Ask any CISO how they feel about sales pitches and be prepared for a litany of sins. But when do these legitimate complaints cross the line to sounding entitled?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Emily Heath, general partner, Cyberstarts.
Got feedback? Join the conversation on LinkedIn.
Huge thanks to our sponsor, SquareX
Find out more at sqrx.com.
Full Transcript
[David Spark] Ask any CISO how they feel about sales pitches and be prepared for a litany of sins, but when do these legitimate complaints cross the line to sounding entitled?
[Voiceover] You’re listening to Defense in Depth.
[David Spark] Welcome to Defense in Depth. My name is David Spark. I’m the producer of the CISO Series and joining me, it’s your favorite or one of your favorite co-hosts of the CISO Series. It’s Geoff Belknap. He’s the CISO of LinkedIn. Say hello to the friendly audience, Geoff.
[Geoff Belknap] Hey, everybody. And I just want to be clear, David, you are my favorite producer of the CISO Series. Of all of the Defense in Depth podcast shows, you’re my favorite.
[David Spark] Well, I want you to know we also have the producers, Aaron and Andrew and Rich.
[Geoff Belknap] Of this particular show, you know what?
[David Spark] This particular show.
[Geoff Belknap] You are top five. You are in the top five.
[David Spark] Oh, there’s another one that we haven’t hired.
[Laughter]
[Geoff Belknap] I just want to say you’re right up there, buddy.
[David Spark] Thank you very much, Geoff. Our sponsor for today’s episode is SquareX. Be fearless online. You know what that means? SquareX, it’s a browser extension, allows you to open even suspicious or malicious resources fearlessly. More about that later in the show. But first, Geoff, let’s talk about today’s topic. Do CISOs need to show a little more empathy towards sales? And this is what Chris Hughes of IKEA argued in a recent LinkedIn post. After all, a lot of the time and resource constraints faced by sales staff probably sounds familiar to security teams. So how can CISOs communicate constructive feedback to sales teams without sounding like a jerk, which I think many of them do, sadly? Geoff, what are your thoughts on this?
[Geoff Belknap] I think a little bit of self-reflection. I have 100% been this jerk at some point in my past, hopefully not today or anything like that. But it’s very understandable to me that my peers and people that are leaders in the community get frustrated by sales. It is a part of the job, though. You can also get frustrated by the lack of resources. You can get frustrated by how much work there is to do. And I think this is something where we can always have this conversation, I feel like we come back to this productively maybe once a year on this show, and just talk about how to make this better. And just yelling at our friends on the sales side of things is not making it better. We should invest in helping them understand how to talk to us better, and I think we have a great guest for that today.
[David Spark] We do have a great guest, a recovering CISO herself. She’s now currently the general partner over at Cyberstarts, Emily Heath. Emily, thank you so much for joining us.
[Emily Heath] Thank you so much for having me. I love listening to your show. And I know we’ve been trying to get on the show together for some time and now we’re making it real.
[David Spark] It’s happening!
[Emily Heath] Yes. Thank you.
What would a successful engagement look like?
3:02.688
[David Spark] Stuart Mitchell of Hampton North said, “Most CISO salaries come from their sales teams.” At most, yeah, I would say that. So they are likely, the sales team, going out and doing the exact same things to other industries. That includes LinkedIn outreach, email campaigns, and cold calling. Are there folks who cross the line? Sure. But sales is the lifeblood of every company and it’s putting food on your family’s table. And Fernando Montenegro of Omdia said, “I see both sides. The issue that a lot of CISOs have is that many sales organizations incentivize poor practices for outreach that end up swamping the potential prospects.” I like both of these quotes, but I want to lean a little bit on that last one Fernando made, Geoff. I think it’s not just so much poor practices, but their performance is measured in a way that causes them to do these practices. I think it has to do with how they’re being measured. Now, I don’t have an answer for this, and I’ve brought this up many times before, but I think it really is kind of a top-down issue. Geoff?
[Geoff Belknap] Yeah, absolutely. Like most things, if you’re feeling pain and friction and you’re right in the middle of it, and especially in security, it’s usually a story of misaligned incentives. And I think it’s really important, my friend Stuart Mitchell points out here, that it’s important to separate the salesperson from the sales function. The sales function of any organization, which she, absolutely correct, is absolutely critical. The salespeople are not deciding to annoy you and to bother you. That is the furthest thing from their intent. But they are trying to do their job, which is very challenging. And I think not unlike a security leader’s job, when we’re talking about trying to speak to partner executives about patching or other things that they are really not interested in hearing about and would rather do their job without thinking about. And in this case, we just have to have a little empathy that they’re doing a job. And I think certainly we can find it annoying, or we can find it helpful, whatever it is, but it doesn’t really entitle us to go complain that salespeople exist. I think that’s where we need to draw the line and really focus on there reasonably does have to be a way to reach security people with new products and services that are out there. I have an interest in hearing about those things. And it is in our best interest as leaders to help people understand a better way to reach us.
[David Spark] So, Emily, I mean, you very much have lived both sides of this equation, currently are living both sides of this equation. What is something healthier that’s happening right now, if you will?
[Emily Heath] Yeah, I’ve seen this. I’ve absolutely seen it on both sides. And I remember in those CISO days, kind of you’re getting the 50 outreaches a day and going through your email first thing in the morning to just clean it up before you can even start to focus. It’s just not a way that really grabs people’s attention. And it’s like, as Geoff says, it’s not anybody’s intent to come and do that right off the bat to annoy people, but good salespeople, and I see this on both sides of the equation now working with startups that have their own sales teams and on the other side being sold to, really good salespeople build connections. They are good listeners. They really listen to the problems that I have. And they’re honest about whether or not they and their solution can actually solve it. If you’re looking for an email security solution and you’re talking to a network security provider, you’re not going to be the right people. So there’s an honesty fact here. And I think there’s a part of sales and negotiations and building relationships with people that I’m still very good friends with a lot of salespeople who’ve tried to sell me things in the past. And it’s because they’ve taken the approach that they’re playing the long game, they’re building relationships. It might not be a solution for me now, but it might be something that I’m interested in in the future, and it’s the relationship.
[David Spark] Have you ever, like you said, I have a good relationship with a salesperson who’s been honest with me, and you’ve never purchased from them before, but have you referred that person to other people?
[Emily Heath] Yes, without doubt. And I can think of one right off the top of my head. There is a VP of sales that I won’t name companies, but was at a company that I did not buy from, who now leads a CRO, one of the startups that comes in the Cyberstarts’ portfolio, he’s on the CRO for one of our companies, and he’s someone that I personally referred and someone that I can personally vouch for as an incredible human being and a great sales leader, but I didn’t buy from them.
[Geoff Belknap] I’ve absolutely done the same thing. I also think this is a really important point to make. You build relationships with the people that you find value from either because they’re connecting you with other people, they have interesting products, they just get you, whatever that might be. But the real key to unlocking value in the sort of CISO vendor relationship area is set some boundaries. If this person is talking to you and you are not interested in the product, the best thing you can do is to tell them straight up in a very respectful way, “I don’t have interest for this,” or “This isn’t a product that I have a need for.” And that’s fine. And you can just like… They are done now. And at that point, you are welcome if they become an annoyance to block them or do whatever you need to do, but the easiest thing you can do is just be direct with people. If you’re buying, tell them you’re interested. If you’re not buying, tell them you’re not buying. Just respond in some way and then move on.
[David Spark] And let me just add to that and what also Emily said. The value though, that they were communicating with you, and it’s if they can just leave you with, “We’re the company does email security right,” or whatever it is. So that that one little tidbit stays with you that when you get someone who is concerned about email security, you go, “Oh, I just happened to talk to somebody wasn’t right for me, but maybe you want to talk to them,” kind of a thing.
[Geoff Belknap] Absolutely.
[Emily Heath] At the end of the day, look, it’s human nature. People want to work with people that they like.
Who can solve this?
9:10.588
[David Spark] Billy Belleville – by the way, love how that goes together – Billy Belleville of Blackberry said, “I think salespeople need to take a lesson from hackers. Brute force,” so cold calling, emailing every CISO in ZoomInfo, “Takes an incredible amount of resources and bears hardly any fruit. Social engineering, creating content about what is different about your offer, and then letting people come to you bears more fruit and costs far less.” Jane Frankland of KnewStart said, “Salespeople need to step up. There’s a way to help them do that, which some CISOs do by writing or doing talks. All communication represents your personal brand, so it should be clear and well considered before releasing.” So, Emily, the advice here that both Billy and Jane offer is, “Hey, take a cue what other security professionals are doing in the marketplace.” Have you seen this?
[Emily Heath] I see this all day, every day, literally. And we’ve all been on the receiving end of really good experiences and really bad experiences. And the brute force versus social engineering, I love, right? I really love this kind of concept because it’s almost doing your reconnaissance, knowing your audience, knowing who you’re going to be talking to. And it makes such a huge difference. But this sounds like a bit of a cliche, but the tone really does start at the top. I work with many CEOs now of cyber startup companies, and some of them have this incredible ability to connect with customers. And what is it about them that really sets the tone that then kind of infiltrates its way through the sales organization? They care deeply about the problem. They’re very mission-driven people. They care about their customers. They’re not just out there to sell a solution to somebody. They genuinely want to move the needle and they genuinely want to help. What happens is salespeople tend to mirror that kind of vision. They tend to mirror the behaviors.
On the flip side, I’ve seen some really aggressive CEOs. They’re wonderful humans, but their approach and their style might be a little more aggressive. And when you see that, when they want that deal at any cost, sometimes you hear them smack talking competition and on the receiving end, nobody wants to hear that. CISOs don’t want to hear that. And it’s not through bad intent. It’s just they get maybe a little ahead of themselves, a little carried away. But what happens with their salespeople? Their salespeople mirror those behaviors. And so it is a little bit of a cliche, but I’ve seen it time and time again, that the tone of an organization, when done really, really well, it’s like any aspect of leadership and business. When the leadership and the tone and the authenticity and the accountability that you take is really critical. People walk the walk. And I’ve seen it done really well, and I’ve seen it done in ways that are perhaps a little aggressive, but when it works well, it works really well.
[David Spark] Geoff, your experience?
[Geoff Belknap] I have nothing to add beyond what Emily already said, which was perfect. The additional thing I’ll say is this job of salespeople and marketers especially was probably a lot easier when everyone had flush budgets and there was free investment money. But the lesson I don’t think everybody took away is you have to make those connections. You cannot boiler room your way through cybersecurity sales. You will hurt your brand and you just won’t do as well. And I think this is where either marketing teams have to get involved or heads of sales have to really think about. Your brand, especially in cybersecurity, which is a very small community and has a very long memory, is really important.
If your brand is being initially established with I’m texting, phone calling, emailing people’s personal emails, sending them stuff at work, anything to get their attention, that is not a great foot to start on. You have to start by understanding who needs certain solutions and helping people understand what you offer that differentiates yourself in the marketplace. And then you have to engage with the community in a way that has them coming to you when they’ve got that information. If you’re going to be aggressive about it, it is going to go poorly and we’re going to get more of these posts that, let’s be frank, salespeople hate them, but CISOs hate them as well. And while we might like to indulge in some rage posting on LinkedIn occasionally, it’s not really good for the industry. What is good for the industry is having an opportunity to talk to people that are doing something new. And I realize if I’m a startup, that is a very challenging space to be in, but you can’t just blunt force it. You have to be thoughtful.
Sponsor – SquareX
14:03.143
[David Spark] Before we go on any further, I do want to tell you about our absolutely awesome sponsor, our brand-new sponsor, that’s SquareX. SquareX empowers organizations to detect, mitigate, and threat hunt web attacks against their enterprise users in real time. As we all know, traditional SASE or SSE secure web gateways can’t stop modern web threats that happen on the client side, and endpoint security companies have no visibility into what happens in the browser during a client-side web attack, leaving an organization vulnerable.
SquareX, with its innovative approach, bridges the gap. Their browser-native security product, which deploys within minutes as a browser extension, safeguards enterprise users from a spectrum of web-based threats, encompassing malicious files, websites, scripts, and compromised networks. SquareX offers full visibility into the attack chain, enabling enterprises to effectively threat hunt and identify similar attacks across their networks. You can learn more about protecting your enterprise users against web attacks with SquareX at sqrx.com. Don’t wait for threats to reach your enterprise. Stop them where they start with SquareX. Remember, sqrx.com.
What is everyone complaining about?
15:29.082
[David Spark] Jim Bowker of Mintz Levin said, “As someone on the receiving end of all those calls, it can be a bit overwhelming, and we can lose patience after a while. I quit reading emails from salespeople a few years ago because if I didn’t, I would be unable to perform my job. I also quit answering my phone unless it’s an internal call or someone I know. I could easily devote 40 hours a week in doing nothing more than answering sales emails and phone calls. I’m not going to give much leeway to those folks. The problem is that it’s oversaturated, and while you only want 15 minutes of my time, so do the 187 people who reached out to me.” Nick VanGilder of Regions Bank said, “If you tell a sales rep no or that you are not interested, they rarely respect it. They seem trained to see it as a challenge of sorts to continue to reach out.” Something you were talking about, Emily. “And I get that the idea that CISOs should show empathy and humility, but in my experience, sales reps rarely show the same. I think the empathy and humility should start with the person asking for your time and money, not the other way around.” Ooh, a little spicy, a little claws went out on that one.
[Emily Heath] [Laughter] A little.
[David Spark] I mean, I get it. To me, I see the jack-in-the-box metaphor. It’s like every crank in the [Inaudible 00:16:55], and it just happens this one salesperson who just out of the blue just because they’re all of a sudden getting the wrath, but there was like 120 that could have gotten it prior to them. I think just people get a little exhausted, like, “I’m just trying to do my job.” And I must say I get similar things too, and it’s annoying. More importantly, I get annoyed when it’s so bogus, the pitch. That’s when I only kind of go off. By the way, I should tell you, we get these blankets, like, “I love listening to your show. Your show is great. I love how you talk to people and get interesting things out of them,” which you could write to anybody. And I got one the other day where their mail merge failed, and you could see that my name and company and show name were eliminated. We get those all the time. So those people deserve it in my mind, but everyone else, they don’t necessarily. Geoff?
[Geoff Belknap] Yeah, I think you’re on to something here. But it’s also a reminder, look, CISOs, we are not the only people being sold or marketed to. I know it feels that way sometimes. And I 100% agree, we are higher than average for most people. The thing to keep in mind, and I hate that this is true, but I basically have to do what Jim does. I have to move all my external email to a different box. I have to just not answer my phone in many cases for most calls because frankly, I’ve been doing this long enough, enough people have handed my cell phone number out to people that I get cold calls on my mobile phone, which I find infuriating. But what I remind myself is, these people don’t know that they’re annoying me or calling my cell phone or whatever.
And certainly, the jack-in-the-box syndrome is real. There are people that are overly persistent, or that send just an obnoxious email. I’m, as a side note, a inverse/not fan of the emails that are like, “You’ve been breached,” and then that is the subject line, and then the body says, “That’s what could happen to you if you don’t respond to my email.” Like, those are the things that trigger us and send CISOs running for LinkedIn to flame salespeople. And it’s really unfair because you know what? There are more salespeople that are trying to build connection and to genuinely meet people and talk about their product and how it differentiates itself in the market. And these people, especially the boiler room business development sales model, it gives everybody else a bad name.
I think the best thing that we could possibly do for ourselves is if you are a CISO or security leader that is inundated with outreach, you have to flip the script. And this is where I’ve done this before, and we’ve talked about this in other shows. And I think our friend of the show, Allan Alford has done it, set up some times. Publicly announced that you will do an hour every Friday a month or whatever it might be and tell people exactly what you are interested in hearing about, whether it’s startups, or you want to hear about CSPM, or whatever it might be. You can control what comes to you, and you can manage that, and that is a much better place. And I will tell you, the people that come to those meetings are so thrilled to have the opportunity, and it’s such a productive discussion, that it will really be productive.
[David Spark] It saves everyone time. And also, let me just point out, the huge advantage of this, Emily, is say I’m looking for a CSPM, and I say that’s what I’m looking for. And yeah, sure, the floodgates open from vendors, but think about how much knowledge one could gain. Even if I just talk to three companies who do this, I would gain an enormous amount of knowledge. Why wouldn’t you want to do that?
[Emily Heath] Exactly right. I mean, it’s literally choose your battles and find a way to turn this, as Geoff says, flip the script, and do it in a different way that works for you. It’s not going to go away. And those days of having the 50, 60, 70 emails every morning to try and weed out, believe me, I’m not a CISO anymore, but that hasn’t gone away. They’ve still got my personal email addresses; they find any way to get to you. Now I’ve got the other side of people who’ve got a great idea and want me to invest in them. So those things are not going to stop.
But at the end of the day, look, it’s not the end of the world. Sure, it’s a little annoying, but as a CISO, you find your own ways of dealing with it. I personally used to run innovation programs. And so for the startup communities that wanted to come and show us and pitch to us what they did, we’d feed them through the innovation program. And if they got past my team, because it’s not my choice, if they got past my team and they were selected as one of those companies to come and pitch to a broader audience, then they were absolutely grateful to be there. And there’s ways in which you can manage it and still try and be responsive to people.
There was an interesting piece I think in the Nick comment there about the sales reps saying no, and the saying no piece, and they’re not really being respectful of that. At the very beginning of the segment earlier on, Geoff said the same thing here, but it’s really important. This is a two-way street. If you are genuinely not interested, as a CISO, you’re not interested in a product, be honest and tell them. Because let me tell you, salespeople hang on your every word as a CISO. They trust you; they take every word that you say, and they hold on to it. And if you give them a glimmer of hope that this is something that you might want to look at three months from now, believe me, they’re making a note in Salesforce to call you back in two and a half months from now. They hold on to every word you say. So just be honest. If it’s something that you’re not interested in right now, just tell them.
[David Spark] By the way, you just described all the salespeople who listen to the show. We hear again and again, salespeople go, “I listen to the show to learn how to talk to CISOs.” Because CISOs feel that they’re in a comfortable space here.
[Emily Heath] I can understand it.
[Geoff Belknap] I just want to underline the one thing that Emily said, and just bold it, and circle it, and highlight it. CISOs are not the people that decide what products our team should be looking into. We may be decision makers, and we may be priority setters, and budget approvers, but the reality is if there’s a brand-new thing that one of my team’s needs, it’s not going to start for me. It’s going to start for my team that is close to that problem. And while I know this will sound like I’m saying, “Please don’t bother me, go bother them.” Please don’t bother me, go bother them. They know what problems they face. I am not day-to-day dealing with data security or posture management.
[David Spark] This is so true.
[Geoff Belknap] Go talk to them. They know where the pain is way better. My pain is different than their pain, and they will bring it to me when they are excited about something. But starting with me is not always a great choice.
[David Spark] I was just thinking about all the products that I have purchased for my business, not necessarily security related, I purchased for my business, it’s because our producers came to me and said, “We need this.” And I go, “Why do you need it?” “For this, this, and this.” And I go, “Okay.” That was the level of it.
[Geoff Belknap] See, David, top five producers.
[David Spark] They know what they need.
[Geoff Belknap] Top five in the industry, those guys.
[David Spark] Yes. In the top five, including the one we’ve yet to hire. They’re pitching at me products that we need to buy. And so I rarely initiate. I mean, it’s happened, but I’m rarely the one who initiates it. And the thing is, I’ve hired them, and I work with them every day. I trust my team implicitly too. And I’m assuming you feel the same way.
[Emily Heath] Yeah. We’re not the people close to the technology. We’re not the people that are close to it, close enough with the hands on the keyboard that feel the very real pain that our teams feel every single day. They’re the ones that know what problems they’re trying to solve more than we do.
[David Spark] Yeah. And I got to assume, say a team member comes to you, Geoff. They say, “We’re having problems with X, Y, and Z. We’re using, unfortunately, this and this. If we had this, then we wouldn’t need to do this, and we could do that.” I’m sure it’s like sort of flows out like that. And you’re like, “Yeah, that sounds right.”
[Geoff Belknap] Yeah. And those are situations, and this is why I am deliberate about maintaining relationships with great VCs and with great salespeople, because there are scenarios where they say, “Do you know anything in this space?” And I will say, “Yeah, I got an email from somebody,” or “I talked to an investor,” or whatever. But again, that meeting will then start with my team. It won’t start with me. It will start with me going, “Great. You are close to the problem. Go talk to the investors who might have five or six companies in this space or have seen all of the companies in this space,” or “Go talk to the salesperson because I’ve built a trusted relationship, and they’re going to know what will probably work in our situation.” This is why it’s good to build those relationships.
What must a security leader be able to do?
25:16.453
[David Spark] A. Zaki Elsayed of EPI Company said, “I always felt people look down on sales reps a bit too much. I empathize with the sheer number of messages senior people are getting and understand how exhausting it is to deal with. Showing a little bit of respect and empathy goes a long way. If anything,” and this is the line I really like, “They’re essentially enablers for competition, and indirectly driving product quality forward.” The more competitors in a space are making products better, which is better for all of us. Isn’t it, Emily?
[Emily Heath] It absolutely is. I mean, we fall into this all the time. So many people say, “Are there any more room for any more cybersecurity companies?” Well, damn right there is because innovation is not going to stop anytime soon. But are you going to hit up against competition? Yes, every day. And that’s healthy. That’s a good thing. Because if there were only one player in the market, how fast would they be innovating to be better? Not as fast as they are when they’ve got people crawling behind them, and they’re bumping up in sales deals with competition that you look at two or three different players. What makes you different to anybody else? It helps the sales teams and the product teams really focus and fine-tune on why they specifically solve your problem better than anybody else.
[David Spark] Also, and we’ve had this with some of our sponsors, that they don’t really sit in any one specific category. They flow. And they hate that, actually. It’s like, I got to be in a category that everyone can sort of compare me to others. Geoff, do you think, I mean, all these competitors is healthy, and that it’s driving competition for products to be better?
[Geoff Belknap] No. Just to be blunt, I think there are way too many solutions in the cybersecurity space today. And I actually find the labeling to be a problem, and I’ll tell you why. Right now, without naming any names, there’s a very small handful of analyst firms that basically invent titles for product spaces. And I think they all, especially the analysts, the individual analysts themselves, do a great job of trying to really cover a space deeply and create a label that is helpful. But the reality is, because there are so many companies in a given space, that they’re all hoping that there’s going to be a new label. And the reality is for security leaders, we didn’t come up with those labels, an analyst firm did. And it is really hard sometimes to figure out what a company does based on those labels because sometimes there’s a lot of overlap from them.
What I will say that I 100% agree with is, the people that you talk to, especially in sales, are absolutely giving product feedback to the teams that design those products that try to make them better. And I’m just going to be flat out, if you are a security leader, and you are being poopoo to the salespeople, the problem is you. The problem is not the salespeople. They have a hard job, just as hard as yours in a different way. And they are trying… If you are ignoring them all day long, and they are being unrelenting in responding, it’s because you are ignoring them.
And I’m not telling you, you owe them a response. But I’m telling you, there’s a clear way to make this better. You can respond and tell them whether you are interested or not, or whether you will ever be interested or not. And at that point, you have fulfilled your part of the social contract of the salesperson/CISO relationship, and you can move on. But thinking that they are lesser than you, or that they want to be hounding you, I really think that sets you up for some sort of delusion that you are way more important than you actually are. And it misses the whole point of like the flywheel of the ecosystem of security. We need these companies, we rely on these companies, the salespeople are an essential part of it, just like CISOs are an essential part of every other organization that you’re a part of. We have to really respect and understand that relationship to make it better.
[David Spark] Yay, vendors.
[Geoff Belknap] Hooray, vendors.
[Emily Heath] Yeah. Seriously, sales is a hard business. It’s a really tough business. And it’s not for the faint hearted. And I think if anyone should understand that, CISOs should understand that, that there is some commonality between it here, for sure. But I do want to come back real quick as we wrap up to what Geoff said about the analyst community. There is an overengineering that’s happening around categorization that is causing such enormous complexity in the market. And you’re now seeing cyber security solutions that do very, very different things are all starting to use the same words because that’s the category that they fit into. I know the companies that I work with in our own portfolio, I tell them not to worry too much about the categorization because if your product is really solving a very real pain and a very real problem, focus on the problem, don’t focus on the category. It’s become overengineered, and I think has caused massive complexity in the market. And that, by the way, does not help the salespeople sell their product. It actually confuses the matter for the salespeople too. So it’s a double-edged sword.
[Geoff Belknap] I will say if you are a founder in this space, and you’re a salesperson in this space, and you have built a better mousetrap, we CISOs will beat a path to your door. It may take longer than reaching out to all of us individually, but we will hear about this great product you made. Focus on building a great product. It’ll make all the difference.
[David Spark] Great products do get talked about.
Closing
30:50.348
[David Spark] All right, we come to the end of the show where I ask you which quote was your favorite and why, and I always start with our guest. Emily, did you have a favorite quote and why?
[Emily Heath] I did. And it starts with the name, Billy Belleville.
[David Spark] Yeah, I do like that name.
[Emily Heath] From Blackberry.
[Geoff Belknap] Absolutely. He’s the winner.
[Emily Heath] [Laughter] I love this. Billy, I just love this quote. And it’s because of this context of brute force approach versus social engineering approach. I think it’s are you playing the short term like whack-a-mole type of game here, or are you going for the long game and building long relationships? And to me, it really underscores that. And not necessarily in the same context because he’s talking about hackers, but I very much understood and appreciated the undertone of what he was saying in that.
[David Spark] Geoff, your favorite quote and why.
[Geoff Belknap] You know what? I’m going to go with Jim Bowker from Mintz Levin. I think Jim does a great job identifying here, which frankly, sorry, salespeople, but let me give you a strategy if you’re a security leader. If you are inundated with calls, this is absolutely a way to get to a point where you have more peace and quiet in your day, and you can manage when you respond and how you respond to salespeople, which is like, hey, just filter external email to an inbox, filter your phone calls, and then do what I do. Every day, sometimes twice a day, I go through that mailbox and I see what came in, what new products are people talking to me about, what is of interest here that I have to respond to, and I respond to the ones that are interesting to me. But I make it part of my regular weekly workflow. I build that in.
And I want to be very clear. I intentionally respond to salespeople that have products that are interesting to me, and I try to get around to everybody. I can say I am probably in a higher scale situation than many other security leaders where I just for whatever reason, because we’re a larger company, I get a lot more reach out and it takes me a lot longer to get back to those people. But I think practicing a process and helping people understand what your process is to either be reached out to or for you to reach out to them, whether you set up time for people to reach you. Set up healthy habits and build healthier relationships with sales teams. Everybody will be better for it.
[David Spark] Excellent advice from both of you. Thank you very much, Geoff. Thank you very much, Emily. Emily, who works for Cyberstarts, you have a bunch of portfolio companies, and I believe they’re hiring across the board. I’m assuming you can see the portfolio companies there and just click through to the companies.
[Emily Heath] Yes. If you go to cyberstarts.com and look at the portfolio, you’ll see all of the portfolio companies that we have, feel free to click into them. Lots of hiring going on in every segment of those companies. So we would love everybody to go ahead and apply.
[David Spark] Please do. Jobs aplenty. We love hearing that when jobs are available. I want to thank our fabulous sponsor. That’d be SquareX. Remember, be fearless online with their browser extension. Deal with those client-side attacks. Sqrx.com. Check them out. Thank you very much, audience. We greatly appreciate your contributions and listening to Defense in Depth.
[Voiceover] We’ve reached the end of Defense in Depth. Make sure to subscribe so you don’t miss yet another hot topic in cybersecurity. This show thrives on your contributions. Please write a review, leave a comment on LinkedIn or on our site CISOseries.com where you’ll also see plenty of ways to participate, including recording a question or a comment for the show. If you’re interested in sponsoring the podcast, contact David Spark directly at David@CISOseries.com. Thank you for listening to Defense in Depth.