Security Experts:

10 Ways to Close That Security Sale

In my previous column, I took a look at some of the behaviors that salespeople sometimes exhibit that make it more difficult for them to close security sales. The feedback I received about that piece indicated that people very much appreciated it.  More than a few people reached out to me to request a follow-on piece around behaviors that help close security deals.

Like a good band, I am happy to take requests.  Making the effort to bridge the gap between security practitioners and others is something I am quite passionate about.  I present to you, “10 ways to close that security sale”:

1. Listen:  If I’m not mistaken, it is physically impossible to talk and listen at the same time.  The best way to understand what a customer wants or needs is simply to listen.  That means talking less, of course.  Sometimes you may need to ask a few well-placed questions to get to the core of the matter.  But once you find your way there, it’s time to close your mouth and open your ears.

2. Understand me: Just as there is a distinct difference between hearing and listening, there is also a distinct difference between listening and understanding.  I appreciate the salesperson who listens to me.  But I applaud the salesperson who can understand me.  Beyond just listening skills, understanding most often requires analytical skills alongside domain expertise that only comes with experience.  Perhaps that’s why former sales engineers often make the best sales reps.

3. Understand my challenges: Once you understand where I am coming from, I need you to understand the challenges I face.  I will tell you exactly what is important to me and what priorities I have.  The only question is whether or not you will be able to make good use of the information I give you.

4. Understand where you fit: If you listen and understand, you will know what interests me.  Then it is up to you to map my needs back to the capabilities of your solution.  The reverse approach, namely rattling off a list of capabilities and hoping I hear something that catches my attention, won’t work at all.  I need you to understand the language of the customer and to be able to help me understand how your solution can help me address my needs.

5. Articulate value: Once you understand where your solution fits, I need you to articulate its value very precisely, concisely, and clearly.  Don’t throw a drawer full of buzzwords at me.  Instead, explain how your solution addresses my pain points and concerns.  Help me understand how it saves me time, saves me money, or helps me achieve my goals and priorities.  Stick with what sticks.  Leave the noise at the door.

6. Roll with multiple use cases: Perhaps you came to see me with one or more use cases in mind.  Perhaps they are great use cases that others find great value in.  But what if I have other use cases in mind?  Will you be able to adapt on the fly, go with the flow, and help me understand if your solution can address the points I need it to address?  Or will you continually fall back on the script?  I need the former, rather than the latter.

7. Sell to all levels: Some salespeople sell only to the top level of a security organization.  Sure, it may be possible to ram a few sales down the throats of organizations that way.  But, at least in my experience, the vast majority of security leaders trust and delegate to their teams to help them evaluate different potential solutions.  That means that you will need to win support and buy-in from various levels within the organization.  It’s generally best to try and win that support and buy-in through some combination of the first six points mentioned above.  Trying to force a deal through seldom works and can often lead to a variety of other complications later on.

8. Help me sell internally: As all experienced sales professionals know, even if customers want to go forward with a purchase, they sometimes need help selling internally.  You can help me by providing me with clear and concise materials that support the points I’m looking to make in a well-articulated manner.  Neither a 52 slide PowerPoint presentation, nor a 25 page white paper are what I’m looking for here.  And marketing materials full of buzzwords won’t help me either.  I need supporting materials that can help me educate those around me why your solution is the right fit for my organization.

9. Set me up for success: If I like what you have to offer, I’ll likely become your sponsor or advocate within my organization.  So when I introduce you to others within the organization or bring you into certain meetings or discussions, do right by me.  Set me up for success.  You’ll most likely find that you will also be set up for success.

10. Stay with me post-sale: If I sponsor you and advocate for you, the last thing I expect is that you’ll disappear post-sale.  During my career, I’ve seen situations where as many as two years have gone by post-sale before anyone from the vendor even makes contact with the customer.  Sure, you won’t make any extra money in the short term by checking in, providing tips and tricks, or helping me through certain issues I may be having with the product.  But in the long run, people talk.  When renewal time comes, or when it comes time to approach that new account you want to get into, chances are people will ask me what I think.  If you abandoned me the moment the PO was received, that’s not likely to leave me with too much of a warm feeling.

view counter
Joshua Goldfarb (Twitter: @ananalytical) is an experienced information security leader with broad experience building and running Security Operations Centers (SOCs). Josh is currently Co-Founder and Chief Product Officer at IDRRA and also serves as Security Advisor to ExtraHop. Prior to joining IDRRA, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.