it’s hard It’s time to be a CISO or the founder of a security startup: resources are scarce and the stakes are high when deciding where to allocate them. This means that the CISO deciding whether or not to bring their product on board has less time, budget and staff than in years past, and their presentation has to be much better to make the cut.
Working in your favor, the increasing number of cyber-attacks and exfiltration ransomware that continue to threaten business bottom lines means that security remains a business priority. Gartner predicts As end-user spending in the information security and risk management market will grow from $172.5 billion in 2022 to $267.3 billion in 2026, opportunities remain abundant.
Just as security executives condense and refine their strategies, founders must do the same in the way they present these CISOs. There is no longer room for a good product to win over a CISO despite a bad presentation.
Drawing on our combined more than four decades of computer engineering, cybersecurity, and security startup investment and advisory experience, these are the important questions we see security-savvy founders answer in their pitches over the next few months to close deals. critics and adapt to the singularity. Market conditions and industry outlook:
1. How does your solution help me sell more X?
In the industry, we often hear about “a solution looking for a problem”, when the onus falls on the CISO who listens to your presentation to find out what problem your product is trying to solve and why it’s critical to their business. While this may have worked in the past when there weren’t as many solutions, today it can be a deal breaker. With the increasing number of vendors now on the market, CISOs no longer have the time to do this work for you.
Just as security executives are refining their strategies, founders must do the same in the way they present these CISOs.
One question Steve asked over a hundred security vendors as CISO of Levi Strauss was: “How does this solution sell more jeans?”
In too many cases, the response was “we’re here to help you find more vulnerabilities or identify more risks in your environment”, leading to a quick response of “thanks, no thanks” as handing more problems to the CISO is not helping. to sell more jeans or solve a problem. He showed a lack of understanding and showed that they just wanted to sell another tool.
When the answer was similar to “our product will address the use case of identifying and remediating malicious or accidental misconfiguration of your consumer’s PII data in the cloud to limit the financial risk of regulatory fines and the brand risk of violating consumer confidence”. they showed that they were thinking about the business problem and discussing how to accept responsibility for solving some facets of it.
Steve appreciated that they brought a solution to a business use case problem and allowed him to quickly determine if this was “interesting” or important “in the priority of the problems he needed to solve in the next 6-18 months.” It was also very common that when the question “how do you sell more jeans?” was asked, the person would stop and stare, unprepared to answer, again resulting in a quick end to the discussion.
Similar key questions to answer by talking about the bottom line include:
- Does it solve a business problem in a way that allows the CISO to consolidate their existing technology footprint?
- For example, if your product can consolidate 2 solutions and save 25% of their combined operating costs, it gives them leeway in justifying the number of employees.
—————————————————-
Source link