This past week one of my marketing friends made a statement I’ve heard far too many sales and marketing folks say over the years.
“The IT Security folks don’t have decision-making authority, and they aren’t concerned with anything beyond their network. I try not to spend too much time on them.”
It reminded me of when I was responsible for information security and privacy at a multi-national financial and healthcare organization throughout the 1990’s. I had more than one information security vendors answer my questions about their services and products with something similar to, “That’s not something your team should be concerned with; it is outside of your network;” or worse and more condescending.
Well, obviously it was a concern of mine, otherwise I would not have asked about it. None of those companies whose sales representatives assumed they knew more about my information security and privacy concerns and responsibilities than I did ever got my company’s business. I may not have been the authoritative decision-maker, but I was a key influencer.
3 Things Marketers/Sales Folks Need to Understand
1. Even if the info sec pro does not have the power to make the sale for you, info sec pros *can* kill your sale.
It is true that often times the IT and information security folks typically don’t have a lot of budget. And often other parts of the organization have more decision-making authority over the information security investments. However, the information security folks’ opinions about the company investments in the tools and services acquired typically carry significant weight in the decision-making processes. If you disregard or disrespect the IT security folks, don’t be surprised if you don’t make a sale with their organization. Their opinions and advice to NOT make a purchase still carries a lot of weight within most organizations.
2. Don’t tell the organization what the info sec pro “will not be concerned with.”
Oh, this is something that really gets my goat!
If you tell the information security director/manager/VP/[insert title here] that they shouldn’t be concerned with an aspect of your service or product in answer to a question they have for you about it, it will be a huge red flag. The info sec pro will probably be wondering one or more of the following:
- Why is this sales dude trying to avoid answering my question? Is this an area of their service/product where information security is a problem, or lacking?
- Does this person think I don’t know my job?
- Why does this guy/gal think they know more about my job responsibilities than I know?
Sales and marketing folks: You do not know more about your targeted clients’ information security practices and IT systems, and those responsible for them, than the information security folks know. You may think you do, but you really don’t. So please don’t tell IT security folks, explicitly or implicitly, that you do!
3. Don’t minimize the importance of those responsible for information security.
During 2001 – 2003 I worked for a handful of consulting companies that went through periods of divestitures and acquisitions. At a couple of those companies I landed within, some of the marketing and sales folks really irked me with their open repugnance of IT security pros; to the point that my eye starting twitching uncontrollably whenever they talked or were in the same room. These clueless sales/marketing pros had complete disregard and disrespect for the IT security folks. Coming from working for several years in the IT area, it really disgusted me to hear them putting down IT security folks in general. And it was completely embarrassing to attend sales meetings with them and then see and hear how they visibly brushed off the IT questions and comments while courting the higher-level decision makers. They didn’t seem to realize (or if they did, they didn’t care) that the IT folks were very aware that the sales folks were brushing the IT concerns aside and pandering to the CIOs, VPs, and Legal folks in the room. From what I’ve seen since, the sales tactics have not changed much for a noticeable portion of the marketing and sales professionals.
IT and information security pros are aware when the vendor sales and marketing folks put them down by putting down their job responsibilities.
Kudos to good sales and marketing pros
Don’t get me wrong. I’m not saying all sales and marketing folks poo-poo the IT and info sec pros. To the contrary; some of the vendor sales and marketing folks I know not only visibly demonstrate that they understand the importance and influence of IT pros, but they also go out of their way to maintain good relationships with them. I really love working with these types of sales/marketing folks.
There are still far too many in sales and marketing who blow potentially lucrative sales to organizations because of their lack of understanding for what IT security pros actually do, and the activities for which they are responsible.
Bottom line for organizations of all sizes…
So, information security and privacy sales and marketing folks, in the largest to smallest organizations and in all industries, please don’t downplay the importance or influence of information security professionals. They have a wide range of responsibilities for information security within their organizations that go beyond their network. They are also concerned with: 1) information in all forms, 2) the security practices of their business partners, and 3) the security of the cloud services they use. Don’t tell them they should not be concerned.
Show information security and IT pros the respect they deserve. If you don’t, you’ll get their goat and you most likely will not get their organizations’ business.
This post was written as part of the IBM for Midsize Business (http://Goo.gl/t3fgW ) program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. I’ve been compensated to contribute to this program, but the opinions expressed in this post are my own and don’t necessarily represent IBM’s positions, strategies or opinions.
Tags: awareness, breach, compliance, data protection, IBM, Information Security, information technology, infosec, IT security, marketing, midmarket, monitoring, non-compliance, PHI, PII, policies, privacy, privacy laws, privacy practice, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management, sales, security, social network, surveillance, systems security, training