A Huge Percentage of Vendors Jumps on This Ambulance Chasing Bandwagon and I Hate It | Allan Alford
It's okay to have a positive, crisp, and clean association with negative press.
But it's best to steer clear of it altogether.
When’s the last time you’ve heard, ‘simple is more’? Or, ‘keep it basic’?
If it’s been a while, this episode will be a good refresher for you.
When approaching your marketing strategies and tactics in the cybersecurity industry, particularly your messaging, it's best to just stick with the basics and the fundamentals.
There is this constant need to overcomplicate with so many terms to stand out against the competitor, using negative press and ambulance-chasing to get the attention of the security practitioner.
According to Allan Alford, CISO of TrustMAPP, “it should really be a conversation with your audience.”
In this episode, I had a brutally honest conversation with Allan on what motivates him, what his challenges are, what vendors do that piss him off, and the alternatives.
Episode Highlights
🔥 The goal is not to secure all the things.
“You know that meme with a little excited girl that says all the things? It's not secure all the things, it's secure the things that the organization, the business has determined are the most vulnerable and, or the most precious.
If you can simply sit down with the business and figure out collectively what that means, what's the most vulnerable, and what's the most precious. And what's the intersection of the two, then create a punch list and start actually going through and securing those things. Um, do that iteratively over time.
Eventually, you do reach a theoretical point of having secured all the things, but of course, you know, no one ever gets fully down that road on the journey, but the goal is to do as much as you can in that priority order of just simply what matters the most to us. And what's most at risk and let's tackle those things first.”
🔥 The single biggest challenge right now is Mac users.
“Right now I'd argue that my single biggest problem is my Mac users. I've got all these great security controls implemented and then the Mac users come along and go, ‘but I'm going to keep using my Mac I don't want your security controls.’
And I have to figure out how to do the same controls with the Mac and, you know, parallel universes and all that good stuff. And those in mixed shops know exactly what I'm talking about. I'm not going to name all the tools, but. You end up with this tool and that tool and it's that kind of a thing.”
🔥 What Allan hates most: Ambulance chasing.
“The ambulance chasing is probably my number one. Colonial Pipeline hits and all of a sudden 4,768 vendors are hitting me up with, ‘don't be the next Colonial Pipeline,’ you know, SolarWinds hits and it's the exact same thing again.
The bad thing happens to somebody, somewhere. You know, some huge percentage of the vendor community. I don't know, 60% of them jump on this ambulance-chasing bandwagon. And I just, I hate that. I hate it.”
🔥 Taking advantage of negative press for other entities is not a good move as a vendor.
“So taking advantage of negative press for other entities to me is not a good first foot in the door. Right. It's okay to acknowledge that stuff like that happens. It's okay to have a, really crisp, clean, and clear association of literally ‘we were the ones who could have stopped that.’
So it's best to just stay away from that approach altogether. It's best to just stick with the basics and the fundamentals. Like, ‘look, are you concerned about this particular area of cyber? If you are, come check us out, that's what we do.’
It should really be a conversation. I think, I think the initial approach that a lot of marketers do with CISOs, there's the insulting approach, you know, there's the, ‘do you even care about security?’
Yes, of course, I do. That's why I'm a CISO.
‘If you wanted to do it right, you'd go with us.’
That's awfully arrogant. So to me, you know, it, it's about coming in positive. “
🔥 To understand which questions to ask your audience, seek counsel from friendlies.
“I think every good cyber firm should have a CISO who is a practitioner, as well as, you know, very often there's field CISOs and external CISO roles that are really more sales and marketing enablement. Um, and if those folks are veterans CISOs on their own, right, then definitely tap their brains as well.
But the gist of it is there are plenty of folks out there that are allied with you in some way, maybe even work for you in some way who've got that experience from the practitioner perspective. Just bounce it off them. And if you've got some friendlies in your advisory board, before you make a marketing move, if your company has an advisory board bounce it off of them and say:
‘Hey, this is kind of where we're going with our new marketing campaign. Does this resonate with you guys? Does this piss you off? Does this rub you the wrong way? Does it lean you towards possibly like, oh, I'd be interested in, I'd click more.’”
🔥 When evaluating a security solution, very often, POCs are a bake-off between 2-3 finalists…and at that stage, that’s where the real, final decision gets made.
“I was up and running in a week. This product took me three weeks and it's still running funny. Boom, it's out. This one had those three features. I was really looking for these other two didn't - boom, there's my winner.
Sometimes it goes all the way to the POC stage before I make my call, but it starts with peer review. It starts with research.
I'm a big fan of who competes with blank and doing all that research and there's dozens of websites out there that compare competitors of various softwares and functions.
And sometimes they're completely offbase. So, you know, take it with a grain of salt. You have to do further diligence. It's not as easy as Googling.”
🔥 It's super important to have a true, fundamental, realistic nature and notion about where you really are in the market.
“I'm going to say some marketers believe their own BS. It's super important, super important to have a true, fundamental, realistic nature and notion about where you really are in the market. Do you have real competitors? And if so, how competitive are they really? Are there two of you that are truly doing all the same things?
What marketing is tasked to do on a daily basis is to come up with all the reasons why we're super cool. Come up with whole new paradigms to describe what we do come up with whole new ways of envisioning and characterizing what we do.
And if your job is to always be coming up with a new perspective and a new twist on what you are, it becomes harder to just simply open the box up, put the parts on the table and go, this is what it actually is. You're so busy focusing on a new twist, you forget to focus on what it actually is in the first place.”
🔥 Learning about your competition will result in stronger messaging that will resonate with your audience.
“Again, it's that positive marketing message.
Don't be afraid as a marketer to lean into the enemy, learn about them.
‘They're good at that. Ooh, they're good at this other thing. Oh, they're really good at this other thing.’
Don't be afraid to have that reality check because anytime you're coming up with that new spin, that new twist on here's why we're cooler, you're going to be better informed. You're going to hit the mark better.
Your audience is going to resonate with the messaging better.”
🔥 The blind calendar invites are the single quickest way to piss off Allan and blacklist you forever
“You just get a calendar invite and you accept it because you think like, you know, when there's a calendar invite, right? And then you realize as your day is coming up and you're like, what is this thing this afternoon?
I've never heard of these people who are these. And what I always do is keep the meeting, but not show up just to make sure I waste their time. Just like they wasted mine.”
🔥 Having honest, realistic conversations about what your audience's current state of affairs is and what they might need will get you a seat at the table.
I had a vendor back when I was in Austin who reached out to me with just a, ‘Hey, no idea what your priorities are. Saw, you're new in the role. You know, we're a, we're a VAR. We represent various tools and I would love to meet with you, and I'm glad to sign an NDA. Let's chat about whatever kind of your projects and priorities are. And we'll see where I can maybe help or not help. But lets at least have a conversation.’
I thought what a great refreshing, open, honest way to just reach out. Fine. I'll spend 30 minutes with this person. We signed NDAs and I just started whiteboarding. I'm working on this and we're going on this and we're going to this.
The whole conversation was just about, let's have a realistic sitdown about where you're at, what you might need.
And I still reach out on occasion and check-in.”
🔥 You’re not necessarily wanting to win over the CISO anyway.
“The reality is if you come to me directly as the CISO with some killer message that resonates and you do all the right things and it's positive, and you're talking about building relationships and you're offering me a, whatever, a firewall, I am not going to go much further than that. Before I hand it off to my firewall person and say, Hey, go evaluate this.
When you're marketing that everybody thinks the CISO is the golden prize to get like, oh, we finally got a meeting with the CISO. It's only going to get you this far. You're still going to be punted back to the lieutenants anyway.
So in your marketing, in your messaging, make sure you include those lieutenants because, at the end of the day, I think more of them are decision-makers than actual CISOs.”
Subscribe to Audience 1st
Get notified every time an episode drops to better understand your audience and turn them into loyal customers.