Four Security and Risk Decision-Makers Walked into a Room…

And they gave an audience of marketers the unvarnished truth about what they think of their tactics. 

When you look up how many cybersecurity vendors exist, you get estimates of 3,000 in the U.S. alone to more than 39,000 worldwide, and the competition is heating up. According to Gartner, 75% of organizations looked at consolidating vendors in 2022, up from 29% in 2020. On top of this, new vendors are regularly popping up, leaving many security marketers wondering what the best ways are to be noticed and build relationships with cybersecurity decision-makers. 

At RSA Conference this week, 10Fold hosted its annual Security Never Sleeps event for the 11th time, featuring an incredible roster of panelists to answer questions about everything from how they choose tools in a post-COVID world to whether the opinions of analysts really matter to them. Here are the top five takeaways from this year’s event:  

Zero-Trust infrastructure, Identity Authorization Management and Risk Assessment are Top of Mind! 

At the top of the conversation, our panelists were asked what their priorities were for the next year and all four of them had all strikingly different answers, including Zero Trust infrastructure, identity governance, regulatory compliance and quantitative risk assessment/modeling.  

Some Sales Strategies Have Gone Too Far 

“When did vendors miss the mark?” The responses that elicited the most laughter and groans were: 

  • Delivering a surprise box of donuts right to one CISO’s office. 
  • Sending unsolicited calendar invites for calls. 
  • Daily emails. Some try “last chance” tactics. Others attempt to make bets with them on sporting events featuring their alma mater.  

These strategies were unanimously considered to be terrible ideas.   

Buying Cycles are Longer Than Ever 

According to our panel, buying cycles – from an introduction to a final decision – can last anywhere from one to three years. For some, the proof-of-concept stage alone can take an entire year. One panelist reflected that his boss didn’t even want him talking to vendors until budgets are approved, but from his perspective, he needs a partner ready to go that can move quickly so doing early research is critical.  

Analyst Recommendations are Important, but Not the Only Thing CISOs Consider 

When asked how important analyst rankings like the Gartner Magic Quadrants, Forrester Waves and other reports were in their research, the panelists agreed that while they are not the only research they take into consideration, they are helpful for coming up with an initial list of established players. For many, this highlighted the need to build credibility in their respective industries. In lieu of analyst rankings, strong executive thought leadership programs and third-party recognition from top-tier awards and influencers can help build trust among peers. 

CISOs Trust Other CISOs 

As the event came to a close, one thing became clear. When faced with a challenge, CISOs often turn to each other first for advice and recommendations. For vendors, this means relationship building is crucial. CISOs don’t want to be just a sale. They want to understand how you plan to innovate in the face of new challenges and how you can evolve with them as they grow. Vendors that can build those types of meaningful relationships with CISOs will be able to build a nice referral network. 

A huge thank you goes out to our incredible panelists and moderator for their participation, including Carl Wright, Peter Luban, Christopher Kennedy, George DeCesare and Gram Ludlow!  

Leave a Reply

Your email address will not be published. Required fields are marked *