEM now available as a cloud offering, there’s really no excuse for not doing this.

Key Point in the video below (at 2:35) – None of this information is actually interesting unless you can get the analysis, and make the data actionable.

Unfortunately, most SIEM technology won’t really do this for you (Even  though AlienVault and others claim to). In the end, you (The Rep) must read the report and see if your client is going to be moved by it.

If not, rewrite the execute findings as a separate report – more to come on that in a future post.

This takes us back to an earlier article on QUESTIONS TO ASK…The most important part of the interview process is in gathering the mission critical data offered only by executive management.

MTD, RPO, Etc…think Business Impact Analysis…all security issues are disasters and should be viewed just like Disaster Recovery…But you’re competition isn’t doing this.

Key Moment In The Video (3:50)

2017-06-22_08-25-43

At 3:50, this video shows actual malware infections being installed – not only is this type of activity undetectable with simple observation, your Network Patrol Product is not going to see it either!

Only with something that looks at host intrusion does this become evident.  The good news – once you have an MSSP offering installed to do this type of analysis, it’s easy to justify keeping it there – this is annuity business that self-justifies.

Check Out The Entire Video Right Here

But Remember, this is not the most important tool – your QUESTIONS are.

Armed with the intelligence that comes from talking with executives and other asset owners, this information suddenly makes sense in helping a client determine their true threat levels, while providing you with the justification you need to move forward with MSSP.

Copyright 2017, David Stelzl

For more insights on how to sell assessments and larger security deals, check out one of the only books written to resellers and MSP providers on how to sell Security: The House & The Cloud…

BookCover

How Relevant Will Your Skills Be Over the Next Five Years?

Are You Prepared to Take On The Digital World, and Still Make a Profit?

Yesterday I had the opportunity to speak  to Executives at a Packaging/Manufacturing Company headquartered in Charlotte NC. The topic, IT Transformation.

You’re probably on the technology provider side if you’re reading my blog regularly, but don’t reading just because I’m talking about…Internal IT.

These execs invited me because they want their internal people to act more like outside consultants than IT custodians.

The same must be true of your team. In the past, it was okay to be technically amazing, while lacking the consultative skills of the old BIG-6/8 firms. Not so any more.  Everyone must make the move, From Vendor to Advisor – whether and IT admin or  third-party provider.

So, in today’s post my goal is to unfold the map and show you how to get from here to there (here being the legacy VAR model, there – the HIGH PRICED CONSULTANT).

The Catalyst to Change

The Back Story….

My business is designed to help people make the move…but looking back, there was a time where I had to make the move.

I knew, graduating from Drexel University, with my Computer Science Degree in hand, that I wanted something a little different. My classmates were going off to large IT departments to code  (in COBOL). That was not me.

I had spent the last 3 years of school working CO-OP jobs with McNeil Consumer Products (Makers of Tylenol)…crawling under desks with COAX cables and early networks, and lugging heavy refrigerator-sized PCs through the halls to various departments.

After graduation I was working for Bank of America (Then NCNB), exploring Token Ring and Novell networks…the bank’s very first local area networks (While at the same time trying to start up a technology VAR called PC Professionals with my brother-in-law(.

It was Fred Deluca, President of Telesis, a third-party cable provider, that really stirred up my entrepreneurial juices. He was intent on getting me to leave the bank and join him in a new venture.

But it was hard to leave…the private jets, the spacious offices, the allure of working uptown in the largest building Charlotte had to offer – After all, I worked for THE BANK!

I was restless but afraid to leave…entrepreneurship was in my blood.

The schools systems try to beat it out of you, but mine wouldn’t die. I was born to do something a little more adventuresome.

Then one day the applecart was upset. My boss was leaving the company to go sell for Wellfleet Networks. He said he’d be happy to recommend me for his position – but the writing was on the wall, there were  greener pastures out there in the wild…

That was Chuck Robbins – yes, Cisco Systems’ CEO,….

Within 2 weeks I followed Chuck out to door. As a Wellfleet Reseller, I partnered with Chuck to open up new opportunities in the Charlotte area…Our first big win was Rexham Packaging – a global deal that put both of us on the map.

Looking back, Fred and Chuck, along with several other mentors, led the way, encouraging me to get out there and do something new…taking a risk.

Eventually I joined a small band of technologist to help start and grow a southeast integrator – Piedmont Technology Group…which would later be split into three companies – nGuard, Stalwart, and the remaining third, sold to Forsyth in Chicago.

5 Aspects of Technologist to Consultant Transformation

Not everyone is cut out to work as a consultant.

Transforming technologist (who like the stability of big company trimmings, or the regular paycheck that comes with salaries) may not make it.

There are 5 tests to help identify the consultant…In my presentation yesterday, this was my focus. We dove into each one in some detail to help separate those who will continue working to keep the lights on, and those will go on to discover new land!

  • Can they only talk tech, or do they think in terms of things (ROI, Competitive Advantage, Operational Efficiency, Risk Mitigation)?
  • Are the tactical or entrepreneurial? The entrepreneurial thinker is a student…they never pretend to know everything…they create 100 times, fail 99, and discover the one that works…They take risks (but calculated risks, not recklessness). They are trusted advisors – they are trusted, they are able to advise.
  • More Interested in infrastructure or Asset Owners?  Computers are tools to the consultant. They make the job easier, faster, better…or something. Computers fascinate the technician; they enable the consultant.
  • Certs or Skills? The technician is building a resume of certifications, but he often lacks the skills necessary to bridge the gap between business and automation…he speaks in TLAs and is proud to say he know to dissect the Windows Registry.
  • Which does he see as more important, his knowledge or his character? Dale Carnegie told us years ago, 90% of success is character, the remaining 10% is skill or know-how.

The Final Third…

In the last section of my talk, I addressed the conversion process…

Once you’ve identified those who can make the transition, a discipleship process is needed to take them over…

Look at any high-priced consulting model (such as KPMG or PWC). There’s always a mentor program. They don’t hire their people with skills, and then just let them go…the mentorship program is a program of indoctrination and evaluation

They learn the language, memorize and practice the methodologies, and carry the brand badge forward…

Those who won’t make PARTNER are identified along the way, and set out on new career paths, usually with one of the firm’s larger clients.

From time to time these alumni are included to keep the family in tact, and the brand growing inside these client organizations.

It’s a well thought-out strategy to recruit, indoctrinate, purify, and expand…

How will your organization fair through this age of transformation and digitalization? Get on track with making the move from vendor to advisor, and remain relevant through the coming years…your business depends on it.

© David Stelzl

PS. Your next step: Read From Vendor to Adviser, and get the details on pricing models, proposals that close, discovery and analysis tools, and so much more…it’s the transformation every third-party provider must make.

How Long Will Your Business Remain Relevant…

…As Companies Around You Are Transitioning to Cloud, Consolidating IT, and Buying Less Hardware???

This morning, in my TechSelect Business Pillars Session, I delivered urgent steps of action EVERY technology reseller should be jumping on…here’s a summary:

Over the past 12 months, live event, one-to-many selling, has produced more leads and deals than just about anything.

The value of one MSP client in the SMB market averages at about $1500/month, or $18,000 per year – with a 5 year average retention rate, that’s just short of $100,000 per client!

Add advanced security to that deal and you’re likely to push your average up 20%…(Mid market deals, although harder to close, offer even greater potential if you understand the sales process I describe here).

What would your business look like if you could hit the numbers I reference in this video? What would it be worth to you to achieve this level of sales?

Find out in this 25 minute video how to re-engineer your business, with a new breed of security, now becoming a necessity in the SMB and mid-market space.

© 2017, David Stelzl

P.S. Get the step by step process in written form – The House & The Cloud

biometricsHow to Make Assessments Worth Selling

Think Like An Investor When Pricing

Most people invest at the wrong time (according to the Billionaire Investors Interviewed by Tony Robbins in his book, Money, Master The Game).  They jump on the bandwagon when things are high, and they sell when the market drops.

Running a for-profit assessment team in the early 2000s (for a global technology integrator) was more a lesson in financial management than sales for me.

Assessments are often sold at prices that leave little in gross profit.  Free assessments tend to offer no value, and simply leave the prospect disillusioned. And only a handful of these heavyweight documents ever result in any long-term financial gain.

Today I Want To Change This Lack-Luster Profit Prophecy Once And For All!

Here are Three Things to Consider That Will Change Your View of Assessment Profitability Forever.

  • Free Assessments Can Offer Some of The Greatest Returns on Your Investment.
  • High-end Assessments are Expensive To Sell – The Real Profit Is In The Aftermath.
  • Every Assessment Should and Can Lead to Annuity Business.

Free or High Stakes – Which Has The Bigger Payoff?

In my workshop, The Security Sales Mastery Program, assessments are central to the sales process. I covered some of this in an article on scope last week

When I bring up the idea of using free assessments to drive business, I often get pushback. In response, I offer up three examples of assessments I was personally involved in. Let’s take a look…

(Get More Details in My Book, The House & The Cloud)

The $125,000 Hospital Assessment

This first example comes from a large hospital assessment, sold and delivered in the southeast. If you know healthcare (and you work in security) you know it’s a match made in heaven. Lots of needs, endless compliance regulations (many unmet), and an industry with deep pockets.

Our assessment was priced for profit. It took a total of 40 man-hours onsite, and another 40 man-hours of analysis and documentation.  Total burden cost, about $10,000.  $125,000 with a cost of 10K is high margin business, even to lawyers.

However, there were NO follow-on projects.

It’s our fault!!! Back then I did not understand how to create business from an assessment. Most don’t – the conversion rates from assessments like these are low, averaging about 20 percent.

So our total gross profit landed at around $115,000. Not bad for a two week effort. However, the upside potential (had we closed just one of our recommended changes) would have more than doubled our take.

The $36,000 State University Assessment

The university deal was won on a last ditch effort to get in the door. The university was looking at a number of projects to upgrade both the administrative and student networks, however, largely undecided on their direction.

On the way out the door I casually suggested an assessment might bring clarity to their needs, and to my surprise, they agreed. A few days later we signed the $36,000 agreement and scheduled to begin work.

Our team spent about 3 man-weeks on this initiative, engaged with the IT team on campus. When the report was complete, a meeting was scheduled to review our findings with the university’s key stake holders.

Just 5 minutes into it, the leader of the pack put our document on his desk in a sudden pause, and complained, “This is not what we asked for.”

Keep in mind, our three weeks were spent, side by side, with their IT people. They were basically leading the charge…and here we were being reprimanded for missing the mark. As you might have guessed, the IT people stood back, nodding, as though they had nothing to do with our missing the mark. They effectively hung us out to dry.

The meeting ended abruptly, and the invoice was NEVER PAID.

Final gross profit: ZERO DOLLARS. Very disappointing…

Free Assessment: Thanks For Attending This Business Leader Event!

Finally, there’s the dreaded free assessment. My classroom example offers a total of five pages, including the cover letter. This particular example-giveaway was offered to small business owners on the heels of an educational event. Our audience was well qualified – mostly healthcare.

Our total time spent marketing and selling: About 2 Days plus a few days of phone follow up using call scripts from a product on my webstore

At the close of our risk-measuring initiatives (we closed about 30 assessments in that one event – in just 60 minutes!)…

One of the larger prospect-companies signed up for $36,000 in remediation work, signed an $8,000/month – 3 year agreement (and renewed for 3 more years), and went on to do at least two more projects worth $100,000 in revenue (figure 50% burden on projects and manage IT Services).

Total gross profit: $356,000 (and still going)…

It’s important to note the cost of sales. The first two projects required 3 to 6 months of selling. The third, 3 mailings, a couple of days on the phone (done by contractors),  1 live event (with speaker), and about 4 days between starting and delivering the assessment.

Which of these three deals would you choose to get paid on?  If you own a technology business, which would you choose to build your business on?

The Free Assessment Worked, So When Do You  Charge? What Would The Investor Do?

There is a time to charge!

So don’t just read the first half of this and think, “He always gives them away.” Free is RISKY.

Free requires the right audience, and a predictable conversion strategy – it requires knowing how to drive business through an assessment, just like choosing the right asset allocation has everything to do with an investor’s success.

All investments are tied to risk. Your paid assessment is largely a paper document, with a big price tag…If your paper offers tremendous value (like a stack of green paper with government markings on it) it’s worth a lot. On the other hand, if it has my child’s markings, it’s only worth something to me.

I’ve seen free assessments work in all size markets, however, as you scale the corporate ecosystem, closing gets harder. Client expectations grow as you engage with the more sophisticated organizations.

So, if the ROI looks great, you can afford to do assessments for free or for less. However, the likelihood of getting that follow-on business from a new, enterprise prospect is much lower than it would be in the SMB (Small/Medium Business) market.

So, in the larger markets, assume you’re going to charge when you assess.  But charge enough to make it worth your sales and delivery time.

Enterprise deals (like the first one mentioned above) are margin-rich. However, as you can see, we didn’t achieve our goal of long-term financial returns.

So, while the margin was high, the cost of sales was also high.

If you’re the selling agent, you may not care – you still get your fat commission check. On the other hand, if you get paid on bottom line performance, suddenly it matters.

How much does a 6 month sales cycle cost? Drive time, office time, lunches, etc. It all comes straight off the bottom line. Not to mention benefits, base salary, and opportunity costs associated with the seller.

In the SMB market, the financial picture is completely different. Small business prospects rarely spend much on remediation, however, the IT Services deal is there (unlike most enterprise accounts), so there’s your long-term profit.

There’s one more factor though. And it has to do with account control. Every sales person knows that controlling the deal is essential to the close. As soon as you hand in a proposal, you’re at the mercy of the prospect.

In the case of an assessment, once a contract is signed (with a fee attached), you no longer control the deal.

Don’t miss this…

Assessments are like proposals. Unless your company is highly specialized in audits/assessments (with high-end and frequent assessment/audit business), your quota achievement depends on closing follow-on business (projects and managed services). The fee-based assessment is controlled by the buyer – reducing your assessment-deliverable to a quote.

That’s were I went wrong on the University Deal…

IT was in charge – My team was directed by them, and executive involvement was not part of the plan. Yet, an asset owners’ inputs are the most important part of understanding risk! Without Asset Owner Understanding, closing follow on business (with a new prospect) is nearly impossible.

Assessing risk has everything to do with assets and their owners. Their business will live or die based on asset exposure and a realtime detection/response to cyberthreats.

Without leadership involvement, you can’t possibly understand the company’s data value, most crucial systems, and greatest threats. How often do IT staffers know how much down time can be absorbed or how much data can be lost before shareholder value is impacted?

Sure, IT has an opinion, but to deliver risk, your process must look more like a Business Impact Analysis Report than a typical Vulnerability Assessment.

Here’s the thing. When the assessment is free, you’re in control. What does that mean?

Since no one is paying you, you have the right (and authority) to proceed according to your recommended approach. If you’re wrong, you’ll pay for it on the back end. If the client balks, you can always stop the process. It’s free, so you’re in control.  Do it right, and business will follow (along with profits).

When money changes hands, the buyer is in control. If they want you to submit questions and take their written answers (without any face time), it’s their choice.

Since all sales have an emotional component, you know that face time is important to any high-involvement sale…even if that face time is virtual. There has to be trust and advice to be a trusted advisor. And that requires interaction with those making the decisions.

The final analysis – in the SMB market, lead with free assessments almost every time. The $500 to $2500 price tag on SMB assessments leaves no budget for IT services, and will take months to close.

In the enterprise, carefully weigh the risks, and what factors must be present to take on the risk of assessing pro bono. If the cards are stacked against you, go with the fee based, and sell them on the high-ticket approach to ensure your profits are worth doing the deal. Remember, you need asset-owner involvement to justify any assessment worth doing at this level.

Every Assessment Should Be Ongoing Business – Here’s Two Ways To Create Annuity Business

The biggest upside in both free and paid assessments is in the ongoing annuity business.

There are two ways to create annuity business with assessments (and maybe more that I haven’t thought of).

First, let’s look at the theory. Risk is a measure of impact vs. likelihood. You can’t affect impact; losing data or suffering downtime is going to cost the company, no matter how secure the company is.

Your variable is in likelihood. Solid security lowers likelihood (however, even GREAT security does not eliminate threats).

The assessment identifies (at least it should) the threats, and provides a measure of likelihood. Remediation is the process of reducing the likelihood to an acceptable level.

Managed services or MSSP, is your program designed to maintain an acceptable level of risk over a period of time – your long term annuity engagement.

So the first way to sell ongoing business through assessments is to demonstrate an organization’s unacceptable level of exposure, provide a way to reduce it.

And then show them how to maintain it by contracting with you to oversee, or detect and respond to issues as they arise.

The second way, generally better geared for enterprise accounts, and using fee based assessments, is to sell a quarterly update.

Keeping the same scope, and simply updating the document quarterly, can provide tremendous value to the client that houses sensitive data.

Two up-sells come with the ongoing assessment approach.  First, you’ll get a quarterly opportunity to check in on your recommended remediation steps. Over time, and given you are providing value, your client is likely to engage you to keep working on your recommendations as threats grow.

Second, the scope is likely to change over time as new IT initiatives invite you to consider added systems as part of your analysis.  One additional bonus, you’ll be up on all your client’s latest planned initiatives since new projects always affect the client’s security risk analysis.

Going forward, add this quarterly update with just enough money to cover your added cost (in other words, do it at break even). It adds value, costs you nothing, and offers great upside.

© David Stelzl, CISSP

 

00b4a67There’s Big Money In Risk Assessments

If You Know How To Sell Them…

But You Must Start Here If You Plan to Succeed:

A couple of weeks ago I wrote about free assessments – an incredibly fast (yet misunderstood) way to create business, when the prospect doesn’t understand their true needs (which seems to be more often than not).

The question is, is there a time to charge? And if so, how much, what scope, where do you start?

In this Part I article, I’ll show you where to begin when creating new business through fee based assessments…

What Your Client Needs, and Where to Begin Your Sales Process

First, it’s important to start where people are, and then take them to where they need to go. In other words, you can’t sell someone what they need, when they don’t yet know their needs. Great marketing starts by understanding the buyer’s desires, and then reframing that prospect’s thinking.

Most larger (fee based) assessment opportunities start with an IT person. If the prospect-company lacks an IT group, they’re probably too small to command a reasonable price for assessing. In that case, I’d go back to FREE ASSESSMENTS and sell them the recurring revenue-managed services & security program. That is what they really need…

Think Like a Psychologist, And Listen to Your Prospect’s Pressing Need…(But Don’t Sell Try to Sell Them Anything Yet) 

When asked to quote an assessment, you might be tempted to jump in and start your discovery; how many firewalls, how many servers, do you want applications assessed too?

This is the wrong approach!!!!

Leading with technical questions, leads to competing on price.

The IT person has something in mind…is it a true risk assessment? Did they call it something else; Pen Test, Vulnerability Assessment, Audit, etc. Do they know the difference? (Probably not).

Establish your contact’s desire first. Ask them…What is it you’re looking for?” And, “WHY do you need it?”

This second question is the more important question (WHY). Expect answers like, “To see if we’re secure,” or “To show our clients we are secure.” You see the problem here?

First, you know that there is no such thing as being “secure”. Second, the assessment is only going to reveal problems this company didn’t know existed. So the idea of certifying your buyer’s infrastructure is a fallacy.

It’s time to reframe (EDUCATE)!!!

Find out where this request is coming from and what’s been done in the past.

ASK THEM:

  • Is this request coming down from the CIO? The Board? The President?
  • Is there a compliance requirement here, or is this just about internal data security?
  • What are the stake holders looking for in terms of a deliverable? Have you done this before? (Getting a past deliverable can be invaluable).
  • Who else are you considering for this project (This is a key question most are afraid to ask)?
  • And be sure to ask about their selection criteria!

Avoiding the Price Game – And The Steve Jobs Wanna-Be

Chances are your IT contact doesn’t really know what’s going on. He needs an assessment or pen test, and probably doesn’t know the difference. At this point he’s looking to you for a comparison quote.  The last thing you want to do is give him what he’s asking for.

Your IT contact is just a cog in the larger wheel of technology bureaucracy. (Note, if your contact is actually part of a security team, the approach will be different.

I’m specifically talking about IT here – and I started my career in IT, working for two different F500 companies. I’ve seen this from the other side. Don’t over estimate what IT knows about security.

If you simply respond to a bid, or scope out what IT is requesting, the buyer will have nothing to match your price against (in terms of value) other than your competition’s bids and his budget.

Comparison’s against anything other than established need and value are meaningless, and simply lead to price wars.

In every competitive deal there’s at least one guy working out of his garage, offering low-ball prices (and they’re not Steve Jobs or Steve Wozniak). You don’t want the truck-slammers of the world to be the yardstick by which buyers vet your price.

Reframing Your Prospect’s Thinkingimpact-v-likeihood

Here’s what happened the last time I worked on a competitive assessment deal…

I was hired by a reseller to work closely with their sales team as a coach/advisor…

(Years ago I had built and led the Security Team for a large global integrator, where we primarily led with assessments – so this call was not new territory).

As expected, our new prospect was looking for an assessment – in his words, a vulnerability assessment. After going through the steps outlined above, we began our reframing process.

First, we asked him, “Do you know what your board is asking your CIO for?” His answer was predictably vague. How would he know?

Next, my client (the reseller) drew the Impact vs. Likelihood Graph on the whiteboard (Page 194 in my book, The House & The Cloud).  He began to review the five things board members demand:

  1. What are our most important data assets, and where are they?
  2. What are the odds we’ll suffer some major intrusion or outage?
  3. What our estimated impact?
  4. How are we working to minimize this risk?
  5. Are we getting better or worse over time? How are we managing to it?

Get the House & Cloud Book for $1.00 – Limited Time Offer

Time To Bring Out The One Thing That Sets You Apart From the 13…

Without calling out our competition (never a good thing to do), we began to describe what most vulnerability assessments look like, how they’re approached (something for a future article), and why they aren’t going to satisfy the board’s request.

At that point, my client (the reseller I had been working on the House & Cloud Concepts with) pulled out a sample deliverable (with no intention of leaving it with the prospect) and began to go through the type of deliverable that would make an IT Director a hero…

Deal closed…Well, There’s more to it, but this is just Part I of a predictable assessment sales process designed to front-end big profits and future business.

© David Stelzl, 2017

 

canstockphoto6246530

Your Risk Assessment Is The Fastest Way to Drive New Business, But Only if You Follow This Formula…

On one hand, risk assessments are a great way to start an engagement, or close a sale. On the other hand, they offer great value. Should you give all your value and insight away???

It’s a hard question that demands an answer!

The Point of Assessing Risk Is…

Several weeks ago I wrote an article defining the assessment (if you’ve not read it, I recommend going back to better understand the truth behind assessing risk and growing your business).

The bottom line is, Assessments are like health checkups. If the patient has URGENT issues, yet chooses to NOT take action, the doctor’s efforts are wasted.  Even more, if most of that doctor’s patients never enter treatment (and are dying), he has failed.

(More on the Assessment Sales Process – Pg. 194, The House & The Cloud)

If there are urgent issues, action is required.

And it’s your job to sell the customer on taking action – not for money, but for the livelihood of that customer’s business. With remediation in mind, your risk report is a marketing document. You goal is to sell your customer on doing something!

Amateurs Focus On Front-End Selling

When I hear, “We don’t give away the assessment”, I think to myself, “Amateur Thinking”. Front-end, is a funnelology term – It is the process of capturing a lead and ascending that lead up your value ladder.

The sales process starts with a lead magnet (some freemium offering) to attract qualified prospects (Think: Opt-in). You provide value and your buyer wants more. So they ascend over hurdles of indecision to the point of becoming a buyer.

Some prospects will drop out immediately, grabbing the free stuff and moving on (grab and dash). It’s okay…I’ll explain in a minute. Others will buy your initial offer, or perhaps engage with you in basic managed services (New Customers).

A select few will become hyper-buyers…your best customers. Hyper-buyers buy whatever you recommend because they see your value and trust you to advise them.

The front-end has to be easy (think, free or close to it). You might offer a white paper (which I seriously don’t recommend). Better choices include, special reports, quizzes, assessments, lunch & learns, etc. 

Some front-end options convert quickly. Others, not so much. Signing up for your mailing list or free e-zine doesn’t make much sense these days. No one is choosing to get more spam email.

All great front-ends cost money.  The idea is to spend your money with ROI in mind. The company that can spend more upfront (marketing), and still measure a strong return on the back end, wins.

Did you catch that? You’re not trying to minimize the front-end cost (or your marketing budget). You’re trying to maximize conversion and ascension.  If your backend works, you can spend more upfront, beating your competition.

The assessment may be costly, but done right, it can have an extremely high ROI on the backend.

Qualified Prospects Only

Conversion (like getting people to a lunch & learn) is one thing, converting from free to fee is another. You don’t want to invite people for a free iPad…you’ll end up with a bunch of IT folks that want free gadgets (these are not buyers).

If you want qualified prospects, you won’t give your free assessment to just anyone. And that means you won’t advertise it on your webpage. Freemium means high-value and special, and should be guarded.

To qualify, you want to have a freemium offer, like an assessment, and have a clear avatar of your target prospect.

Let’s say its the SMB business owner with 25 to 250 users. Inviting that person to a lunch & learn is a qualifying step that gives you the opportunity to actually meet face to face. It’s costly, but if your conversion is high, you won’t care.

Then converting them (given the right message in your lunch & learn meeting) is easy…We’re converting over 90% right now with a security message designed to instill urgency. It leads to an assessment – we offer this analysis right there in the meeting. But our description is vague…on purpose. You see, we have one more step; it’s a phone call.

On our initial call we have the opportunity to ask them about their business and their role. If they turn out to be someone other than a qualified buyer, we make the assessment a simple over-the-phone questionnaire. If that person is a business owner, in charge of a possible qualified company, we move forward.

Our assessment engagement involves that decision maker all the way through to the deliverable. If our key contact (asset owner, I call them) drops out at any point in time, we stop the process.

Our conversions to business range from 60% to 80%, and our sales cycles averages a couple weeks to a couple of months. (But not 6 to 9 months). These contracts range from $1000 to $5000/month, with a 5 year expected lifetime value. So how much can I spend on customer acquisition (in this case a lunch & learn and assessment)? Do the math, it’s a big number.

Selling The Free One Isn’t Always Easy

But there’s still one more hurdle. Selling free assessments has it’s challenges. Free sometimes means no value. And getting that initial meeting may also prove to be a challenge.

The 60% to 80% close rate is attractive, so I know I want to sell the risk assessment. I am willing to give it away, because my ascension process works predictably well, and the ROI is there. I can afford it and the return is evident.

However, the assessment can’t be the first step in my sales process (or funnel).

Most of my clients sell assessments by using something upfront to attract clients. eBooks, followed by webinars, with an offer to assess, can work. Live lunch & learns, using a hard copy letter invitation work extremely well. And any excuse to get a meeting (such as referrals, product or quotation requests, etc.) can be turned into an assessment.

In my book, The House & the Cloud, I explain how to transition just about any meeting into an assessment (chapter 13), and then later in the book (Pg. 194 – 200) I explain how to move  through the assessment in a way that engages asset owners, and leads to a sale.

The most important thing in this whole process is to track your conversion metrics. Make sure you are at least breaking even. Once you break even, start tweaking your funnel to modify and grow your ascension process.

As you perfect your conversion metrics you will be creating a long term, predictable profit machine.

©2017, David Stelzl

Get more insights on this process in my book, The House & The Cloud..limited time offer $1.00! / Free Shipping in the US.