security buying team sport
TRANSCRIPT
Security Buying Is aTEAM SPORT
Tim WilsonEditor in Chief Dark Reading
Security Buying Is A Team Sport
October 20162
As the editor in chief of Dark Reading mdash one of the most widely read IT security news sites mdash I have an opportunity to receive email pitches
from nearly every cybersecurity vendor on the planet Irsquom not making this up Every day I get emails from security vendors ndash from the best-known such as Microsoft IBM and Symantec to companies that are just out of the garage
Some estimates state that there are as many as 3000 security vendors in the world In a recent report industry analyst Richard Stiennon counted and categorized some 1440 by name But you know whatrsquos interesting about my email inbox Nearly every one of the emails makes it sound as if the sending vendor is the only vendor in its space
Oddly enough a great deal of enterprise security wisdom follows the same logic There is constant discussion of ldquoenterprise securityrdquo in which corporations outline their own designs for defending their own critical data Even in todayrsquos IT environment in which there is news about major data breaches every day most companies still put much of the onus of defense on a few solitary souls in the information security department who are tasked with protecting all of the data of a single company
To all of these vendors and purveyors of security wisdom I politely say bunk
The security buying decisions made by todayrsquos enterprises are not made by a CISO or a security staffer but by whole committees of decision makers
Security Buying Is A Team Sport
October 20163
When was the last time you saw an enterprise security department operate entirely on its own Itrsquos never happened IT security today is a task shared by IT operations software development network operations end-user support and others The tools used by the security department ndash or at least the data that emanates from them ndash is shared by the rest of IT the CIO and business management
The security buying decisions for todayrsquos enterprises are not made by a CISO or security staffer but by whole committees of decision makers In fact 43 of security vendor decisions are made by a formal committee
Similarly when was the last time you saw an enterprise share data only with itself By definition a business is a community of suppliers contrac-tors customers and contributors ndash all hooked together in a complex web of applications and services most of which donrsquot belong to the enterprise in question Even in the data center
there are many days when the number of contractors onsite outnumber the internal staff Unless you do business in an isolation tank IT security makes no sense as a single do-it-yourself project ndash the very nature of networks means that it involves others most of whom the enterprise security department doesnrsquot control
And then there are vendors most of whom donrsquot want to acknowledge that there are other vendors in the data center much less competitors in the marketplace My email inbox is full of claims that say ldquoWersquore the only vendor doing thisrdquo But if thatrsquos true then every enterprise needs products from 1440 vendors doesnrsquot it And not one of those products will work with the others Itrsquos this sort of thinking that has caused enterprises to purchase so many single-function products ndash and itrsquos the reason why enterprises have made little progress in defending themselves from breaches despite spending more money on security than ever before
The Security Purchase Process
However selecting a vendor and purchase approval falls to IT executives
Security and IT pros work together for
68 69
38 50
of ITpros
and
say IT is incharge ofselectinga vendor
say IT is incharge ofapprovinga vendor
and
of ITpros
of Security pros
of Security pros
DeterminingNeed
Developingthe Vendor List
DefiningRequirements
Evalutating and Making a
Recommendation
Data UBM Technology Grouprsquos How The Security Buy Goes Down Research June 2016
October 20164
Security Buying Is A Team Sport
MARKETING BEST PRACTICESI submit that if you are a security vendor today mdash and you want to stand out from the other 1439 other competitors mdash itrsquos time to try a new message
Instead of denying that other vendors exist try talking about how your product works with existing technologies and makes them more useful in a whole ecosystem of security technology
Instead of making the case for how your product will help keep a single enterprise more secure make a case for how it will make the whole supply chain more secure
Instead of ferreting out CISOs or security teams to target with your message demonstrate how your technology can be used by everyone in the enterprises from the CIO to the IT operations team to the business manager In practice your technology is likely to touch
all of those people ndash and they are increasingly weighing in on the question of whether to buy your product or not
Security is a team game ndash and until the market recognizes this the goals of the security industry can never be achieved
If yoursquore a marketer you can help by developing messages in concert with other vendors and even competitors who are working on the same prob-lems You can also help by embracing the interdependence of the companies and departments you sell to Instead of focusing on a single enterprise focus on an entire supply chain And instead of choosing to sell only to the security pro or the IT manager pull all of the stakeholders together and make your case to all of them
IT security doesnrsquot work in a vacuum and your marketing message doesnrsquot either Itrsquos time to change the way we look at the security market
Security professionalsrsquo greatest concerns for their companyrsquos top executives or management
24Phishing social network exploits or other forms of social engineering
33Sophisticated attacks target directly at the organization
19The effort to accurately measure my organizationrsquos security posture andor risk
28The effort to keep my organization in compliance with industry and regulatory security guidelines
20Accidental data leaks by end users who fail to follow security policy
Security Buying Is A Team Sport
Primary online resources for reliable security information and insight
39
Blogs of security researchers and experts
IT or security news websites or media (eg Dark Reading)
Conferences trade shows conventions (eg Black Hat)
Colleagues or peers
Vulnerability reporting sites or organizations (eg US
CERT)
Social media (eg Twitter)
Google or other search engines
Security training programs or courses (eg SANS)
Security professional organizations or meetings
(eg ISC2 ISACA)
Mainstream media (eg newspapers television)
Industry groups (eg ISACs)
How to Reach the Security Buying Team
Data Black Hat Attendee Survey May 2016 250 security professionals
43
October 20165
56687071
4947
51
1919
Security is a team game ndash and until the market recognizes this the goals of the security industry can never be achieved
October 20166
Security Buying Is A Team Sport
While the folks in IT and those working with the chief security officer of
the organization would be interested in every new product coming onto the market with detailed specifications and competitive analyses most folks in the C-suite would likely lapse into a coma if offered such a level of technical detail
What the CIO needs to present to the C-suite is a security strategy The content you present should include concise explanations that include ROI about how this strategy will
bull Safeguard the company and its databull Protect customersbull Adhere to industry governance and
compliance standards
Thatrsquos where vendors can play a part by helping the CIO develop the answers to the above C-suite questions
While itrsquos essential for a vendor to discuss the deep technical details of its products what the CIO and other IT leaders need from vendors is completely different from what the frontline security and IT professionals need
CIOs need a vendor that can act as a partner in developing a security strategy and educating users Not every product sold by every security company is a candidate for this approach
Understanding the product and its use case is essential in determining which audience a vendor should be approaching If the product is a point solution buried deep in the stack it might not be something thatrsquos fit for a CIO Alternately a vendor thatrsquos selling a product or service serving a wide range of security needs and involves connecting multiple parts of the organizationrsquos infrastructure will get the CIOrsquos attention
Explaining how such a system can answer all those business questions that the pesky C-suite will ask of the CIO could do more than get the CIOrsquos attention mdash it could win the vendor a sale
Grab A CIOs Attention mdash Vendor Insights Susan Nunziata Editorial Director InformationWeek
October 20167
Security Buying Is A Team Sport
Tim WilsonEditor in Chief Dark Reading
Tim Wilson is Co-founder of DarkReadingcom UBM Americasrsquo online community for information security professionals He is responsible for managing the site assigning and editing content and writing breaking news stories Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers conducted by the SANS Institute In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media
Susan NunziataEditorial Director InformationWeek
Susan Nunziata leads the sitersquos content team and contributors to guide topics direct strategies and pursue new ideas all in the interest of sharing practicable insights with our community A native New Yorker in August 2011 Nunziata inexplicably picked up stakes and relocated to the only place in the country with a higher cost of living the San Francisco Bay Area She holds a Bachelorrsquos degree in Journalism from St Johnrsquos University in Jamaica NY
For more tech marketing insight and research visit wwwCreateYourNextCustomercom or contact us at cyncubmcom
Security Buying Is A Team Sport
October 20162
As the editor in chief of Dark Reading mdash one of the most widely read IT security news sites mdash I have an opportunity to receive email pitches
from nearly every cybersecurity vendor on the planet Irsquom not making this up Every day I get emails from security vendors ndash from the best-known such as Microsoft IBM and Symantec to companies that are just out of the garage
Some estimates state that there are as many as 3000 security vendors in the world In a recent report industry analyst Richard Stiennon counted and categorized some 1440 by name But you know whatrsquos interesting about my email inbox Nearly every one of the emails makes it sound as if the sending vendor is the only vendor in its space
Oddly enough a great deal of enterprise security wisdom follows the same logic There is constant discussion of ldquoenterprise securityrdquo in which corporations outline their own designs for defending their own critical data Even in todayrsquos IT environment in which there is news about major data breaches every day most companies still put much of the onus of defense on a few solitary souls in the information security department who are tasked with protecting all of the data of a single company
To all of these vendors and purveyors of security wisdom I politely say bunk
The security buying decisions made by todayrsquos enterprises are not made by a CISO or a security staffer but by whole committees of decision makers
Security Buying Is A Team Sport
October 20163
When was the last time you saw an enterprise security department operate entirely on its own Itrsquos never happened IT security today is a task shared by IT operations software development network operations end-user support and others The tools used by the security department ndash or at least the data that emanates from them ndash is shared by the rest of IT the CIO and business management
The security buying decisions for todayrsquos enterprises are not made by a CISO or security staffer but by whole committees of decision makers In fact 43 of security vendor decisions are made by a formal committee
Similarly when was the last time you saw an enterprise share data only with itself By definition a business is a community of suppliers contrac-tors customers and contributors ndash all hooked together in a complex web of applications and services most of which donrsquot belong to the enterprise in question Even in the data center
there are many days when the number of contractors onsite outnumber the internal staff Unless you do business in an isolation tank IT security makes no sense as a single do-it-yourself project ndash the very nature of networks means that it involves others most of whom the enterprise security department doesnrsquot control
And then there are vendors most of whom donrsquot want to acknowledge that there are other vendors in the data center much less competitors in the marketplace My email inbox is full of claims that say ldquoWersquore the only vendor doing thisrdquo But if thatrsquos true then every enterprise needs products from 1440 vendors doesnrsquot it And not one of those products will work with the others Itrsquos this sort of thinking that has caused enterprises to purchase so many single-function products ndash and itrsquos the reason why enterprises have made little progress in defending themselves from breaches despite spending more money on security than ever before
The Security Purchase Process
However selecting a vendor and purchase approval falls to IT executives
Security and IT pros work together for
68 69
38 50
of ITpros
and
say IT is incharge ofselectinga vendor
say IT is incharge ofapprovinga vendor
and
of ITpros
of Security pros
of Security pros
DeterminingNeed
Developingthe Vendor List
DefiningRequirements
Evalutating and Making a
Recommendation
Data UBM Technology Grouprsquos How The Security Buy Goes Down Research June 2016
October 20164
Security Buying Is A Team Sport
MARKETING BEST PRACTICESI submit that if you are a security vendor today mdash and you want to stand out from the other 1439 other competitors mdash itrsquos time to try a new message
Instead of denying that other vendors exist try talking about how your product works with existing technologies and makes them more useful in a whole ecosystem of security technology
Instead of making the case for how your product will help keep a single enterprise more secure make a case for how it will make the whole supply chain more secure
Instead of ferreting out CISOs or security teams to target with your message demonstrate how your technology can be used by everyone in the enterprises from the CIO to the IT operations team to the business manager In practice your technology is likely to touch
all of those people ndash and they are increasingly weighing in on the question of whether to buy your product or not
Security is a team game ndash and until the market recognizes this the goals of the security industry can never be achieved
If yoursquore a marketer you can help by developing messages in concert with other vendors and even competitors who are working on the same prob-lems You can also help by embracing the interdependence of the companies and departments you sell to Instead of focusing on a single enterprise focus on an entire supply chain And instead of choosing to sell only to the security pro or the IT manager pull all of the stakeholders together and make your case to all of them
IT security doesnrsquot work in a vacuum and your marketing message doesnrsquot either Itrsquos time to change the way we look at the security market
Security professionalsrsquo greatest concerns for their companyrsquos top executives or management
24Phishing social network exploits or other forms of social engineering
33Sophisticated attacks target directly at the organization
19The effort to accurately measure my organizationrsquos security posture andor risk
28The effort to keep my organization in compliance with industry and regulatory security guidelines
20Accidental data leaks by end users who fail to follow security policy
Security Buying Is A Team Sport
Primary online resources for reliable security information and insight
39
Blogs of security researchers and experts
IT or security news websites or media (eg Dark Reading)
Conferences trade shows conventions (eg Black Hat)
Colleagues or peers
Vulnerability reporting sites or organizations (eg US
CERT)
Social media (eg Twitter)
Google or other search engines
Security training programs or courses (eg SANS)
Security professional organizations or meetings
(eg ISC2 ISACA)
Mainstream media (eg newspapers television)
Industry groups (eg ISACs)
How to Reach the Security Buying Team
Data Black Hat Attendee Survey May 2016 250 security professionals
43
October 20165
56687071
4947
51
1919
Security is a team game ndash and until the market recognizes this the goals of the security industry can never be achieved
October 20166
Security Buying Is A Team Sport
While the folks in IT and those working with the chief security officer of
the organization would be interested in every new product coming onto the market with detailed specifications and competitive analyses most folks in the C-suite would likely lapse into a coma if offered such a level of technical detail
What the CIO needs to present to the C-suite is a security strategy The content you present should include concise explanations that include ROI about how this strategy will
bull Safeguard the company and its databull Protect customersbull Adhere to industry governance and
compliance standards
Thatrsquos where vendors can play a part by helping the CIO develop the answers to the above C-suite questions
While itrsquos essential for a vendor to discuss the deep technical details of its products what the CIO and other IT leaders need from vendors is completely different from what the frontline security and IT professionals need
CIOs need a vendor that can act as a partner in developing a security strategy and educating users Not every product sold by every security company is a candidate for this approach
Understanding the product and its use case is essential in determining which audience a vendor should be approaching If the product is a point solution buried deep in the stack it might not be something thatrsquos fit for a CIO Alternately a vendor thatrsquos selling a product or service serving a wide range of security needs and involves connecting multiple parts of the organizationrsquos infrastructure will get the CIOrsquos attention
Explaining how such a system can answer all those business questions that the pesky C-suite will ask of the CIO could do more than get the CIOrsquos attention mdash it could win the vendor a sale
Grab A CIOs Attention mdash Vendor Insights Susan Nunziata Editorial Director InformationWeek
October 20167
Security Buying Is A Team Sport
Tim WilsonEditor in Chief Dark Reading
Tim Wilson is Co-founder of DarkReadingcom UBM Americasrsquo online community for information security professionals He is responsible for managing the site assigning and editing content and writing breaking news stories Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers conducted by the SANS Institute In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media
Susan NunziataEditorial Director InformationWeek
Susan Nunziata leads the sitersquos content team and contributors to guide topics direct strategies and pursue new ideas all in the interest of sharing practicable insights with our community A native New Yorker in August 2011 Nunziata inexplicably picked up stakes and relocated to the only place in the country with a higher cost of living the San Francisco Bay Area She holds a Bachelorrsquos degree in Journalism from St Johnrsquos University in Jamaica NY
For more tech marketing insight and research visit wwwCreateYourNextCustomercom or contact us at cyncubmcom
Security Buying Is A Team Sport
October 20163
When was the last time you saw an enterprise security department operate entirely on its own Itrsquos never happened IT security today is a task shared by IT operations software development network operations end-user support and others The tools used by the security department ndash or at least the data that emanates from them ndash is shared by the rest of IT the CIO and business management
The security buying decisions for todayrsquos enterprises are not made by a CISO or security staffer but by whole committees of decision makers In fact 43 of security vendor decisions are made by a formal committee
Similarly when was the last time you saw an enterprise share data only with itself By definition a business is a community of suppliers contrac-tors customers and contributors ndash all hooked together in a complex web of applications and services most of which donrsquot belong to the enterprise in question Even in the data center
there are many days when the number of contractors onsite outnumber the internal staff Unless you do business in an isolation tank IT security makes no sense as a single do-it-yourself project ndash the very nature of networks means that it involves others most of whom the enterprise security department doesnrsquot control
And then there are vendors most of whom donrsquot want to acknowledge that there are other vendors in the data center much less competitors in the marketplace My email inbox is full of claims that say ldquoWersquore the only vendor doing thisrdquo But if thatrsquos true then every enterprise needs products from 1440 vendors doesnrsquot it And not one of those products will work with the others Itrsquos this sort of thinking that has caused enterprises to purchase so many single-function products ndash and itrsquos the reason why enterprises have made little progress in defending themselves from breaches despite spending more money on security than ever before
The Security Purchase Process
However selecting a vendor and purchase approval falls to IT executives
Security and IT pros work together for
68 69
38 50
of ITpros
and
say IT is incharge ofselectinga vendor
say IT is incharge ofapprovinga vendor
and
of ITpros
of Security pros
of Security pros
DeterminingNeed
Developingthe Vendor List
DefiningRequirements
Evalutating and Making a
Recommendation
Data UBM Technology Grouprsquos How The Security Buy Goes Down Research June 2016
October 20164
Security Buying Is A Team Sport
MARKETING BEST PRACTICESI submit that if you are a security vendor today mdash and you want to stand out from the other 1439 other competitors mdash itrsquos time to try a new message
Instead of denying that other vendors exist try talking about how your product works with existing technologies and makes them more useful in a whole ecosystem of security technology
Instead of making the case for how your product will help keep a single enterprise more secure make a case for how it will make the whole supply chain more secure
Instead of ferreting out CISOs or security teams to target with your message demonstrate how your technology can be used by everyone in the enterprises from the CIO to the IT operations team to the business manager In practice your technology is likely to touch
all of those people ndash and they are increasingly weighing in on the question of whether to buy your product or not
Security is a team game ndash and until the market recognizes this the goals of the security industry can never be achieved
If yoursquore a marketer you can help by developing messages in concert with other vendors and even competitors who are working on the same prob-lems You can also help by embracing the interdependence of the companies and departments you sell to Instead of focusing on a single enterprise focus on an entire supply chain And instead of choosing to sell only to the security pro or the IT manager pull all of the stakeholders together and make your case to all of them
IT security doesnrsquot work in a vacuum and your marketing message doesnrsquot either Itrsquos time to change the way we look at the security market
Security professionalsrsquo greatest concerns for their companyrsquos top executives or management
24Phishing social network exploits or other forms of social engineering
33Sophisticated attacks target directly at the organization
19The effort to accurately measure my organizationrsquos security posture andor risk
28The effort to keep my organization in compliance with industry and regulatory security guidelines
20Accidental data leaks by end users who fail to follow security policy
Security Buying Is A Team Sport
Primary online resources for reliable security information and insight
39
Blogs of security researchers and experts
IT or security news websites or media (eg Dark Reading)
Conferences trade shows conventions (eg Black Hat)
Colleagues or peers
Vulnerability reporting sites or organizations (eg US
CERT)
Social media (eg Twitter)
Google or other search engines
Security training programs or courses (eg SANS)
Security professional organizations or meetings
(eg ISC2 ISACA)
Mainstream media (eg newspapers television)
Industry groups (eg ISACs)
How to Reach the Security Buying Team
Data Black Hat Attendee Survey May 2016 250 security professionals
43
October 20165
56687071
4947
51
1919
Security is a team game ndash and until the market recognizes this the goals of the security industry can never be achieved
October 20166
Security Buying Is A Team Sport
While the folks in IT and those working with the chief security officer of
the organization would be interested in every new product coming onto the market with detailed specifications and competitive analyses most folks in the C-suite would likely lapse into a coma if offered such a level of technical detail
What the CIO needs to present to the C-suite is a security strategy The content you present should include concise explanations that include ROI about how this strategy will
bull Safeguard the company and its databull Protect customersbull Adhere to industry governance and
compliance standards
Thatrsquos where vendors can play a part by helping the CIO develop the answers to the above C-suite questions
While itrsquos essential for a vendor to discuss the deep technical details of its products what the CIO and other IT leaders need from vendors is completely different from what the frontline security and IT professionals need
CIOs need a vendor that can act as a partner in developing a security strategy and educating users Not every product sold by every security company is a candidate for this approach
Understanding the product and its use case is essential in determining which audience a vendor should be approaching If the product is a point solution buried deep in the stack it might not be something thatrsquos fit for a CIO Alternately a vendor thatrsquos selling a product or service serving a wide range of security needs and involves connecting multiple parts of the organizationrsquos infrastructure will get the CIOrsquos attention
Explaining how such a system can answer all those business questions that the pesky C-suite will ask of the CIO could do more than get the CIOrsquos attention mdash it could win the vendor a sale
Grab A CIOs Attention mdash Vendor Insights Susan Nunziata Editorial Director InformationWeek
October 20167
Security Buying Is A Team Sport
Tim WilsonEditor in Chief Dark Reading
Tim Wilson is Co-founder of DarkReadingcom UBM Americasrsquo online community for information security professionals He is responsible for managing the site assigning and editing content and writing breaking news stories Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers conducted by the SANS Institute In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media
Susan NunziataEditorial Director InformationWeek
Susan Nunziata leads the sitersquos content team and contributors to guide topics direct strategies and pursue new ideas all in the interest of sharing practicable insights with our community A native New Yorker in August 2011 Nunziata inexplicably picked up stakes and relocated to the only place in the country with a higher cost of living the San Francisco Bay Area She holds a Bachelorrsquos degree in Journalism from St Johnrsquos University in Jamaica NY
For more tech marketing insight and research visit wwwCreateYourNextCustomercom or contact us at cyncubmcom
October 20164
Security Buying Is A Team Sport
MARKETING BEST PRACTICESI submit that if you are a security vendor today mdash and you want to stand out from the other 1439 other competitors mdash itrsquos time to try a new message
Instead of denying that other vendors exist try talking about how your product works with existing technologies and makes them more useful in a whole ecosystem of security technology
Instead of making the case for how your product will help keep a single enterprise more secure make a case for how it will make the whole supply chain more secure
Instead of ferreting out CISOs or security teams to target with your message demonstrate how your technology can be used by everyone in the enterprises from the CIO to the IT operations team to the business manager In practice your technology is likely to touch
all of those people ndash and they are increasingly weighing in on the question of whether to buy your product or not
Security is a team game ndash and until the market recognizes this the goals of the security industry can never be achieved
If yoursquore a marketer you can help by developing messages in concert with other vendors and even competitors who are working on the same prob-lems You can also help by embracing the interdependence of the companies and departments you sell to Instead of focusing on a single enterprise focus on an entire supply chain And instead of choosing to sell only to the security pro or the IT manager pull all of the stakeholders together and make your case to all of them
IT security doesnrsquot work in a vacuum and your marketing message doesnrsquot either Itrsquos time to change the way we look at the security market
Security professionalsrsquo greatest concerns for their companyrsquos top executives or management
24Phishing social network exploits or other forms of social engineering
33Sophisticated attacks target directly at the organization
19The effort to accurately measure my organizationrsquos security posture andor risk
28The effort to keep my organization in compliance with industry and regulatory security guidelines
20Accidental data leaks by end users who fail to follow security policy
Security Buying Is A Team Sport
Primary online resources for reliable security information and insight
39
Blogs of security researchers and experts
IT or security news websites or media (eg Dark Reading)
Conferences trade shows conventions (eg Black Hat)
Colleagues or peers
Vulnerability reporting sites or organizations (eg US
CERT)
Social media (eg Twitter)
Google or other search engines
Security training programs or courses (eg SANS)
Security professional organizations or meetings
(eg ISC2 ISACA)
Mainstream media (eg newspapers television)
Industry groups (eg ISACs)
How to Reach the Security Buying Team
Data Black Hat Attendee Survey May 2016 250 security professionals
43
October 20165
56687071
4947
51
1919
Security is a team game ndash and until the market recognizes this the goals of the security industry can never be achieved
October 20166
Security Buying Is A Team Sport
While the folks in IT and those working with the chief security officer of
the organization would be interested in every new product coming onto the market with detailed specifications and competitive analyses most folks in the C-suite would likely lapse into a coma if offered such a level of technical detail
What the CIO needs to present to the C-suite is a security strategy The content you present should include concise explanations that include ROI about how this strategy will
bull Safeguard the company and its databull Protect customersbull Adhere to industry governance and
compliance standards
Thatrsquos where vendors can play a part by helping the CIO develop the answers to the above C-suite questions
While itrsquos essential for a vendor to discuss the deep technical details of its products what the CIO and other IT leaders need from vendors is completely different from what the frontline security and IT professionals need
CIOs need a vendor that can act as a partner in developing a security strategy and educating users Not every product sold by every security company is a candidate for this approach
Understanding the product and its use case is essential in determining which audience a vendor should be approaching If the product is a point solution buried deep in the stack it might not be something thatrsquos fit for a CIO Alternately a vendor thatrsquos selling a product or service serving a wide range of security needs and involves connecting multiple parts of the organizationrsquos infrastructure will get the CIOrsquos attention
Explaining how such a system can answer all those business questions that the pesky C-suite will ask of the CIO could do more than get the CIOrsquos attention mdash it could win the vendor a sale
Grab A CIOs Attention mdash Vendor Insights Susan Nunziata Editorial Director InformationWeek
October 20167
Security Buying Is A Team Sport
Tim WilsonEditor in Chief Dark Reading
Tim Wilson is Co-founder of DarkReadingcom UBM Americasrsquo online community for information security professionals He is responsible for managing the site assigning and editing content and writing breaking news stories Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers conducted by the SANS Institute In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media
Susan NunziataEditorial Director InformationWeek
Susan Nunziata leads the sitersquos content team and contributors to guide topics direct strategies and pursue new ideas all in the interest of sharing practicable insights with our community A native New Yorker in August 2011 Nunziata inexplicably picked up stakes and relocated to the only place in the country with a higher cost of living the San Francisco Bay Area She holds a Bachelorrsquos degree in Journalism from St Johnrsquos University in Jamaica NY
For more tech marketing insight and research visit wwwCreateYourNextCustomercom or contact us at cyncubmcom
Security Buying Is A Team Sport
Primary online resources for reliable security information and insight
39
Blogs of security researchers and experts
IT or security news websites or media (eg Dark Reading)
Conferences trade shows conventions (eg Black Hat)
Colleagues or peers
Vulnerability reporting sites or organizations (eg US
CERT)
Social media (eg Twitter)
Google or other search engines
Security training programs or courses (eg SANS)
Security professional organizations or meetings
(eg ISC2 ISACA)
Mainstream media (eg newspapers television)
Industry groups (eg ISACs)
How to Reach the Security Buying Team
Data Black Hat Attendee Survey May 2016 250 security professionals
43
October 20165
56687071
4947
51
1919
Security is a team game ndash and until the market recognizes this the goals of the security industry can never be achieved
October 20166
Security Buying Is A Team Sport
While the folks in IT and those working with the chief security officer of
the organization would be interested in every new product coming onto the market with detailed specifications and competitive analyses most folks in the C-suite would likely lapse into a coma if offered such a level of technical detail
What the CIO needs to present to the C-suite is a security strategy The content you present should include concise explanations that include ROI about how this strategy will
bull Safeguard the company and its databull Protect customersbull Adhere to industry governance and
compliance standards
Thatrsquos where vendors can play a part by helping the CIO develop the answers to the above C-suite questions
While itrsquos essential for a vendor to discuss the deep technical details of its products what the CIO and other IT leaders need from vendors is completely different from what the frontline security and IT professionals need
CIOs need a vendor that can act as a partner in developing a security strategy and educating users Not every product sold by every security company is a candidate for this approach
Understanding the product and its use case is essential in determining which audience a vendor should be approaching If the product is a point solution buried deep in the stack it might not be something thatrsquos fit for a CIO Alternately a vendor thatrsquos selling a product or service serving a wide range of security needs and involves connecting multiple parts of the organizationrsquos infrastructure will get the CIOrsquos attention
Explaining how such a system can answer all those business questions that the pesky C-suite will ask of the CIO could do more than get the CIOrsquos attention mdash it could win the vendor a sale
Grab A CIOs Attention mdash Vendor Insights Susan Nunziata Editorial Director InformationWeek
October 20167
Security Buying Is A Team Sport
Tim WilsonEditor in Chief Dark Reading
Tim Wilson is Co-founder of DarkReadingcom UBM Americasrsquo online community for information security professionals He is responsible for managing the site assigning and editing content and writing breaking news stories Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers conducted by the SANS Institute In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media
Susan NunziataEditorial Director InformationWeek
Susan Nunziata leads the sitersquos content team and contributors to guide topics direct strategies and pursue new ideas all in the interest of sharing practicable insights with our community A native New Yorker in August 2011 Nunziata inexplicably picked up stakes and relocated to the only place in the country with a higher cost of living the San Francisco Bay Area She holds a Bachelorrsquos degree in Journalism from St Johnrsquos University in Jamaica NY
For more tech marketing insight and research visit wwwCreateYourNextCustomercom or contact us at cyncubmcom
October 20166
Security Buying Is A Team Sport
While the folks in IT and those working with the chief security officer of
the organization would be interested in every new product coming onto the market with detailed specifications and competitive analyses most folks in the C-suite would likely lapse into a coma if offered such a level of technical detail
What the CIO needs to present to the C-suite is a security strategy The content you present should include concise explanations that include ROI about how this strategy will
bull Safeguard the company and its databull Protect customersbull Adhere to industry governance and
compliance standards
Thatrsquos where vendors can play a part by helping the CIO develop the answers to the above C-suite questions
While itrsquos essential for a vendor to discuss the deep technical details of its products what the CIO and other IT leaders need from vendors is completely different from what the frontline security and IT professionals need
CIOs need a vendor that can act as a partner in developing a security strategy and educating users Not every product sold by every security company is a candidate for this approach
Understanding the product and its use case is essential in determining which audience a vendor should be approaching If the product is a point solution buried deep in the stack it might not be something thatrsquos fit for a CIO Alternately a vendor thatrsquos selling a product or service serving a wide range of security needs and involves connecting multiple parts of the organizationrsquos infrastructure will get the CIOrsquos attention
Explaining how such a system can answer all those business questions that the pesky C-suite will ask of the CIO could do more than get the CIOrsquos attention mdash it could win the vendor a sale
Grab A CIOs Attention mdash Vendor Insights Susan Nunziata Editorial Director InformationWeek
October 20167
Security Buying Is A Team Sport
Tim WilsonEditor in Chief Dark Reading
Tim Wilson is Co-founder of DarkReadingcom UBM Americasrsquo online community for information security professionals He is responsible for managing the site assigning and editing content and writing breaking news stories Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers conducted by the SANS Institute In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media
Susan NunziataEditorial Director InformationWeek
Susan Nunziata leads the sitersquos content team and contributors to guide topics direct strategies and pursue new ideas all in the interest of sharing practicable insights with our community A native New Yorker in August 2011 Nunziata inexplicably picked up stakes and relocated to the only place in the country with a higher cost of living the San Francisco Bay Area She holds a Bachelorrsquos degree in Journalism from St Johnrsquos University in Jamaica NY
For more tech marketing insight and research visit wwwCreateYourNextCustomercom or contact us at cyncubmcom
October 20167
Security Buying Is A Team Sport
Tim WilsonEditor in Chief Dark Reading
Tim Wilson is Co-founder of DarkReadingcom UBM Americasrsquo online community for information security professionals He is responsible for managing the site assigning and editing content and writing breaking news stories Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers conducted by the SANS Institute In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media
Susan NunziataEditorial Director InformationWeek
Susan Nunziata leads the sitersquos content team and contributors to guide topics direct strategies and pursue new ideas all in the interest of sharing practicable insights with our community A native New Yorker in August 2011 Nunziata inexplicably picked up stakes and relocated to the only place in the country with a higher cost of living the San Francisco Bay Area She holds a Bachelorrsquos degree in Journalism from St Johnrsquos University in Jamaica NY
For more tech marketing insight and research visit wwwCreateYourNextCustomercom or contact us at cyncubmcom