From Salesperson → Business Value Analyst: How to Help CISOs | Dmitriy Sokolovskiy
Dmitriy’s tenure as a CISO for the last four years has been a drastic transformation in the way he thinks about cybersecurity, specifically risk management, in general, and, more importantly, how that ties into the whole business flow of a company; not a technical entity, but a business in a company.
Words like:
- Business value
- Return on investment
- Long-term planning
…have a very different meaning to executives and the boards than what CISOs (techies) think.
How does a CISO present to their board without killing them with numbers?
And why are CISOs not getting help from the sales side - the people seemingly more attuned to business acumen than them?
In this episode of Audience 1st, I have a brutally honest conversation with Dmitriy Sokolovskiy, CISO of Avid, a Software Development company, about his challenges, how to build relationship capital, and tangible ways to help CISOs do their job better.
Episode Insights:
Dmitriy’s bleeding neck challenge:
How do I present to my board without killing them with numbers?
Dmitriy has been a CISO for almost four years now.
"What do I need help with? What a lot of other people like me coming up into the security field and are already those at the top, many of them too, we need help with that translation."
How do I present to my board without killing them with numbers?
- How do I present to my board without giving them a piece of technical data?
- What does my board care about?
- What do my executives care about?
- What does my CEO, CFO CMO? What do they worry about now?
"I could go back to them, but now that's my time. That's my CEO and everyone else's time. That's super expensive."
Why aren’t CISOs getting the help from the sales side?
Dmitriy’s tenure as a CISO for the last four years has been a drastic transformation in the way he thinks about cybersecurity, specifically risk management, in general, and more importantly, how that ties into the whole business flow of a company; not a technical entity, but a business in a company.
Words like:
- Business value
- Return on investment
- Long term planning
…have a very different meaning to executives and the boards than what CISOs (techies) think.
"As I'm starting to realize this, why am I not getting the help from the sales side?
People seemingly more attuned or should be more attuned to business things than me.
How come I'm not getting that help from them?
Why am I asking? Why am I demanding? Why is it on me?"
How you can help a CISO with this challenge:
Provide them with insights so they can translate their business better to their direct audience.
"You could interview a hundred CEOs. These are the things they, on average, like to see in this order with this amount of detail. We have the same information from the CFO, CMOs, from the board of directors that have technical background, inancial background, etc.
In fact, Mr. CISO, who I'd like to get in front of, I've looked at your board and I evaluated your board members and their histories. And I can, with some degree of certainty, tell you what they would be interested in versus what they wouldn't and give you some examples of how to present to them better.
You will have me at that seminar every day of the week.
And now that's it. Jane, for the rest of my life, is going be the person I trust no matter where Jane goes. So, if Jane says, ‘Hey, listen, I'’d like to show you something…’ I would not even question it. It might solve a prpblem we have a problem. It's a win-win."
It doesn't matter if you go to your competitor in a year or two, they are still in your pipeline.
Most products terminate you as a customer for a prolonged period of time.
The better the product, the longer you are not a customer anymore.
It's like a good pair of shoes. It’s going to last you for five, six years. So, you are terminating that person as a customer.
"If I got an IAM solution of some kind, I don't need an IM solution anymore. That's it. I don't need that salesperson.
But if it wasn't simply a sale, if it was an attempt, maybe even a successful one to help with a problem and bringing value as part of that problem, you didn't lose a customer until the contract expires, you have a continuous partner."
At a minimum:
- You're getting a person you can always put in front of someone else you're trying to pitch to.
- You're gonna get feedback.
- You're gonna get potential expansion opportunities.
One of you can leave one way or the other and you're still maintaining that connection.
You carry your pipeline.
You become a better salesperson that is more valuable because you bring your pipeline with you.
Even though you're not breaking any laws or like stealing customers, you are just maintaining it.
It’s what you're dragging around with you.
Potential Annual Recurring Revenue vs. Annual Recurring Revenue
How many previous customers would identify you as a trusted vendor to whom you can bring any new product and say, ‘Hey, listen, we worked with you in the past. You know, me, I think this could be valuable to you.’?
It's like NPS, but for sales.
Let’s flip it to the marketing side, into the research side, into the feedback side.
As a marketer, that potential annual recurring revenue is gold.
I have right now in my back pocket a repository of insights on Audience 1st. Awesome. Cool.
What I have in my back pocket is unlimited resources and insights in my future for marketing and sales purposes.
- Hey, can I ping this idea?
- Can I throw this campaign idea at you?
- Can I show you my new website?
- Hey, can I show you my booth?
- Can you come to my booth?
- Can you come to speak at my conference?
Who doesn't want that in their back pocket?
That's why I urge marketers to build those authentic relationships.
You are not a salesperson. You are a business value analyst.
You're helping CISOs figure out the best place to bring value to the business.
Not just their area of expertise, but their overall business.
A business value analyst needs to understand what's happening, but at any point not take the answer as the only answer.
They need to be able to ask ‘why’ frequently and to probe with questions to diagnose the situation.
A good business value analyst:
- Looks at business processes and identifies missing pieces.
A great business value analyst:
- Looks at business processes, identifies missing pieces, and takes a step back to mix up processes to see what else sticks.
‘Something else is stuck over here. Oh, let's pull that out. Okay. We've got two business processes that were connected. Did you know they were connected? Oh, well, man, that's not very clear.’
- Doesn’t have tunnel vision
They see the whole picture and know when the rabbit hole should be left alone.
"That's also important because you, as a business value analyst, should not waste time. When are we 80/20 and able to measure that? At least pull me back. ‘Hey wait. Okay. I think we've done enough here. There's plenty of places here. We can create value. And as we getting lower and deeper, we create small and small chunks of value.’
You’ve got to be my therapist coming in and talk me through this, pull that stuff out of my brain."
How do you propose that the business value analyst get that initial conversation with executives?
Lead in by teaching them something new that is going to be of value to them.
What is it that they suck at? What do they need help with?
In most cases, it's not you explaining to them how firewall A is better than firewall B.
If you're trying to teach them that in your sales call, you are not in the same place as your buyer.
"If you are coming in with, ‘Hey, listen, I can teach you how to educate your team on presenting better.’
Wow. I'd like to learn that even if that's not at all what you do."
Now you've built a connection with them.
They now trust you to bring value to them.
"‘What else do you do?’
Even if I don't know for sure, I'm going find out.
Whatever it is you're doing gets a stamp of approval from my trust engine without any kind of participation with that thing you're doing."
Vendors exist to solve a problem, help us solve the damn problem.
Help them do that without the noise.
Help them do that ethically.
Help them do that quickly.
Cut out the crap.
Just get stuff done.
And if it's not a match, it's not a match.
Move on.
There are plenty of them. And plenty of us.
"As long if we can do this in a organized manner then it's gonna be success for years to come."
TL;DR - Advice on how to talk to CISOs and give them value:
- Listen to them first and then don't tell them anything.
- Come back to them with what you’ve heard and with some research on what they’ve discussed.
- Ask them what’s keeping them up at night or what their biggest issues are.
- Be honest about what you can and cannot help them with in order to not waste their time.
Subscribe to Audience 1st
Get notified every time an episode drops to better understand your audience and turn them into loyal customers.