Security Experts:

Get to the Point! Questions You Should Ask Every Security Vendor

What Questions Should You Be Asking Security Vendors?

Here’s a concept that may help security vendors shorten sales cycles and gain a more captive and receptive audience amongst prospective buyers - Get to the point. The process of talking in circles and using buzz words and jargon such as “operational efficiency” and “increased functionality” is not a new phenomenon in the world of technology, but it does seem to be on the rise in the security industry.

In the same way an overabundance of hype has deflected attention away from the seriousness of cyber threats and the importance of stringent security protocols, the sales strategy of “being vague” many vendors are currently employing discredits what so many credible companies have worked hard to achieve. Our job as security vendors is to solve specific problems with proven technology that was developed through years of testing and research , not jump on the latest trend with an “us too” proposition. 

Question MarkIf I were in the position to make purchasing decisions for security products and services, I would create a checklist of questions for every vendor I interviewed and if they couldn’t provide me with a straightforward answer to each one of them, I would drop them from consideration. The following is a list of questions that I recommend everyone ask as an initial filter and you can build out and customize this list as needed as you get further along in the purchasing process.

1. What does your product do? – Seems simple enough to answer, but you’d be amazed at how many companies can’t provide a straightforward and specific answer to this question. This is where we get into the catch phrases and the buzz words. They are so concerned with appealing to the widest audience possible that they are afraid to tell you specifically what their product can and can’t do. Any vendor worth talking to should have enough confidence in what they do to allow the solution to stand on its own merits.

2. Where have you spent the bulk of your research and development budget over the past three to four years? – This question is designed to weed out the trend jumpers and to ensure that you are investing in a company with the requisite knowledge base and experience to solve the intended problems. We have all witnessed the bandwagon jumping that takes place in the technology space around the hot issues. All you have to do is take stock of how many tech vendors have claimed to be cloud and big data experts over the past few years to confirm that few big trends in technology escape the mob mentality.

3. What is the definitive value add? – Simply put, what am I buying myself in terms of a return on investment with this solution? Can they quantify the savings or the increased value received, or will they offer up the standard increased efficiency line. In order for me to make an investment in a new solution, I need to have quantifiable proof that what I’m getting either produces a significant savings or provides a new and tangible benefit I’m not receiving from my current solution.

4. When will I receive a benefit or return? Security is a “right now” type of business. If an organization is serious about investing in a new solution, it’s likely because they have a risk or a vulnerability that they have determined is unacceptable. Therefore, they want that shored up yesterday, not six months to a year from now. Proven security solutions built upon solid research and design should begin paying dividends quickly.

5. What am I getting from doing business with your company? I want to know up front that if I purchase a product or solution from you what I can expect in terms of service and support. I want definitive timelines and check points from the point of sale until we are fully operational. Security is about solving problems, not creating headaches.

I understand that no two situations are ever entirely the same and that circumstances can sometimes necessitate different approaches to security partners and vendors. However, you should always have the expectation that your provider should be able to clearly articulate their value proposition. If you are speaking with security vendors in the first place, you obviously have identified a need in your organization for a complimentary or more sophisticated solution to what you already have in place.

My advice is to not waste your time combing through a bunch of “me too” vendors just hoping to take advantage of the latest news cycle and industry buzz. Make them earn your business by delivering a clear and concise plan to meet the needs of your company.

I can’t think of a better way to begin any of these conversations than by simply asking them to get to the point, and quickly. Security waits for no one.

Mark Hatton is president and CEO of CORE Security. Prior to joining CORE, Hatton was president of North American operations for Sophos. He has held senior roles with companies ranging from venture capital-backed, early-stage software vendors to a Fortune 500 information technology services and distribution organization. Hatton holds an MBA from Boston University, Massachusetts and a BA Communication from Westfield State College, Massachusetts.