How to Think in Terms of Enabling Business to Engage CISOs | Brent Deterding
Â
You may not have to articulate that, but ask yourself, "What is the business case? Why would a CISO spend any amount of money with me?"
How do you speak in terms that resonate with CISOs?
What are their goals and challenges?
Have you considered the constraints new CISOs have to undergo in their new roles?
When engaging a CISO, have you thought about the tech they have to adopt before pitching to them?
In this episode, I had a brutally honest conversation with Brent Deterding, newly appointed CISO of Afni, Inc., about what motivates him, what his challenges are, what vendors do that piss him off, and the alternatives.
Episode Highlights
- As a CISO (or any employee for that matter) who is moving organizations, it is critical to find the right culture fit that will let you thrive.
- Establishing and solidifying a personal brand has led to significant alignment in the organization.
- Moving from a customer-facing position on the vendor side to a CISO role has helped Brent communicate at different levels of the organization.
- A really good way to become literate in the cybersecurity industry is to work for a security vendor and get exposure to hundreds of organizations a year, which helps you form a lot of opinions.
- Vendors should think in terms of business terms; Brent urges vendors to make the business case for him, which forces a vendor to think and communicate in terms that he likes.
- Brent’s bleeding neck challenge: as a new CISO, he doesn’t get to do things he would necessarily like to do and has adopted a lot of technology he would not have chosen in the first place.
- Bonus challenge: landing on websites that have no idea what the hell they are talking about, even if they’re pretty.
- Brent’s goal: enable the business and catch the bad guy early.
- As a CISO, being able to support the sales process and the team makes the sales cycle dramatically easier and reduces friction on current client contracts.
- When researching a security product, Brent turns on his bullshit detector and checks for conversational red flags, then checks to see if a vendor aligns with his general philosophies. He also relies on CISO communities for last-minute information and occasionally checks up with Gartner analysts.
- What are conversational red flags? Ridiculous statements; if you cannot back up what you did; if you cannot define terms of use; antiquated technology; antiquated ideas
- In cybersecurity, credibility indicates that someone can be trusted and that they're not going to waste a practitioner’s time.
- One of Brent’s rules for new vendors is to be prepared to discuss list pricing on the first call.
- If Brent has to fill out a big spreadsheet of something, he is not buying you. Period.
- The thing that always makes clients love you is when you save their bacon.
- What moves the needle for Brent is being authentic, transparent, and speaking his language.
- He always appreciates and likes when a prospect brings something up that is a weaker area of his offering.
Â
Subscribe to Audience 1st
Get notified every time an episode drops to better understand your audience and turn them into loyal customers.