How to Reframe Your Communication with Cybersecurity Buyers | Dutch Schwartz
- Coming from completely different backgrounds often helps people find and apply a unique solution to a problem that we are all facing.
- Make the journey simple. Make the product simple to use. Just say what it is from a product perspective.
- The technical discussion will happen. There’s the right and the wrong time to discuss that though. Feel the moment.
Brutally honest insights from Dutch Schwartz, Global Head, Security, Strategic Industries at Amazon Web Services (AWS).
In this episode, Dani Woolf had a conversation with Dutch about his challenges, goals, what vendors do that piss him off, and the alternatives.
Guest at a Glance
💡 Name: Dutch Schwartz
💡 What he does: Dutch is currently the Global Head, Security, Strategic Industries at Amazon Web Services.
💡 Where to find Dutch: LinkedIn
- What does Dutch hate most about the cybersecurity industry?
- What is the main problem with education and training programs these days? Are we focusing on the wrong thing?
- Why is it so important to learn how to learn?
- What's one thing that Dutch experienced that was great in the industry?
- How do we highlight when people are doing a great job? How do we shine a light on those moments?
- What would be some practical steps to shift from being a transactional seller to a trusted advisor?
- What are some cardinal rules security vendors, marketers, and sales people, are breaking these days?
- The benefits of a transition into cybersecurity from another field and the importance of developing soft skills.
What does Dutch hate most about the cybersecurity industry?
We often think that our challenges are unique to cybersecurity as opposed to pretty normal historical human ones and we don't look outside of our domain often enough for finding potential solutions.
“I wish that we would spend more time together. I wish we had more industrial organizational psychologists. I wish we had more anthropologists, the social sciences, and other sciences, frankly.”
Coming from completely different backgrounds often helps people find and apply a unique solution to a problem that we are all facing.
Among the important points Dutch raised about the downsides of the industry, Dani Woolf brought up the lack of effective methods of communication, not just from the business side, a.k.a. marketing and sales but also vice versa (the tech functions to the business functions).
Lack of resources and training in how to communicate efficiently and effectively cause unintentional organizational silos between both sides of the industry, largely caused by lack of curiosity and stress.
Stress in the industry causes people to bypass research and bypass legwork that's required to communicate efficiently.
From formal education and informal training programs, is the cybersecurity industry focusing on the wrong things?
We might be teaching some outdated things, not necessarily the wrong things. You could get the resources to learn effective communication, learn how to research, learn how to speak to people, learn how to translate words or translate concepts into words and other concepts that resonate with people that matter to you.
These are just not prioritized enough.
“We've lost something in terms of in the nineties when you could come in and there were tons of opportunities, tons of programs that I recall. So most large companies had tons of, not even internships but also training programs.
What I learned when I started two small startup companies back when I came out of the military, is that you just learn stuff on the fly.
But as soon as I got to a large corporation, there were tons of training opportunities about communication and about different leadership programs, just tons and tons of stuff. And then we lived through 2008, 2009, that it absolutely got crushed. I don't have the evidence but my recollection is most of that stuff never came back.”
We lost something from mentorship and formal training.
Nowadays people can use different models of learning.
“I feel like we must be losing out by not having that kind of robustness of options that we used to have. So that's part of it.
My sense is that we've leaned really heavily into the technology, which I love. Full stop. But what I hear from folks who've been in the middle of their cybersecurity journey, they tell me they're not getting enough training on soft skills.
If I'm a super self-starter, I'm going to go and try to learn those either through a mentor or through a community, some kind of association that I'm in. But that really puts the onus on the individual learner.”
If they never taught you how to learn then it will be really hard. You need to learn how to learn! That's the critical thing.
“I don't think we teach critical thinking and the scientific method and tools that would help people teach themselves. Now, no surprise that people often feel frustration or feel they’re being let down because we didn't give them the training and the coaching, the tools early in their career that they can then apply later, and then frankly help others pull up others.”
Why is there a focus on complexity versus simplicity? How do we reduce complexity as much as possible through understanding?
The marketing world is going through this right now. Just say what it is. Simply just say what it is you are trying to articulate in clear terms. You don't have to make up new words for it. Just say what it is from a product perspective. Make the journey simple. Make the product simple to use. It doesn't have to necessarily be easy but it needs to be simple and practical and pragmatic from a training perspective.
Facts will come, learn how to learn. Do it pragmatically.
If you're acquiring technology in addition to highlighting where there's a gap, how do we highlight when people are doing a great job? How do we shine a light on those moments? What does good look like?
We're good at sharing bad examples and flipping the script and showing the alternative, but showing what good looks like is great. We urge those who are listening to share good examples.
3 Tips to Be More Effective in Your Communication
“I will absolutely go right back to somebody else because it's not my idea. I’m a big fan of Olivia Rose, multi-time CISO. I remember where I even heard it from her the first time, it was kind of impromptu. This is what Olivia says and I agree with her having now sort of put it in on my list of questions to ask.”
- What is the thing? Tell it in 16 words or less or else you get to seem like the rest. Each word has to be exactly the minimal amount of words. Boom.
- What challenge does it solve? 20 words, that's all you get. If it's going to take you four sentences, you’re too long. 20 words or less.
- What does this mean to the peer of the CISO? That’s proxy for saying “what does it mean to the business?”
Again, these are simple things but it's trying to shift the discussion. Because the technical discussion will happen. There’s the right and the wrong time to discuss that though. The timing is important.
“Years ago, at a public event while I was representing a security vendor, a CISO approached me. I was expecting a technical talk but on the contrary he was like, “Tell me about you. Why are you guys doing this? Why’s this your approach?””
What would be some practical steps to shift from being a transactional seller to a trusted advisor?
The inner shift:
- You have to be authentically curious and you have to be interested. Whatever their reason for being in the world is, you have to be interested in that.
- And you have to be authentic.
The outer shift:
- The community is often unprepared, so it’s crucial to do your research ahead.
- Read up on the company.
- Read their annual report.
- Read the public comments from the company.
- Try to understand the industry because their challenges will maybe be overlapping with yours. Maybe they'll be similar but they'll feel unique to them.
And so you've got to try to get to: what does this mean to your people? What you bring to the table potentially is context.
“Remember that there's value to what you're doing. That value might simply be how other folks have done it. Here's how I've seen other people solve this challenge. I don't know if this is exactly the right solution for you, but it does help in those conversations.”
What are some cardinal rules security vendors, marketers, and sales people are breaking these days?
“You have to spend time in the field. Whatever in the field means in your scenario. You have to spend time in the field just gathering empirical data.”
The Western scientific method
There is a hypothesis and we try to disprove it ourselves and then we go out and build a whole bunch of cases to prove that we were correct in our hypothesis.
Totally valid, totally valid approach.
The Empirical research method
Empirical research consists in going out and just listening. We’ll be asking questions and trying to understand before we even start a discussion because we don't even know what the hypothesis is yet.
It may sound crazy to do it that way but that makes sense especially if you're early on in the industry.
“I'm not a trained marketing person by background. So, perhaps because of that, I probably asked wacky questions because I didn't always know.
- My suggestion or strong recommendation is like one of those chips should be with somebody who's really senior at our company and it's a very mature/complex customer.
- And then go meet somebody who has only been here for 30 days and maybe you don't even meet with a customer or meet with a partner, just go sit with them and hang out and watch what they do and understand how they approach being an AE, being a Sales Rep, or being an SE.
I promise you will learn something.
Instead of just sitting with yourself when you don't have enough data, go gather empirical evidence.
4 critical requests for professionals in the cybersecurity industry
- Cognitive biases are likely an underlying impact to why we continue to be challenged with solving problems. I would encourage people to go dig into that and think about how a cognitive bias could be impacting your decision tree.
- Develop and work on your soft skills. We've kind of had this stigma almost around soft skills that I think unintentionally created a barrier to people learning them. They're not soft skills. The army invented it, that's not what they meant. These skills are more likely to be the differentiator for you if you're going to lead a team, even a small team. Of course, you have to have domain experience in technical acumen, given that's table stakes.
- If you've transitioned into cybersecurity, which many people have from another field, from the military, from single parent, whatever the background was, it's more likely to me that somebody from an adjacent field will solve a problem in a unique way.
- Don't forget all the other things that you learned along the way because we have a lot of problems to solve. So, bring the problem solving from whatever field you came from into cybersecurity.
Whenever you're ready, there are 3 ways I can help you and your go-to-market team:
1. Conduct a one-to-one interview with an existing or ideal customer and extract the most useful insights and recommendations for action.
2. Run a focus group with our CISO Panel to validate an idea, trend, message, service or product.
3. Plan and facilitate a customer advisory board (CAB) with your key customers to drive loyalty for your company's brand.
Subscribe to Audience 1st
Get notified every time an episode drops to better understand your audience and turn them into loyal customers.