Get the Newsletter

Challenging the Hype Cycle: Balancing Fundamentals and Innovation in Cybersecurity Marketing and Sales | Evgeniy Kharam

Interested in sponsoring an episode like this with your target buyer?

→ Reserve your sponsorship here. ($2,575)

There's a constant drive in the cybersecurity field to not just sell, but to sell in a way that's attractive or groundbreaking—almost as if companies are compelled to constantly outdo each other in originality to meet their audience's inflated expectations.

Evgeniy laments that the industry's focus has strayed too far from fundamental tasks towards more creative, attention-grabbing ones. 

The importance of basics needs to be reaffirmed as an antidote to the intoxicating and potentially misleading influence of hype.

Evgeniy indicates that practitioners can adopt a more systematic approach to their decision-making processes to avoid succumbing to industry hype. 

Brutally honest insights from Evgeniy Kharam, Cybersecurity Zero Trust Architect and a Founder of Security Architecture Podcast.

In this episode, Dani Woolf had a conversation with Evgeniy about his challenges, goals, what vendors do that piss him off, and the alternatives.

Guest at a Glance

💡 Name: Evgeniy Kharam

💡 What he does: Evgeniy is currently a Cybersecurity Zero Trust Architect and a Founder of Security Architecture Podcast.

💡 Where to find Evgeniy: LinkedIn 

Almost 20 years in the industry, Evgeniy is a cybersecurity consultant and a solution architect. He helps companies with better solutioning and basically consults on how they can build a better cybersecurity program. He also has two podcasts: Security Architecture and Cyber Inspiration Podcast. He believes that life begins on the edge of the comfort zone. 

“Success depends on your mindset and you need to learn to be comfortable where you're uncomfortable, you can learn a lot even from the journey.”

What is the one thing that Evgeniy hates most about this industry? 

Evgeniy has a strong dislike for one element in the cybersecurity industry: the hype. He sees hype as an overblown excitement about product possibilities and the allure of the buyers, both of which are amplified by social media's curated portrayal of daily life. 

There's a constant drive in this field to not just sell, but to sell in a way that's attractive or groundbreaking—almost as if companies are compelled to constantly outdo each other in originality to meet their audience's inflated expectations.

However, in this race towards constant novelty, Evgeniy believes that the industry often overlooks the essential groundwork. The simple, day-to-day tasks may not be as 'sexy' as the cutting-edge ones, but they form the bedrock of the business. 

Whether it's asset management, procedural tasks, or the onboarding of new people, these basic duties are vital in laying a solid foundation. Despite their unglamorous nature, these tasks cannot be undervalued.

What are some prescriptive steps that practitioners can take to be more methodical and smarter about the decisions they make so that they're not falling into that hype cycle?

He suggests a prescriptive series of steps that underline the importance of needs identification, inter-departmental communication, and strategic vendor selection.

Understanding “the need” 

Firstly, practitioners must truly understand "the need". Before commencing vendor negotiations, teams must grasp what requires fixing and what they seek to achieve. 

Without a clear concept of the underlying need, there's a risk of getting sidetracked during the testing process. This could not only unnecessarily lengthen the procedure but could also result in a shift in focus away from the initial objective.

Create a list of the requirements and the use cases

Next, creating a list of requirements and use cases is crucial. The list should be tailored to address the identified needs and should ideally categorize use cases based on their importance.

The mantra here is not just to create what is desired but to understand and articulate the necessity for a specific service.

Communicate between the departments

Communication between departments is the third step. This involves understanding and discussing the prospective solution with other departments to determine if they might also benefit from it and why. 

Teams should engage with various stakeholders such as endpoint security, cloud teams, solution architecture, or even Enterprise Architects, who have a holistic view of the company's IT landscape and understand the company's broader vision.

Choosing the vendor or a local VAR

Finally, the choice of vendor or a local Value-Added Reseller (VAR) should be based on the previously established need and requirements list. 

The emphasis should be on the "value" that these partners bring, rather than merely a good partnership standing. Industry analysts can be a useful resource in this stage to help identify potential vendors. 

It's important to note that mature companies often employ scoring cards to evaluate vendors based on their compliance with requirements. They may even start with a simple Request for Information (RFI) before progressing to Proof of Concept (POC) for those that meet the criteria.

Following these methodical steps, according to Evgeniy, not only prevents falling into the hype trap but also promotes a more mature approach to decision-making in the industry. 

This process is often helmed by the solution architecture or engineering team, as they need to fully understand everyone's needs.

As a vendor, what can that organization do to help the practitioner not fall into that trap of the hype cycle and also themselves? 

As a vendor, the organization has several roles to play to prevent the practitioner, and themselves, from succumbing to the hype cycle.

Help with the use cases and provide guidance

The journey starts with assisting the customer in defining their use cases and providing guidance when they're uncertain about their needs. The key here is to not just push a product but to ensure that the customer is well-informed and genuinely happy with the product or solution. This focus on customer success can significantly enhance the vendor-client relationship.

Make sure the customer has the budget

Further, as a vendor, understanding the customer's financial capabilities is equally important. Grasping the concept of risk and investment aids in bridging the gap between the vendor's pricing expectations and the customer's budget reality. A misalignment in these aspects can lead to dissatisfaction and potential fallout.. 

Help the customer with a business case

Additionally, vendors can go beyond their technical role by helping customers build a strong business case. Many technical professionals might struggle with this aspect, and mature or enterprise customers often require a well-defined business case before they commit. A vendor can support this process, offering insights on Return on Investment (ROI) and strategies for consolidation.

For instance, a vendor should seek to understand how their tool can connect and interrelate with the customer's existing tools. 

Moreover, they can aid in consolidation by determining what tools or systems could be removed if their solution is implemented. 

By helping to build a compelling business case centered around consolidation and ROI, vendors can foster a more strategic, value-driven relationship with their customers, steering clear of the often misleading hype cycle.

As a solutions architect, what is Evgeniy’s bleeding neck challenge?

As a seasoned Solutions Architect, Evgeniy has navigated his fair share of professional challenges. However, the one that has notably stood out is the difficulty of maintaining objectivity in vendor selection, particularly when personal relationships are involved.

Over his 15-year career, Evgeniy has built numerous relationships within the industry, including friendships with vendors. 

The intersection of these personal relationships and professional responsibilities sometimes creates a 'bleeding neck' challenge - an urgent, significant problem that demands immediate attention.

For Evgeniy, this manifests in the uncomfortable position of having to sometimes reject a friend's product or service in favor of a more suitable alternative for his clients. The expectation from these friends that he will promote their offerings due to their personal bond adds another layer of complexity.

His dedication to his clients extends beyond just the decision-making process; Evgeniy and his team often stay with the client post-implementation to ensure everything functions as it should. 

This commitment and the broader responsibilities that come with being on the customer side are a testament to his unwavering commitment to meeting his clients' needs, even when personal relationships could otherwise sway his judgment.

What does Evgeniy’s process of evaluation look like?

Evgeniy's evaluation process follows a systematic, methodical approach that encompasses both the understanding of needs and the analysis of potential solutions.

  1. The first step involves comprehending what is needed and what the practitioner is looking for
  2. Followed by gathering information and use cases relevant to these needs. 
  3. After this groundwork, the practitioner reaches out to vendors with a Request for Information (RFI), highlighting specific queries and outlining their requirements.
  4. In the fourth and fifth stages, the practitioner dedicates time to understand the solutions on a deeper level. 
  5. This includes attending demos, asking detailed questions, understanding the architecture, security, and overall build of the solution. The aim is to gain insights into who uses the solution and its future trajectory.
  6. Next, the practitioner engages in hands-on testing of the solutions, either independently or with a team. This practical exploration helps solidify their understanding. 
  7. After the testing phase, they compile summaries for each solution, which are then discussed with the customer.
  8. Once these summaries have been reviewed, the practitioner presents their findings and recommendations to the customer.
  9. The process then moves forward with testing the solutions alongside the customer.

But where can those solutions or products be found? 

To source these solutions or products, practitioners have several resources at their disposal. 

The Gartner Magic Quadrant is a popular first stop, providing a good start in identifying at least ten potential solutions. 

Other sources like Forrester also offer valuable insights into existing solutions.

In addition to these, the internet serves as a vast repository of information, with numerous databases providing relevant information about solutions in specific areas. 

While Evgeniy, with his extensive industry experience, is familiar with most solutions across various spaces, he acknowledges that new areas are always emerging. 

For instance, browser security and isolation is a new field, and in such cases, practitioners may need to rely on less conventional sources of information until more established industry resources catch up.

Are there any other market anomalies though that us as marketers, salespeople within the vendor space can learn from right now? 

There are several emerging trends and market anomalies that marketers and salespeople within the vendor space can learn from right now.

Browser security and browser isolation

This is a relatively new field but is expected to see rapid changes and significant growth over the next 12 to 18 months. In particular, we can anticipate a wave of acquisitions by larger companies looking to enhance their cybersecurity portfolios.

The cloud security, DSPM, and SIEM

Another area witnessing substantial shifts is cloud security, specifically in the realms of Data Security and Privacy Management (DSPM) and Security Information and Event Management (SIEM). A surge in mergers and acquisitions is anticipated in these sectors as well, as companies aim to consolidate their capabilities and enhance their offerings.

Application Security 

There's a noticeable shift toward Application Security (AppSec) that's been taking place over the last year and a half. This trend is expected to continue as the need for robust application security increases in parallel with the rise in software and app development.

What's particularly interesting about the current state of the industry is the pace at which things are moving. A decade ago, software updates were less frequent - perhaps every six months to a year. 

Nowadays, updates to cloud-based software can occur daily, or even multiple times a day. This rapid development cycle means that issues can be introduced just as quickly as they can be resolved, presenting both opportunities and challenges for vendors in the space. 

Staying ahead of these trends and being able to adapt quickly to changes will be key for vendors in the evolving cybersecurity landscape.

What are some cardinal rules that marketers, salespeople, what's above below in between our breaking these days?

 In Evgeniy's opinion, there are some prevalent practices in the marketing and sales world that are not as effective as they could be. Reflecting on his experience at a recent conference, Evgeniy highlighted the disconnect that can often exist between marketing and sales efforts. 

Despite both departments working toward the same goal of attracting and converting customers, there's often a substantial gap between initial outreach and understanding what the customer truly wants.

A common scenario at trade shows and conferences illustrates this disconnect. Despite everyone knowing that their presence at a booth indicates interest, it doesn't necessarily equate to wanting to purchase every product or service being offered. 

Yet, the marketing approach often leans towards the 'spray and pray' strategy, sending out mass emails in the hope of catching the attention of a few potential customers. While this approach may yield some responses, it's not the most efficient or targeted strategy.

What is the alternative? 

As an alternative, Evgeniy suggests a shift in tactics, with an emphasis on improving the quality of interactions, particularly in settings like conferences. 

Given that people typically have a short attention span, it's critical to make an impact in the first 90 seconds of engagement. This involves training people to be more effective in their booth work, developing their soft skills, and fostering better connections with potential customers.

Moreover, improved communication between the marketing and sales departments is also crucial. A shared understanding of the sales expectations from marketing efforts can help align strategies and ensure a more effective approach. By facilitating better exchange of information, sales can then build more meaningful relationships with clients, creating a more seamless transition from initial interest to final sale.

Interested in sponsoring an episode like this with your target buyer?

→ Reserve your sponsorship here. ($2,575)

Subscribe to Audience 1st

Get notified every time an episode drops to better understand your audience and turn them into loyal customers.