Chief information security officers, aka CISOs, are an important and stressed out bunch. It’s their job to make sure the constant attacks on large enterprises don’t make them the next Equifax.
Security vendors want to win them over, but a lot of time they’re just adding to the frustration.
Here are five ways security vendors drive CISOs crazy:
1. Acting like you’re the only solution they need
Security vendors need to fit into a range of products in the enterprise. So help the CISO see where yours fits in.
2. Fear tactics
This can work in the consumer space but CISOs deal with existential threats every day. Your mind tricks don’t work on them. Pitch your product as part of an overall security process not a fix for a problem.
3. Asking for 15 minutes of their time, 15 times
First of all, a lot of people want 15 minutes of a CISO’s time. It’s not as small of an ask as it might sound. And if they don’t respond it’s probably an indication they don’t have 15 minutes. A better tactic might be to take that 15 minutes and learn about the CISO and their company and impress them with how much you know about their needs. That might even get you 30 minutes.
4. Not communicating with the right people
CISOs will weigh in on decisions, sure, but they may not be the right person to approach first. A lot of times, directors will be doing the research and eventually using the product. It may be their recommendation a vendor wants.
5. Asking for testimonials or referrals
It can happen but it’s a serious request. CISOs want to guard the details about their relationships and setups and that needs to be respected.
Hey vendors, we know most of you aren’t annoying and hopefully this list helps reduce the frustration for everybody. And big thanks for the inspiration for this list from David Spark at Spark Minute who’s done a whole series on the topic.
- How to achieve better security with third-party vendors (TechRepublic)
- 4 tips for improving your company’s vendor relationships (TechRepublic)
- How LinkedIn’s CISO built a security team with diverse skills to tackle growing threats (TechRepublic)
- Vendor selection: What needs to be in a good policy (ZDNet)
- Security vendors need to stop doing more harm than good (ZDNet)