Become an AmbassadorContact usMarketplaceLogin
Close
Become an AmbassadorContact usLogin

Real-Life Advice from CISOs - Rules for Vendors

  • UserVal Tsanev
  • October 14, 2024
  • 5 min read
  • Facebook Icon
  • Twitter Icon
  • LinkedIn Icon
  • Copied!Copy Link Icon

You’ve heard the usual advice for winning over CISOs: offer cutting-edge solutions, build trust, and respect budget constraints.

But here’s the question—what do CISOs really want from vendors? What are the practical insights that go beyond the typical sales playbook?

To find out, we have gathered real-world advice from CISOs themselves.

These seasoned security leaders reveal what makes them cringe, what they value, and what it takes to build a meaningful vendor relationship.

If you want to stand out from the crowd, this is the insider perspective you’ve been waiting for.

Terry Grogan, VP and CISO at Health Tower, says:

Terry Grogan, VP and CISO at Health Tower

“I absolutely need a vendor who is a partner; there’s almost no exception to that need,” says Grogan, now CISO for Pixel Health. “You used to be able to buy something, like an antivirus, have them install it, and leave. Now security is so complex, touches so much, and overlays all of the infrastructure. It changes so quickly that you need a vendor who is an advisor.”

Now what does this mean?

Gone are the days when a vendor could simply sell a product and walk away—cybersecurity now touches every part of an organization's infrastructure and evolves too quickly so having a hands-on approach is essential.

Here’s what you can do:

  • Offer continuous support during as well as after the implementation of the solution.
  • Offer advice and insights on emerging threats, best practices, and optimization of your product.
  • Keep your solutions up to date.

Kevin Morrison, VP and CISO at Unum, says:

Kevin Morrison, VP and CISO at Unum

“Introduce yourself to us in person if even in a quick passing moment to say hi and give your 30-second elevator pitch. That will give us an opportunity to quickly determine if what you're selling may be something that fits in our roadmap, as well as allow you to provide your business card and allow us to then research the solution or service later if desired.”

Morrison stresses the value of in-person introductions. A quick hello, along with a short, clear 30-second pitch, can help you stand out from the numerous pitches that CISOs receive regularly.

This personal touch gives you a chance to make a real connection and share what your solution is about.

Here’s what you can do:

  • Prepare a 30-second elevator pitch that highlights how your solution can meet their needs.
  • If possible, reference how your solution solves a specific challenge relevant to their business or industry.
  • Always have business cards on hand for quick introductions. Make sure your contact information is up-to-date and easy to read.
  • If appropriate, send a polite follow-up message to stay on their radar without being too aggressive.

Chas Heng, owner of Burn Libbie Mill Midtown, says:

Chas Heng owner of Burn Libbie Mill Midtown

“I want them to be strategic thought partners. That’s the No. 1 thing I want help with, whether they’re a software vendor or they’re providing support services. I want them to bring in external perspectives so they can help us evolve our program.”

Similar to Gorgan, Heng also emphasizes the vendor's involvement beyond just providing the solution.

Heng stresses the importance of vendors being strategic partners, not just service providers.

This means contributing more than just a product; vendors should actively engage in the organization’s long-term security goals and help shape its strategy.

Here’s what you can do:

  • Instead of just offering a quick fix, discuss how your solution can support the company’s future security needs.
  • Don’t wait to be asked—suggest ways to enhance the client’s cybersecurity approach based on industry trends and your own expertise.
  • Help the client think outside the box by offering creative solutions or new ways to improve their existing programs.

Gary Hayslip, CISO at SoftBank Investment Advisers, says:

Gary Hayslip CISO at SoftBank Investment Advisers

“Don't tell me your solution provides 100% of " — This is a major pet peeve for me, don't make sweeping statements like this because we all know there are no silver bullets. When we hear vendors say they do 100% of something, such as "We use blockchain to catch 100% of the vulnerabilities," — many of us with cybersecurity experience cringe and view these vendors negatively.”

Phrases like “We can catch 100% of vulnerabilities” come across as unrealistic and even misleading to seasoned security professionals.

Cybersecurity is a constantly evolving field, and the only thing guaranteed is that the threats won’t remain the same, meaning security is an ongoing process and not a one-time thing.

Making such claims damages your credibility with CISOs who know better.

Here’s what you can do:

  • No solution can be perfect, and that’s okay. Just be honest about your solution's limitations.
  • Instead of claiming 100% effectiveness, talk about how your product can help reduce risk.
  • Instead of making such promises offer case studies and data that demonstrate how your solution has helped clients reduce risk or improve security.

Thomas Cary, Cybersecurity leader at Valet Living, says:

Thomas Cary, Cybersecurity leader at Valet

“Vendors have to take the time to get to know the organization and do their homework so they can create a solution that’s tailored to meet the organization’s needs, That’s what can really distinguish the vendor.”

Vendors who take the time to research and customize their solutions stand out to CISOs.

It's not enough to sell a one-size-fits-all product—what distinguishes a good vendor is their ability to provide tailored solutions that align with the client’s unique challenges and goals.

Here’s what you can do:

  • Before making contact, take the time to study the client’s business model, industry, and security needs.
  • During meetings, ask thoughtful and right questions.
  • Demonstrate how your solution will integrate seamlessly with their existing infrastructure.

Gunter Ollman, Board Adbisor at Voltron Data, says:

Gunter Ollman Board Adbisor at Voltron Data

“Don’t hide your technical approach behind buzzwords and mumbo jumbo. Clearly define and (ideally) illustrate how your technology and approach work. Using simple real-world scenarios and stepping through the cycle of discovery/labeling/responding/reporting/etc. that can be distilled within 30 seconds.”

Gunter Ollmann offers vendors straightforward advice: ditch the buzzwords and explain your solution in clear, accessible terms.

Rather than relying on vague terminology, Ollmann recommends that vendors clearly outline their technical approach using simple, real-world scenarios.

By doing so, you can quickly convey how your technology works in a way that CISOs can easily understand and assess.

Here’s what you can do:

  • Practice summarizing your solution in a short, concise pitch that hits the main points without overwhelming details.
  • Highlight the discovery, labeling, and response phases of your process to show how your solution effectively manages cybersecurity threats.
  • Use specific scenarios that illustrate how your solution operates in a practical setting, making it relatable.

Vendors who truly understand what CISOs want, have an advantage. By embracing authenticity, offering strategic insights, and building genuine partnerships, you’ll be much more than just another vendor—you’ll become a valued ally.

Ready to take the next step? Execweb’s CISO Executive Network, consisting of Fortune 500 CISOs, is perfect for vendors looking to connect directly with CISOs.

Execweb connects you with these CISOs so that you can sell your services or get feedback on your custom services and products. Simply visit our website and sign up to get in touch with CISOs.

  • Facebook Icon
  • Twitter Icon
  • LinkedIn Icon
  • Copied!Copy Link Icon
  • 0 views
  • 0 comments

Recent Posts

See All
featured image thumbnail for post Benefits of Joining the CISO Executive Network

Benefits of Joining the CISO Executive Network

featured image thumbnail for post Execweb Marketplace: A Platform for Vendors and CISOs to Connect

Execweb Marketplace: A Platform for Vendors and CISOs to Connect

featured image thumbnail for post Cybersecurity in Banking: Threats and Challenges

Cybersecurity in Banking: Threats and Challenges

Comment

Cancel