How to Successfully Work Your Way Into a CISOs Inbox | George Al Koura
Interested in sponsoring an episode like this with your target buyer?
→ Reserve your sponsorship here. ($2,575)
If you’re working your way into a CISO's inbox:
Take a more humanizing approach and cultivate trust-based relationships.
It’s important to draw the line between an appropriate business outreach and a stalker mode.
Be willing to be vulnerable because it's going to really benefit your career and do good
Brutally honest insights from George Al Koura, Co-Host @ Bare Knuckles & Brass Tacks Podcast and CISO of Ruby.
In this episode, Dani Woolf had a conversation with George about his challenges, goals, what vendors do that piss him off, and the alternatives.
Guest at a Glance
💡 Name: George Al Koura
💡 What he does: George is currently the CISO at Ruby
💡 Where to find George: LinkedIn
- Why are so many people in the military getting into cybersecurity after service?
- What does George hate most about the cybersecurity industry?
- What is a humanizing approach to sales outreach and how does it affect CISO?
- As a CISO, what's George’s one bleeding neck challenge and what's the ultimate goal he’s trying to achieve?
- Are there any differences or anomalies right now in the market that sales pros and marketers can learn from to take advantage of?
- What does a valuable ,trust-based relationship look like digitally?
- What are some cardinal rules security vendors, marketers, and sales teams are breaking these days?
George has been in the cyber industry since 2006 to now. He is a Canadian ex full-time soldier, ex reg four soldier up here turned cybersecurity professional. It seemed a natural progression jumping into cybersecurity from a military background since it comes down to having a disciplined mindset.
“My friend hooked me up with a job interview. He said, “Hey, my manager doesn't care if you have zero post-secondary education about this, as long as you're a critical thinker and just show up to work sober.” I was like, okay.”
Sometimes you're going to fall on your face and then sometimes you're going to win big and your life and your career's in advance. For cyber itself it's more of a game of chance than anything else.
This industry's been a ride. It's been an accidental ride and I'm blessed to be a part of it.
Why are so many people in the military getting into security?
Following their time in uniform, individuals with a military background often find that their skills, mindsets, and experiences are ideally suited for the challenges and demands of the security field.
This isn't simply a matter of the particular skills or knowledge one gains during military service. Rather, it fundamentally comes down to the disciplined mindset that's instilled.
In the military, individuals are trained to think in a specific, rigorous way, focused on operational security (OPSEC) and communication security (COMSEC), both cornerstones of modern military operations.
This distinct method of thinking and logic is surprisingly compatible with the various roles within cybersecurity, spanning from security operations and architecture to sales.
One compelling aspect of working in cybersecurity is the fulfillment that comes from a successful operation.
The thrill of successfully preventing a major incident, tracking down an intruder, or conducting a successful forensic investigation, generates a kind of rush that those with security-oriented minds, especially those from military backgrounds, find particularly satisfying.
In essence, it's this combination of well-suited mindsets, transferable skills, and the inherent excitement of the job that explain why so many people from the military are gravitating towards the security industry.
In the past seven years of experience in cyber security, what does George hate most about the industry?
In reflecting on his seven-year tenure in the cybersecurity industry, George has identified certain aspects that have deeply troubled him.
Among the most distressing for him is the dehumanization often encountered in product and service sales.
He takes issue with the impersonal and unrealistic growth quotas which, in his opinion, undermine the quality of business development professionals and the relationships they're meant to build.
George firmly believes that a more humanizing approach is necessary for anyone attempting to gain the attention of a CISO, or to secure that all-important meeting or demo.
George warns that Chief Revenue Officers (CROs) need to abandon the outdated "spray and pray" sales technique or risk falling behind.
The approach of mindlessly casting a wide net without strategic targeting simply won't work in the modern, globalized world.
His discontent extends beyond sales tactics. George also expresses discontent with large consulting firms that impose unrealistic billable quotas and exorbitant prices, while offering scant benefits to their working-level consultants.
This practice, he notes, engenders widespread resentment among clients who often question what exactly they're paying for.
George likens consulting to a "meat factory" that takes in enthusiastic individuals and leaves them feeling overworked, stressed, and poorly treated both by clients and their own organizations.
This toxicity and the high levels of burnout are further fueled by an artificially competitive environment within the industry.
He questions when a reasonable 20% to 30% gross margin became inadequate, noting that these extreme pressures are driving talented professionals away and creating unnecessary gatekeepers.
According to George, these issues are not only leading to a hostile work environment, but are also hindering progress, weakening supply chains, and ultimately posing a threat to the globalized cybersecurity industry as a whole.
What does George think a humanizing approach to a CISO would look like?
Treat CISOs as human beings: George emphasizes that approaching a Chief Information Security Officer (CISO) should be treated with utmost respect and sincerity, beginning with treating them as human beings. He cautions against messages that might resemble scams or bots, as these are immediate red flags for a CISO.
Create custom content: George also advocates for the development of custom content as part of this humanizing approach. This could mean taking the time to understand and utilize media effectively, or becoming comfortable with how one presents oneself through video and voice clips.
Be genuine: Crucially, George advises communicating from a genuine place. Conversations should feel real, and it's okay to allow a degree of vulnerability to come through. It's all part of humanizing the exchange.
Pay attention to the quality of your pitch: Additionally, he stresses the importance of the quality of your pitch. He observes that too many pitches come across as gimmicky, likening them to "cyber ambulance chasers." This kind of approach is likely to be disregarded by a CISO.
Commit to establishing long-term relationships: George believes in the importance of fostering long-term relationships. Rather than focusing solely on the initial sale, he insists that the ultimate goal should be contract renewal. This means developing a relationship that goes beyond the initial transaction, showing a CISO that you're committed to their long-term success and security
As a CISO right now at Ruby what's George’s one bleeding neck challenge?
As the CISO at Ruby, George's most pressing challenge is securing buy-in from stakeholders across the organization for the company's security initiatives.
It's not just about obtaining financial support, but truly ensuring that everyone comprehends the importance and rationale behind the security operations.
George has learned through his tenure at Ruby that taking over someone else's security operations means inheriting their issues as well.
Navigating these legacy problems can be a significant hurdle.
Despite these challenges, George considers his role at Ruby as one of the best jobs in Information Security, particularly in Canada.
He appreciates the company's progressive approach towards work-life balance, such as their implementation of a four-day work week.
He acknowledges that, while Ruby does maintain 24/7 monitoring, they have created a system that doesn't require employees to work overnight or during weekends.
According to George, granting employees the freedom to manage their time fosters satisfaction, as they are fully aware of their responsibilities and outputs. He believes that satisfied employees are more productive and more dedicated to their work.
Still, George admits that there will always be some pushback when trying to introduce new security technologies.
However, being part of a forward-thinking company like Ruby, that is willing to take risks and try new approaches, makes tackling these challenges a bit easier.
As the CISO at Ruby, what's the ultimate goal George is trying to achieve?
In his role as CISO at Ruby, George’s ultimate goal is to achieve world-class security.
He continuously encourages his team to aim high, believing that with the right resources and personnel, any goal can be accomplished.
George’s management style is rooted in empowerment, pushing his team to believe in their ability to achieve greatness and encouraging their creative problem-solving skills. He sees this as vital in achieving their high-reaching goals.
Another significant aspect of striving to be a world-class organization, according to George, is building trust with customers through the protection of their data.
The security of customer data is paramount, as it assures customers that they can safely engage with Ruby’s products.
When stepping into an existing security environment, George acknowledges the importance of building a strong foundation.
Only then can secondary solutions be explored. It’s a process of prioritizing which security issues need to be tackled based on the organization's developmental stage and the financial support available.
Are there any differences or anomalies right now in the market that we can learn from to take advantage of from a marketing or a sales perspective?
George highlights a few notable trends that could be leveraged for marketing and sales advantage.
One significant shift he notices is a move away from AI-centric approaches towards more human and authentic engagements.
For instance, if you're planning to launch an artistically based marketing campaign, it might be beneficial to actually hire a human artist and have them endorse it.
The craving for authenticity doesn't stop at individual creations. George believes that there is a growing preference for smaller, more localized campaigns.
Instead of broad, sweeping initiatives, audiences are increasingly receptive to regional and localized efforts. This can be a cue for vendors to invest more heavily in local shows and events.
One enduring factor in successful marketing and sales, according to George, is the cultivation of genuine, trust-based relationships with buyers.
Speaking from personal experience and from discussions with other buyers, he affirms that these relationships are highly valued.
Buyers often remain loyal to their vendors, taking them along even as they transition between organizations.
This highlights the potential long-term benefits of establishing and maintaining such relationships.
What does a valuable trust-based relationship look like digitally to George?
For George, a valuable trust-based relationship in the digital sphere begins with professional credibility.
This is achieved when a vendor delivers a good product or service punctually and at the agreed-upon price.
This basic level of reliable service lays the foundation for trust, even in relationships that are solely digital.
On a more personal level, George acknowledges the importance of good chemistry, which can sometimes be elusive.
He advises maintaining realistic expectations, understanding that not everyone will necessarily form a strong bond.
Despite this, George believes in the potential for personal connections that transcend professional boundaries.
He suggests finding common ground outside of work - perhaps an intriguing object in the background during a video call or a shared interest revealed in social media posts.
George posits that vulnerability is a key element in cultivating valuable relationships.
The willingness to be open, to share more personal aspects of oneself, can lead to deeper, more meaningful connections.
What are some cardinal rules security vendors, marketers, sales everything that's above, below, in between are breaking these days in George’s opinion
- Social engineering people like CISO or their partners
One major violation he notes is resorting to social engineering tactics. These can include intrusive efforts to reach prospects, such as seeking out personal phone numbers or information about family members.
This kind of behavior isn't just unprofessional, it borders on harassment and is a definite no-go. It's critical to understand the boundary between appropriate business outreach and becoming overly intrusive or even stalker-like.
- Not gaining the hint when there's no interest
Another common mistake that George points out is failing to recognize when there's no interest. If multiple emails have been sent without a reply, chances are the recipient has seen the emails and simply isn't interested.
Insistence in such situations not only demonstrates a lack of understanding but also wastes time and resources. George urges vendors and sales teams to learn to pick up on these cues and know when it's time to move on.
What's the worst thing George experienced from a vendor?
Inappropriate phone calls. He finds it particularly intrusive when vendors call him directly without him providing his phone number in the first place. If he doesn't pick up initially, these vendors persist in calling him multiple times.
What irks George even more is the lack of consideration for his personal time.
He cites an example of receiving calls late in the evening or on weekends, which he considers a blatant disregard for his personal boundaries.
Whether this behavior stems from ignorance or simply poor judgment, George identifies it as the worst he has encountered from a vendor.
What's one thing a vendor has done that made George feel good?
George has experienced several positive interactions with vendors as well, and these moments often revolve around the vendor's commitment to partnership and their willingness to go the extra mile when needed.
He views these situations as tests to gauge the vendor's dedication to the partnership.
The vendors that he has formed the closest relationships with have proven their commitment by being readily available and helpful in times of need, regardless of the organization he was with at the time.
According to George, the prompt and reliable support offered by these vendors during critical moments has made a significant difference and positively influenced his perception of them.
This commitment to genuine partnership and readiness to assist in times of need is what works best for him in a vendor relationship.
George emphasizes the importance of kindness, vulnerability, and taking chances for personal and professional growth. Being kind and genuine, as well as allowing oneself to be vulnerable, can greatly benefit one's career by building trust and fostering meaningful connections with others.
George encourages individuals to find moments where they can authentically showcase who they are as a person, as this can contribute to earning trust and building stronger relationships.
Furthermore, he urges individuals not to be afraid to take risks and seize opportunities. George shares his own background, highlighting that he studied politics and psychology and taught himself the skills needed for his current career in the industry.
Despite initially feeling unqualified, his tireless dedication and willingness to take chances have brought him success.
To advance in one's career, George advises actively seeking opportunities for growth, trying new things, and pushing one's skill set.
“Be willing to take the chance. No risk, no reward!”
Interested in sponsoring an episode like this with your target buyer?
→ Reserve your sponsorship here. ($2,575)
Subscribe to Audience 1st
Get notified every time an episode drops to better understand your audience and turn them into loyal customers.