By Justin Daniels
Cybersecurity continues to be a focus for innovative ideas and venture capital. In 2016, “VC firms invested $3.1 billion in a record 279 cybersecurity startups,” according to CB Insights. Such investment has paved the way for cyber startups to aggressively market to CISOs, whether at tradeshows and conferences, on social media or via inbound and outbound sales and marketing. Some CISOs are very receptive to learning about new technology. The majority, however, struggle to differentiate products and services among many vendors whose products seem very similar. It can also be very difficult for a CISO to assess how emerging industry categories, such as threat deception and orchestration, can provide real value and ROI to their existing security stack.
Jeff Schmidt, CEO of the Atlanta-based End User Authentication startup Authomate, speaks regularly with CISOs who are “receptive to his new technology.” But as Mr. Schmidt explains, CISOs can be “hesitant to pull the trigger on adopting our technology for a variety of reasons; none of which has to do with the technology itself.” These hurdles create additional challenges and obstacles that can be overcome, but often lengthen both sales cycles and reaching mass adoption.
The challenge of enterprise customer acquisition is not unique to Authomate. Many cybersecurity startups have built valuable products that solve specific problems. For many CISOs however, the opportunity afforded by adopting the new technology is often obscured in the noise of the cybersecurity vendor vetting process.
Tips to Maximizing the CISO-Startup Relationship
The Atlanta metro region is home to the second highest density of Fortune 1000s in the U.S. and a deep cybersecurity ecosystem. Several CISOs who manage the security needs for some of the country's most prominent corporations share their advice for how cyber startups can improve their prospects of selling to the enterprise.
- Pete Chronis, CISO, Turner - Like most tech leaders, I receive hundreds of solicitations each week. It is impossible to find the time to investigate all of these. I have two pieces of advice. Be prepared and be empathetic. Do your due diligence. Take the time to know and get involved in the community you serve by sponsoring events and talking to customers outside of a sales call. Partners who practice the "long game" sign the big deals and build long lasting relationships. And most importantly, they deliver on what they promise.
- Almir Hadzialjevic, Vice President, Enterprise Risk & Security, Aaron's, Inc. - Successfully selling a product or service to an enterprise comes down to people and relationships. In today’s hyper competitive and crowded market for security tools, having the financial backing, strong leadership and the new, shiny, flashy tech that solves a CISOs pain points are all table stakes. What’s going to make or break the sale is the person making the pitch and their ability to develop a trusting relationship with the CISO. Asking the right questions to identify pain points, empathizing with the CISO, and then having the technical chops and deep knowledge about the product or service all go a long way in developing trust, and ultimately making the sale.
- Francis Cioffi, Director and Chief Information Security Officer, Georgia Pacific - Simply claiming to reduce risk, or provide data, isn’t going to get our attention. Cyber startups must be able to concisely and affirmatively explain to us exactly what is unique about their technology and the ROI that sets them apart from the sea of vendors itching for our business. We also like to know who is backing a company and how solid their foundation is. Last thing we need is to partner with a vendor that has a “short shelf life.”
- Larry Frey, Vice President & CIO, Beazer Homes - Startups must understand that enterprise CISOs are now held accountable as strategic partners in the overall creation of business and risk management, and not limited to the organization's information security. With such a role comes great responsibility. That’s why before we partner with a cyber startup, they must show an understanding of our business objectives and be able to seamlessly showcase, through tangible examples, how their solution can help sustain business and moderate risk.
As these CISOs can attest, startups need to listen carefully to customer needs and clearly and concisely state their value proposition. Those who do these things position themselves to have the best chance to successfully complete the enterprise sales cycle.