The Art of Selling Security to Peers & Executive Management

sfbay.issa.org

The Art of Selling Security to Peers & Executive Management

The Art of Selling Security to Peers &Executive Management2013


Agenda• Persuading & Influencing Peers‣ Learn how to work with your peers at your organization to get support for your security initiatives• Methods for Acquiring Budget Increases‣ By combining proven sales techniques with security experience you can get funding for projects• Pulling Budget from Thin-air‣ When traditional approaches don’t work, what techniques can you use to make the budgetsmagically appear• ConclusionEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved 2


Trust Is What You Offer• You are not just trying to sell something or just deliver a product /solution – your new role is a Trusted Advisor• “Perception is reality”‣ Being the face of security includes a lot more than simply havingthe best solution / deliverables• Your teams' confidence in you will “make or break” your effort‣ Little things make the difference between success and failureEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved 3


The Trusted Advisor’s Secret Sauce• Controlled Demeanor – It’s A Quiet Confidence‣ Speak confidently, slowly and with control‣ This sets the tone of the image you project‣ Every word you say should have meaning‣ Never appear unsure of your self in front of the buyer• Map Business with Technology‣ You are a business person; not just the technical resource‣ You want everyone in the room to look to you for expertise fromboth the business perspective and technical area‣ You will need to perform a comprehensive analysis of anything yousuggest before you approach your peersEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved4


Characteristics That Bring Business• Happy & Positive‣ Smiles are good‣ Turn negatives into positives‣ Focus on the good• Confident yet Humble‣ Let your reputation speak for itself• An Effective Communicator (covered later)• Professional but Friendly‣ Focus on professional topics on positive experiencesEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved 5


Characteristics That Lose Business• Negative Focus Kills Relationships‣ Stories of life’s hardships‣ Discussing personal finance challenges‣ Talking about Lack of Work‣ Negatively gossiping about other teams or business professionals‣ Negatively talking about your solutions‣ Generally speaking… any negative persona• Being Too Friendly Too Fast‣ People want to work with business minded individuals‣ Friendships are for after hours or after businessEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved 6


Be on Time• Always confirm schedules and exact meeting places wellin advance• Check (just to make sure) the day before• Always be punctual for meetingsEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved 7


Always Be Available• You should respond to emails from teams within one to two hoursduring work hours‣ Sending out an email that you are working on a response isacceptable‣ Use your out of office notifications when you are going to be awayfor long periods of time‣ Smartphones are great for short responses• Waiting until the next day will increase the likelihood the team will loseout on an opportunityEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved8


Be Prepared• Always “do your homework”• Bring a notebook with you at all times‣ Have it open whenever you communicate with anyonefrom the buyer organization‣ Error on the side of writing too much‣ Be sure to have a pen, too• Bring all relevant information with you• Being prepared also means having an open mind to reallyunderstand the needs of the companyEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved 9


Attending a Meeting• Study Solutions and Methodologies in Advance• If you are not an expert, bring the expert with you‣ It is fine to have them on the phone• If you don’t know the answer to a question/ issue‣ Don’t try to “bluff your way through”‣ Offer to find the answer and get back to the team later• Goal – to inspire buyer’s confidence in youEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved10


Take the Time to Listen• Most people talk more than they listen• Fact – failing to understand requirements is one of the most commoncauses of failed security efforts• Fact – good sales professionals are good listeners• “Active listening” is best‣ Ask the buyer how s/he feels at appropriate times‣ Paraphrase what you think the buyer has said• Fun note – If you are the last one to talk, you get to have everybody’sknowledge imbedded into your pitch• The quietist person in the room may look the most authoritativeEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved 11


Tips for Good Verbal Communication• More words aren't necessarily better – be succinct• Don’t correct your team in public• Wherever possible, paraphrase what the buyer has said before addingwhat you want to say (this shows you're listening)• Use the buyer’s terminology (e.g., some companies use “controls”instead of “countermeasures”)• Think out what you want to say before you say it• Pay special attention to Topic Reoccurrence‣ If a team brings up a topic multiple times, it is important‣ If the team is off topic, his comments still needs to be addressedEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved 12


Tips for Giving Sales Presentations• Know your team‣ Take the time to find out if you don’t know in advance‣ Technical, managerial, or both?‣ What is really important to them?‣ Gauge your presentation accordingly• Pick out 4 - 6 key ideas you want to get across‣ Losing strategy: stating point after point….‣ Spend time developing these ideas‣ Take notes• Phrase ideas using buyer's wordingEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved 13


Tips for Giving Sales Presentations• Create an outline• Convert ideas into bullets (prioritize if possible)‣ Incomplete sentences/sentence fragments work best‣ Use sub-bullets when appropriate• Don’t include too much text in any slide (people hate clutter in visualdisplays!)• Organize the presentation‣ Add an introduction that helps listeners understand what you wantto convey to them‣ Add a conclusion/wrap-up to summarize‣ Add organization/transition slides for moving from one point to nextEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved 14


Agenda• Persuading & Influencing Peers‣ Learn how to work with your peers at your organization to get support for your security initiatives• Methods for Acquiring Budget Increases‣ By combining proven sales techniques with security experience you can get funding for projects• Pulling Budget from Thin-air‣ When traditional approaches don’t work, what techniques can you use to make the budgetsmagically appear• ConclusionEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved 15


Need Satisfaction Selling ProcessFinding Out What theBuyer Wants to BuyYou Need To Satisfy Whatthe Business Needs, NotPush Your Pet ProjectEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved 16


Need Satisfaction Selling Process• Opening‣ When‣ How‣ You and the buyer are ready to conduct business‣ Propose an agenda (bring in a formal agenda if possible)‣ State the Value to the buyer‣ Check for acceptanceEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved17


Need Satisfaction Selling Process• Probing‣ When‣ How‣ You want to elicit information from a buyer‣ Start with open probes and then tactically move down to closed probes toexplore the buyer’s‣ Circumstances‣ Needs‣ Find out which issues are the most pressing both personally and professionallyso you can focus on needs in order of importance‣ Check for buyer buy-inEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved18


Need Satisfaction Selling Process• Supporting‣ When‣ The buyer has expressed a need‣ You both clearly understand the need‣ You know how your product / organization can address the need‣ How‣ Acknowledge the need‣ Describe relevant features and benefits‣ Give examples of how we have dealt with this for others‣ Proceed to Issue Resolutions‣ Check for acceptanceEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved19


Need Satisfaction Selling Process• Closing‣ When (at least 20 minutes before time is up so you have time forcourse corrections)‣ How‣ The buyer signals a readiness to move ahead‣ The buyer has accepted the benefits you’ve described‣ Review previously accepted benefits‣ Propose next steps for you and the buyer‣ Check for acceptanceEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved20


Buyer Issue Resolution• Four Types of Issues and their Resolutions‣ Skepticism‣ Misunderstanding‣ Drawbacks‣ Buyer IndifferenceEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved 21


Buyer Issue Resolution• Resolving a Skepticism‣ First‣ Probe to understand the concern‣ When‣ How‣ It’s clear that the buyer doubts a feature or benefit you’ve described‣ Acknowledge the concern‣ Offer relevant proof‣ Check for acceptanceEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved22


Buyer Issue Resolution• Resolving a Misunderstanding‣ First‣ Probe to understand the concern‣ When‣ How‣ It’s clear that the buyer thinks you can’t provide a feature or benefit you canprovide‣ Confirm the need behind the concern‣ Support the need‣ Acknowledge the concern‣ Describe the features and benefits‣ Check for acceptanceEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved23


Buyer Issue Resolution• Resolving a Drawback‣ First‣ Probe to understand the concern‣ When‣ How‣ It’s clear that the buyer is dissatisfied with the presence or absence of a featureor benefit‣ Acknowledge the concern‣ Refocus on the bigger picture‣ Outweigh with previously accepted benefits‣ Check for acceptanceEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved24


Buyer Issue Resolution• Overcoming Buyer Indifference‣ When‣ How‣ A buyer expresses satisfaction with his or her circumstances‣ Acknowledge the buyer’s point of view‣ Request permission to probe‣ Probe to create buyer awareness of the needs‣ Explore the buyer’s circumstances for‣ Opportunities‣ Effects‣ Confirm the existence of a need‣ If there is truly no interest see if they will sponsor you elsewhere in the organizationwhere the need may existEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved25


Miller Heiman – Buyer Types• 4 Types of Buyers with Different Needs‣ Economic Buyer‣ Role: Final approval; releases the money‣ Focus: Bottom line and impact on organization‣ User Buyer‣ Role: Judge product impact on the job‣ Focus: The job to be done‣ Technical Buyer‣ Role: Judge match to specifications; screens solutions out‣ Focus: Match to specifications in their areas of expertise‣ Coach‣ Note: Give data; guides to other buying influencers‣ Focus: Your success with this proposalEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved26


Miller Heiman – Economic Buyer Influences• Higher return on investment (ROI)• Increased sales• Reduced costs• Increased efficiency / productivity• Low cost of ownership• Flexibility• Profitability• Smooth cash flow• Etc.Emagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved 27


Miller Heiman – User Buyer Influences• Reliability• Increased efficiency• Upgrade skills• Fulfill performance requirements• Best problem solution• Do job better / faster / easier• Versatility• Excellent service• Easy to learn and use• Etc.Emagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved 28


Miller Heiman – Technical Buyer Influences• Meets specifications• Exceeds specifications• Timely delivery• Best technical solution• Discount / low bid / price• Terms and conditions• Meets legal requirements• Etc.Emagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved 29


Miller Heiman – Coaches• Coaches don’t have their own Results, only Wins• Coaches only have results if they are playing another Buying Influenceroles• Coaches want to see their Allies Win‣ They are often interested in building extended networks for futureneeds (jobs, expertise, friendship, news sources, etc.)Emagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved 30


Agenda• Persuading & Influencing Peers‣ Learn how to work with your peers at your organization to get support for your security initiatives• Methods for Acquiring Budget Increases‣ By combining proven sales techniques with security experience you can get funding for projects• Pulling Budget from Thin-air‣ When traditional approaches don’t work, what techniques can you use to make the budgetsmagically appear• ConclusionEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved 31


Budget Increasing Techniques• Win – Win• Value Based Selling• Managing From the Bottom Up• Scare Tactics• Maturity Improvement Method• Measured Revenue Generated Success• Alternative Funding Sources• Whistleblower / Internal Audit Tattletale• Capitalizing on AttacksEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved32


Win – Win• Always try to find an opportunity / solution that allows both sides of anopportunity to feel like they have won• If only one side gets value expect the opportunity to gain more budgetto fail• This is the foundation of all other approachesEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved33


Value Based Selling• As a Trusted Advisor we need to figure out the best approach‣ Only sell solutions that make sense and provide value‣ Sell only one thing at a time – Single Sales Objective‣ They should be smart, specific, measurable, achievable, realistic and timebound.• Companies need services at all levels from Tactical to Strategic‣ We use this knowledge to decide what solutions to sell• Sometimes bigger sales are easier than selling small ones as they canhave bigger impacts on improvementsEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved 34


Value Based Selling1 Year$1M Threshold – X Signatures Req’dTactical Project Unfunded Project Strategic ProjectNo RFP RFP Req’d Executive Sponsor6 Months$200k Threshold – 3X Signatures Req’dTime to Close3 Months$100k Threshold – X Signature Req’d1 Month$0 $100k $1 MillionEmagined Security -: www.emagined.com :-Copyright © 2012 All rights reserved35


Managing From the Bottom Up• Manage from the bottom up‣ Suggest options‣ When the team seams to like one‣ Restate the answer as if s/he initially came up with it‣ S/he feels like the leader and we get what we want• Know to whom you are talking‣ You may use a more formal approach if you are talking to a CTOthan a development engineer• Sell to all levels on the team‣ Everybody is just as important• Hang out with your Coach regularly‣ S/he will tell you everything you need to knowEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved36


Scare Tactics• “The sky is falling and if we don’t take cover now we may get hit”doesn’t have long term wins• This is the sleazy used car salesman approach‣ It may work once but don’t expect too many repeat performances‣ Typically leads to buyers remorse‣ Try focusing on Win – Win approaches insteadEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved37


Capitalizing on Attacks• If you are unlucky enough to suffer an attack, latch onto it to gainmomentum‣ You want to get root causes identified quickly and request budgetto close those and other key gaps‣ Typically, you will have managements attention for just a few short months‣ Move quickly or you will lose out on this opportunityEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved38


Maturity Improvement Method• Documenting where your organization stands and whereimprovements can be made can resonate with senior management‣ They respond well to charts with measureable improvements‣ Showing where your organization is in the dark ages will getmanagements attentionEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved39


Measured Revenue Generated Success• If you can measure revenue generated by the security practice you canask for a percentage back‣ Measured Revenue to the Business‣ RFPs Won Due After Security Assessment - $2.5 Million‣ Current Clients That Conducted Third Party Reviews - $2 Million‣ Revenue Supported by Security Infrastructure - $ 17 Million‣ 21.5 Million @ 5% = 1.075 Million Request For Security BudgetEnhancements‣ $ 17 + 2 + 2.5 Million = 21.5 MillionEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved40


Alternative Funding Sources• Business Lines can be a great source of funding‣ If you can tie your efforts to the business you can get funding that isnot directly budgeting for IT or the Security department‣ You can look like a hero to your management if you can bring inmillions of dollars above and beyond your traditional budgetEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved41


Whistleblower / Internal Audit Tattletale• Being a tattletale may get attention to issues you disclose• Be careful with this approach – people will most likely lose their jobsand it can backfire‣ Be prepared for the consequences if you try to be a whistleblower‣ A witch-hunt may be conducted for you or the root cause‣ Once the board / internal audit gets ahold of this information it mayburn out of controlEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved42


Agenda• Persuading & Influencing Peers‣ Learn how to work with your peers at your organization to get support for your security initiatives• Methods for Acquiring Budget Increases‣ By combining proven sales techniques with security experience you can get funding for projects• Pulling Budget from Thin-air‣ When traditional approaches don’t work, what techniques can you use to make the budgetsmagically appear• ConclusionEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved 43


Conclusion• Sales involves style as well as content• Remember, you are the best marketing representative for security• Start developing a strategy now for continuing to grow in as a TrustedAdvisor• Help is available – be sure to get it if you need it!Emagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved44


Experts In Information SecurityDavid SockolCEO & President2816 San Simeon WaySan Carlos, CA 94070(650) 593-9829email: davidsockol@emagined.comweb: www.emagined.comEmagined Security -: www.emagined.com :-Copyright © 2013 All rights reserved 45

More magazines by this user
Similar magazines