Reading Time: 5 minutes

The primary objective of a CISO is to bring value to the organization, keep it secured, and follow their planned roadmap. 70% of all large organizations use a CISO for better security management.

In fact, the job of a CISO proved to be the second highest paying technical job last year. This high caliber roles basically mean that a CISO is likely to find oneself over burdened with phone calls, receiving dozens if not hundreds of emails regularly, Facebook Friend Requests, LinkedIn requests, and the likes. In the process, they become unavailable to potential vendors. Then, how do you break that wall and engage with a CISO? Let’s try to clear the fog.

What is so Difficult about Engaging with a CISO?

More often than not, you would notice, there is a strong dissonance between a CISO and the potential vendors. But why is it so difficult to be engaging with a CISO? And why are most security officers displeased by the way they are approached by potential vendors?

I think the primary reason for this dissonance would boil down to social media. This is one of the most popular mediums for people to grow their network and interact with other people. In this regard, CISOs also garner a lot of popularity and build their image, voluntarily or involuntarily, on social media. While this is actually a great place to network, social media platforms are also known to create a lot of noise.

Facebook alone has two and a half billion active members. In effect, sometimes it becomes very difficult for CISOs to deal with this unnecessary clutter on social media.

And the larger vendors are actually aware of this scenario and about how difficult it is for CISOs to filter through all the social media attention to extract useful information and notice them. Thus, more and more vendors tend to spend a lot of money on advertisements on social media, in order to be noticed and to increase their visibility. In effect, the only players that gain from this arrangement are the social media platforms.

However, you would have to agree that CISOs ultimately need good vendors in order to fulfill their internal goals, appease the external auditors, as well as the business partners and customers. Essentially, there have been some stable mediums to get in touch with CISOs, pitch for services, and engage with them.

So how do CISOs Actually Come Together with Vendors?

Come to think of it; it is not that difficult to reach a CISO if you have the right channel of approach or communication. Most CISOs I have spoken with personally have actually voted for the following four approaches to engage with them.

1.     Trust

One of the most important deciding factors for CISOs for choosing a potential vendor is based on trust. CISOs will always be more likely to engage with someone they know through another source or who has been referred to them.

This pre-establishes a sense of trust and brings in an environment of comfort. In effect, when somebody refers you, you know the CISO already knows a bit about you and how you operate. This makes it easier to engage with them.

Also, another useful tip is that you should never try to sell on the first meeting with the CISO. Let this meeting only be limited to building a connection and trust!

2. Network

Networking within the community actually increases your visibility and, thus, the chances of being noticed by the CISOs. It would do you a world of good if you could attend some industry events or even volunteer or sponsor them.

This helps build and grow your professional network and, in turn, your image. CISOs once again will be more familiar with your image and name, and it will be easier to engage with them.



3. Seeking out thought leaders in their fields

The key to engaging with CISOs is engaging with thought leaders first. Industry thought leaders are rather important and useful. If you have been in the industry for long enough, you will have a decent network and idea of who to reach out to.

When the security officers notice your reputation with the thought leaders in the fields, it makes their job of vendor selection a lot easier. It clears the road ahead of you, and you can engage with them more smoothly.

4. Actively engaging with a team member seeking out your solution

Mature CISOs always take it upon themselves to research the market and align their security needs with business goals. Said CISOs are likely to assign a team member with the task of researching those much coveted products or services. Identifying these individuals and exploring a potential fit would be a great first step.


What not to do to engage with a CISO?

  1. Don’t randomly call up a CISO you have wanted to work with. It adds no value to your portfolio and will lead you nowhere.
  2. Don’t only invest huge amounts of money on advertisements and social media image building operations. Instead, use the same money in creating value for your customers and thus yourself.
  3. To be honest, stay as far away from sleazy sales techniques and ideas as possible. They do not add value; instead, they can harm your image.
  4. Don’t jump to a business directly. Give your CISO some time to build their trust in you and ensure that you have a cooperative working relationship.


Bottom Line

The process of engaging with a CISO is slow but fruitful. It is best not to rush this process. Instead, create an image and a portfolio that supports it, and have a strong contact base.

So, you’re a CISO. This means you probably get dozens of emails a day, bunch of phone calls, LinkedIn requests of friendship followed up by an immediate pitch when all you want to do is carry out your well thought out roadmap, bring value to the business and keeping your organization secure and employees happy.

With me so far?

So why is there such a dissonance between a CISO and potential vendors? Why are most CISOs appalled by the different ways and means through which they are approached by vendors?

I blame social media for this. On one hand, all these fast growing platforms let us have greater visibility than ever before and global connectivity. On the other hand, they produce so much noise. It’s hard to deal with, really. Some platforms are more prone to noise and clutter than others, but all ‘suffer’ from the same disease. Big vendors know that and they quickly realize that in order to have your voice heard above the crowd they need to throw in big bucks into ads to increase visibility. Really, it’s a zero sum game with one winner – the platform itself, whether it’s LinkedIn, Facebook or Google, depends on your sector, they are the main benefactor while all the players in this game fight for scraps.

At the end of the day, CISOs do need vendors to be able to execute their own roadmap, achieve their internal goals and satisfy external auditors, business partners and customers.

So how do CISOs actually come together with vendors?

I’ve spoken to a lot of CISOs about this specific questions, and I was able to boil it down to the following:

  1. Trust
  2. Network
  3. Seeking out thought leaders in their fields
  4. Actively assigning a team member to hunt down for a specific product or service

So where does that leave all those service providers?

Not too sound too corny, but I think the answer really lies in front of you.

Let’s talk a bit about what not to do:

  1. Don’t cold call CISOs. It will not get you anywhere
  2. Be smart with your time and with your money. Invest it in creating value
  3. Sleazy sales techniques are usually frowned upon
  4. Not always though. Some big players are investing top dollars in ‘perks’ that sometimes work
  5. Don’t treat your typical CISO as a walking wallet – it shows and it’s not attractive
  6. Get to know the person and see that you click

Granted, all these ‘insights’ or self-beliefs are not scalable. But this is what I have so far.

Share your thoughts below…

Share this on...

It’s always better to talk, lets talk!

Pick Time