Book a Chemistry Call

Are You Ghosting Your Customers After They Buy? | Chris Elliot

It is inherent to have successful engagement pre and post-sale, but...

Many ghost their customers or pop up every quarter for renewals or expansions.

And the consequences of those actions are heavy.

In this episode, I had a brutally honest conversation with Chris Elliot, Director of Corporate Security and Security Operations at SoFi, about his challenges, goals, what vendors do that piss him off, and the alternatives.

Chris previously worked in cybersecurity at the Walt Disney Company and before that, spent 23 years in the U.S. Army as a communication specialist, working on a variety of assignments from special operations to NATO, to the NSA.

He got into security while he was in the Army.

Guest at a Glance

💡 Name: Chris Elliot

💡 What he does: Chris is currently the Director of Corporate Security and Security Operations at SoFi, a Fintech company based in San Francisco, California. (No, he doesn’t work at SoFi Stadium.)

💡 Noteworthy: Chris previously worked in cybersecurity at the Walt Disney Company and before that, spent 23 years in the U.S. Army as a communication specialist, working on a variety of assignments from special operations to NATO, to the NSA. He got into security while he was in the Army.

💡 Where to find Chris: LinkedIn

Episode Highlights

  • Chris’ one bleeding neck challenge: His people.

    “I can have the most expensive and best security tool in the world, but at the end of the day, if you can call my help desk and socially phish my help desk to give you their credentials, there's no tooling that's going to fix that. So it's constantly speaking to our folks, educating them, coaching them through situations, advising them, and basically watching out for our people."

  • Chris’ goal: To make networks more secure and find threats faster than yesterday to be more proactive in their security posture.

    “It's building new detects; It's finding out how to be more proactive in our security posture; How to look at intel and anticipate what's coming in; And definitely, how can we better our own tools to reduce alert fatigue, reduce noise, and get to the crux of the problem?”

  • Triggers before beginning to evaluate a security tool:

    • Chris logged into his alert console and saw roughly 300 alerts sitting there unreviewed.

    • He took the time to look at what his team had reviewed that day. (And this is about mid-lunch time.) They had gone through 600.

    • He started clicking down in the alerts and realized there was a ton of false positives, a ton of BAU- (business as usual) type of alerts.

    • Then he had to think about, how do they sort through all this to find that one nugget of information?

    • He went back and looked through their postmortem logs and it turned out they had a large number of incidents that their alerts had detected far earlier than they detected because all the alerts were being lost in the noise. They weren't getting to the crux of it.

    • He came up with what he said he was comfortable with: 80% ratio, 20% noise.

      “‘Cause, you're never going to get a hundred percent. If you get something creating no noise, you probably didn't create the right alert. So, 80/20 ratios is what I really came to for alert fatigue. And when I started talking to the team about altert fatigue, they realized, yeah, this is a problem. They had a feeling that all alerts are good alerts and that's not true.”

    • If you can see it three times in a row, then you should automate it.

    • He asked himself, “how do we automate that? Pick up that alert?

      “And if you have the same alert firing three more times, you probably the same response three more times, so now you should automate that response, you know, and get down to it where you're you're, you're applying human effort on problems that only humans can solve."

    • Anything that's cyclidic or repeatable should be automated.

  • When beginning to research security products, Chris asks himself:

    • How does it apply to my business?

    • Does it have integrations?

    • Can I bring the tool into my environment?

    • Is the tool adaptable to my environment?

      “I need to choose any ticketing system. I need to choose any EDR platform. I need to choose any threat intel feed. I need it to plug in. So, I need it to be adaptable. I'm looking at adaptability. And then to be dead honest, at this point, I'm also looking at how long have you been in the market?

    • If the tool has only been in the market for a month or two, are they sustainable?

    • Do they have an actual support plan?

    • Are they able to assist me?

    • Do they have a ticketing issue?

  • He will check for “street cred” - he will talk to his peers and ask:

    • Have you heard of tool X?
    • Have you used tool X?
    • What do you think about tool X?
  • He will talk to customers. If what customers say is not aligned with what the vendor says, he will not continue in the evaluation process.

  • Where Chris spends most of his time: Looking through Twitter and reading articles and blogs.

    “I have a pretty good threat Intel feed I built personally for me to look through and looking through products that are being used. I'm looking through vendors that are producing intel for me. Sometimes I'm looking at where people in companies are moving from.”

  • The worst thing Chris has experienced from a vendor: ‘Backdoor’ sales tactics.

  • The alternative: Buy through authentic, non-transactional relationships

    “It's a relationship. You're supplying a tool that fixes a problem for me. And this relationship will only work if the tool works for me and I continue to need the tool. Some of my worst relationship with vendors have been, they sold me a tool and don't call me back until the end of each quarter, when they want to sell me more of their tool, not asking me how are you doing? What's going on with our tool? But, do you want more?"

  • What Chris likes that vendors do: Roll up their sleeves and work with him on solving a problem

    “I literally had an issue with coding. They got me a hold of the CTO. He was at the airport and he literally fixed our code while waiting for a plane. That's great. That's dedication. I would never expect that from any company, but that showed me, they cared about me.”

What Chris hates most about the cybersecurity industry: The vendor relationships are toxic. The cold calls and the random, persistent emails that he gets even when he says he is not interested.

The best way to approach Chris is: Have a burger or a beer with a casual first conversation.

"Some of the best engagement I have with vendors is having a burger or a taco somewhere; having a beer somewhere and just saying, “Hey, what's going on? What's going in your space and then proceeding to talk about whatever else comes up.”

Subscribe to Audience 1st

Get notified every time an episode drops to better understand your audience and turn them into loyal customers.