Show Me the Courtesy of Treating Me Like a Human Before You Take My Money | Chris Roberts
Everybody's got to sell, everybody's got to buy things, but it's how the transaction is conducted that is important.
Security practitioners are at the pointy end, they’re fighting and it’s not fun.
Not only are they fighting adversaries that are trying to get in, but they're also fighting sales, marketing, vendors, and suppliers.
That sucks because they’re fighting facing forward.
And they’re also having to watch their back from the very people who are supposed to arm them.
That's never a good situation to be in.
In this episode, I had a brutally honest conversation with Chris Roberts, CISO, Hacker, Researcher, and Advisor on what motivates him, what his challenges are, what vendors do that piss him off, and the alternatives.
🔥 Security practitioners are taking the time to market their point of view on LinkedIn to help their audience
Most security practitioners who are in it for the mission lead with value. They want to give something and get their word out there. Only then do they think about themselves in promotion and networking.
As Chris states:
“The intention was to kind of use [LinkedIn] as a platform to kind of growl a little bit and to test it. And then, you know, whoever I talk to whatever else, some of that kind of stuff just gets just ends up out there.”
🔥 It’s game over if you’re using buzzwords in the industry
“If you're not embedded in the industry, it's so hard to figure out what is truth. Let's take zero trust for a perfect example. The idea and the concept isn't a bad one, but the ability to execute it is horrendous to say the very least. And unfortunately, in most cases, it’s none other than impossible because no one vendor has the solution. No one vendor is going to come in and be able to effectively do it and roll it out without some pretty major disruption. And they ignore that part.
For crying out, I got buzzword bingo cards. I give them out at the conferences and you can literally stand in front of it. Doesn't matter if it's sales, marketing or the pay-to-play bullshit.”
🔥 Security practitioners know you’re under a lot of pressure, but it isn’t an excuse to do things without clarity and knowledge of what you do.
“Those people that gave me that money want a return on their investment. The people that are working the money want a return on the investment. I give it to you. You want to return on the investment and everybody's taking.
And unfortunately what that means is that the person at the pointy end - the marketing and the salespeople, you sit down and get, ‘well, so little Johnny and Jamaima are, um, your targets for this year, are double what they were last year because we just took another hundred million in investments. So, we expect you to double up and, and, and really push those conversations.’
And everybody's like:
‘Well, shit, how do I do that? How do I now maximize every single conversation? Every touch every point?’
‘By the way, not only do I have to maximize it, but I know that the Muppets down the road took a hundred million as well. I know that they're going to maximize it, and we're both chasing after the same audience.
So how do I make myself better than them? They tell me that they're good. Well, I gotta be better than good. So now they're like, they're crushing it.‘
‘Well, we're spectacular. We're one of the best.’ How do you quantify the best?
‘We're number one.’ Prove it.”
🔥 It doesn’t take much to get to know your audience. You need to invest some leg work researching them.
“I think this is, this is where it gets interesting because, on my LinkedIn profile, it pretty well defines how to approach me. What it says is - don't come at me and go, ‘Hey, I'd love to connect. And by the way, here's what I'm going to sell you.’
Neither is, ‘Hey, I'd love to connect. I need five minutes of your time to run an idea by you.’
Don't lie to me. That's not what you're going to do. Come to me with open arms, come and actually learn about who I am. Who I am as an individual, but also who I am as a company.
The ones that make it through:
If you look at my tagline on LinkedIn, it says, you know, uh, approach with, you know, Islay whiskey or biscuits and tea, the ones that actually make it through the ones that are like, ‘Hey, I've got the bottle of Islay. Can we just have a conversation?’ Those make it through.”
🔥 Everyone has to put food on the table. It’s how the transaction is conducted that’s important. And honesty gets you a seat at the table.
“And then after that, it's the honesty, you know, the ‘Hey, I'd love to have a conversation. We're doing this, we're doing this. Can we run it by you?’ Well, hang on, are you running it by me to get my opinion? Because let's face it I'm opinionated or are you running it by me cause you think I'm going to buy it? Be upfront with me.
If you're running it by cause you want an opinion, I'll give you all the time in the world, it doesn't matter who it is. I mean, I have marketing people like, ‘Hey, I just want to run things by you. Cause I don't want to trip over my feet.’
It's that honesty and integrity. And at the end of the day, we've all got to put food on the table. So I give leeway for that. And I give leeway because everybody's got to sell, everybody's got to buy things, but it's how that transaction is conducted to me that is important.”
🔥 What Chris hates most: Overpromising, and underdelivering. Bonus: Being used as a stepping stone.
“Oh, so the worst thing: the overpromise, underdeliver.
Probably the biggest failure of anybody approaching is not knowing your audience. So coming in and spouting quantum and AI and ML, and not being able to back it up.
The one that I hate is when I get used as a stepping stone.
‘Hey, we'd love to connect. Could you, uh, I'm trying to get to the CISO. ‘Yeah. That, oh, you just, or if you can't get anywhere with me in the first, you can't get ahold of me in the first date. You're going to go with my sister or my brother. Yeah. Okay. I love being a stepping stone. Do you want me to lay in the puddle face down or face up so you can actually get me in the nuts as well at the same time?’”
🔥 More marketers, salespeople, and vendors need to get better at listening.
Listening is a huge thing in the industry.
“It's needed. I mean, it's also listening. I don't need another tool. What I need is I need help. And more often than not, I need to consolidate what I have and I need to be effective and I need to do it with the least amount of hands I have. If you just listened to the rumblings in the industry, you'd realize we don't need another piecemeal point mill solution. I need something that integrates. I need something that works effectively. I need something…I need something I can trust.”
🔥 When researching security solutions, security practitioners keep a scorecard for continued research in their community. And if you add them to a mailing list, you’ve lost marks.
“When I've narrowed it down, then I'm going to do outreach and I'll either, I'll either ping somebody. I'll go through LinkedIn and see who I know or who I'm connected to, or I'll hit them up on the website. And at that point, that's when the scorecard really begins, because if I reach out and I get, I get added to a mailing list immediately.
You lost marks. End of story. If I reach out and I get an autonomous system back that says, you know, to do this, do more of this and push this button, you've lost me again. If I reach out and somebody gets hold of me and says, ‘Hey, uh, thanks for the inquiry. Um, could we potentially set up a call or would you mind just giving me some more information?’ That's great. Cause now you haven't tried to tell me what I need. You've asked me what I want.”
Subscribe to Audience 1st
Get notified every time an episode drops to better understand your audience and turn them into loyal customers.