We Need a Divorce from Vendors

In Leadership by Endre Walls

There’s no other way to say it: We need a divorce from vendors.

I’ve been in this industry for 25 years, and I’ve dealt with vendors the entire time. But over the past three or four years, some of the sales techniques that various vendors are using – like floods of cold calls — have gotten out of control.

And it’s not just the nuisance factor. These problematic practices are hurting our industry because companies that offer innovative services and products aren’t getting a hearing because of ineffective sales techniques.

As a technologist, when I need something, I research it. I don’t want to hear any sales pitches. I want to do my own research and find out what your company is telling the world about its product or service. Most executives in the same space do the same thing. We will Google. We look for the companies that stand out.

If your company has won a peer-reviewed award, then I’m interested in exploring. But there aren’t many peer-reviewed awards like the CISO Choice Awards. And saying you’re No. 1 in the market isn’t a marker for every technologist, either. Sometimes it puts you at risk because No. 1 tends to get attacked the most. Sometimes we want to use the fast follower, or the more nimble company that can cater to our needs.

Salespeople have to understand that technologists are businesspeople. We’re not dazzled by the coolest widget. Sales organizations have to change their culture so they can support the industry more, and not just sell something.

So here’s a list of do’s and don’ts that I hope vendors will take to heart:

  1. DON’T call me multiple times. We’re not formally dating and you’re my jealous ex-girlfriend calling me 20 times in a row. Call and leave me a message. Maybe I’ll get back to you and maybe I won’t. Take the time to leave me a message telling me what your company does. If I don’t call back, don’t harass me. I haven’t called back because I don’t need you. 

    And for the record – I’ve never bought anything from a cold call, not once in my career.
  2. DON’T follow up an email with a phone call. I get 15 to 25 calls a day from vendors asking for “just” 15 minutes of my time. I don’t have 15 minutes to give to a random company just to hear them out. And don’t make assumptions about what I need. When I need something, like most companies do, we establish an RFP.

  3. DON’T insult me after the fact by saying, “Maybe there’s someone else I should speak to.’ My favorite is, “Maybe cybersecurity isn’t important to your company right now.” Really? Isn’t that what I do for a living? You’re telling me I’m not interested because I didn’t give you the time of day? Perhaps no affront was intended, but that’s how it comes across.

  4. DO establish relationships further down the chain. I don’t know why salespeople think the right person to call is the CISO, or the CIO, or the COO, or the CTO. We have even less time. And we’re not close enough to the details to care. You want to talk to the managers and engineers inside our team who have been assigned to figure out what platforms our organizations want to work with. They know these details. We don’t at the C level. Reach lower and develop relationships inside the company.

    When companies cold call to the C level, that automatically signals that they want to take the path of least resistance and don’t want to develop a relationship with my company. Because if I bring something in that my teams aren’t happy with, I get poor adoption, I end up wasting money, and everybody’s unhappy. The standard for technology teams now is adoption. Poor adoption creates a bad security environment. You don’t get high adoption by calling on the C level first.

  5. DO be willing to provide proof of value. In a marketplace with a lot of competition, if you don’t have the confidence to do a proof of value, then you write yourself off. Proof of concept is not enough. Be ready to leave something in my environment to play with for 30 or 60 days. I understand that can be a sales killer when you measure results quarterly. But you’re more likely to close a deal when you prove value, and you’re also likely to close a longer-term contract. When I know the product we looked at provided absolute value to my organization, I’m willing to give you a three- or five-year contract. I may be willing to take a flyer on something niche that doesn’t come with proof of value, but I’m not going to invest for longer than 12 months if I don’t know for a fact that it will benefit my company. Technology solutions cost too much these days.

  6. DO craft an informative website. I’d rather read than hear. Your website should give me all the information I need. It should offer a very clear picture of your value proposition and give me a level of confidence that if I engage with you, my team and I will be able to understand the value of your product.

The information should be presented in a clear and concise manner. I don’t want marketing jargon. I want to understand technical specs. I want to get a picture of how the licensing works – not necessarily cost, because you might tailor that, but I want to understand how you license the product so I know what my investment needs to look like.

In my last shop, we had a couple of products that we’d had for a while, and we rarely ventured out because competitors come at us wrong. It makes it difficult to conceptualize even making a change.

Yet while these wrongheaded sales approaches are an ineffective time drain on cybersecurity executives, that is not the key problem. What’s most detrimental about the current sales methodology is that it makes it hard for new entrants to get the traction that they need, and that makes the industry stale.

There are a lot of really great products out there. But when companies don’t market well and don’t sell well, that hurts the industry because like with anything, diversity encourages progress. When small players are doing ineffective things like cold calling, it lessens their probability for success and gives the big guys more traction. And then you end up with myopic suites of products that don’t offer any real innovation to the industry.

For the industry to move forward, new blood needs to be infused, but new blood needs to know how to complete a sales cycle to replace some of the vendors. Hopefully some sales people will read this and take note.


(Originally posted on Security Current)