First of all, my apologies for the hiatus from posting and public contribution on this site. I have been incredibly busy the past few months wrapping up my old job with my former employer, doing some consulting work and launching a new network security start-up company in October with a few other very talented individuals.
I did look at the calendar and in typical “sales clown guy” fashion thought “wow, 3 weeks left in 2009″. If you are responsible for InfoSec and deal in any way with technology partners, vendors, consultants and the like, you are probably under enormous pressure to try to close any outstanding business, sign deals and contracts, etc. before the clock strikes 12 on New Years Eve. The old “use it or lose it” calendar year budget style is alive in well in IT departments worldwide, trust me.
I wanted to provide a “change of pace” post on Cassandra Security, which will hopefully give some insight into the world of buying and selling security solutions. I have worked at two very large vendors in both sales support and direct sales roles, so I understand marketing and selling security to a wide range of customers.
You had better believe that whoever is trying to sell you a good or service here in December 2009, is also under an insane amount of pressure. This takes many forms, the most likely motivator is self-preservation. I like to refer to the last 6 weeks of Q4 as “the silly season“. This is where you can catch vendors and customers alike doing all sorts of crazy things to get a deal closed.
Sales people obviously want to sell you something anything to retire some of their quota (hopefully) and get a commission check. I am not sure how many people outside the sales world realize, but anywhere from 40-70% of a sales reps total compensation is commission, so you should use this knowledge to your advantage. With 3 weeks left in the quarter, you want to have any final pricing/discounts submitted today (preferably) to give this time to get through their sales management, order operations, distribution and reseller partners (if any). You also want to have final pricing so you can properly set expectations with your management. You may think you are being a hero by trying to save the company another 3%, but if your management team is expecting a Capital Expenditure in Q4, you better make one.
I wanted to go ahead and build a checklist of what tasks you should consider, both as a vendor/reseller and as an enduser/buyer of InfoSec products:
Vendor/Reseller of InfoSec Products/Services/Solutions
- Has the customer bought off on the solution (both technical and business wins)? If the answer is NO, I can pretty much guarantee with 99.999% certainty that you don’t have a deal that can be closed in the next 3 weeks. Miracles do happen, you may have pictures of the VP of IT doing provocative things in public places with rubber balloon animals and green Jell-O or the CFO may have been a college roommate of yours (both true stories and have happened btw), but if you are forecasting this to your sales management team and it does not close, have your LinkedIn profile updated and resume handy – you will need them!
- Do I have final pricing in place? If the answer is also NO, get your customer a final quote. This is part of being a good vendor sales rep.
- Is the proposed configuration correct and accepted by the enduser/customer? If not, get consensus with your internal customer champion’s help.
- Am I selling consulting with my product? If so, do I have a signed and accepted Scope of Work for consulting in place?
- Have you reached out to the procurement group at the customer? Are they aware of this upcoming purchase?
- Have contacts handy for any resellers, distributors, or other operations people that will help you book your order for your customer (goal is to turn the deal into revenue by the end of the month)
- Understand everyone’s schedule for the rest of December (a lot of folks take off the last week of the month, be prepared)
Endusers/Buyers of InfoSec
- Do I fully understand the solution I am buying? (HINT: If the answer is NO, stop reading this post NOW and go talk to your management team IMMEDIATELY and express your concerns if you are the decision maker or key influencer)
- Make sure you have final pricing and know to the penny what you are spending. If you do not, call your vendor sales person and/or reseller and GET AN OFFICIAL QUOTE IN WRITING!
- Have a time line and project plan in place for implementing your new solution (hopefully this will be in Q1 or early Q2 2010 – if it is later, you might want to investigate why you are making a spend decision now)
- Understand the implementation options and the “hows” and “whys”. You may also want to write an executive summary (no more than 2 pages) for your CIO/CISO and/or management team that explains the project. This gives them WRITTEN talking points they can use to explain the spend decision to CFO, CEO and the Board of Directors. Especially helpful since more and more CIOs report up through the CFO.
- Do you need professional services (i.e. consulting) with your purchase? Have you signed an agreed upon Scope of Work and have you been in contact with the consultant doing the work? Especially in the education space, a lot of consulting services are delivered in the last 3 weeks of December (makes sense as most of the users are students and faculty and they are hopefully off-campus).
- Do you understand the buying cycle and procurement process in your own organization? Do you need to file forms or applications, obtain signatures or approvals, or get official approval from a committee or peer group? If any are true, you might also want to communicate this to the sales people, unless you want them calling you multiple times a day for a status update when you don’t have one or one is not expected/available.
- Are their any ancillary benefits of making this spend decision now – what are the pricing savings, is maintenance locked in for multiple years, do I get free training, etc.? make sure you know this and can communicate this to your management team (HINT: include in your Executive Summary to them for the project).
- Realize that you have an important role as the customer – you can either champion a spending decision or kill it. Choose wisely – your reputation, career and a lot of other factors may be riding on it. Heroes and goats in IT are made every day on decisions like these.
I know a lot of this is common sense, but often times it simply takes a minute to put yourself in another person’s position and frame of reference. The vast majority of security sales people at least make an effort to provide some value to the InfoSec professional (note – value varies widely by vendor and the individual). Sales folks want to close business and InfoSec professionals want to improve their protection posture. There is clearly a common ground where the two can work together toward the common good of improving security posture at an acceptable price point.
Comments
Leave a Reply
Will Gragido on 12.09.2009
This an important and value posting which does differ from what we see here on Cassandra typically. Brian hit on some very strong points from both sides of the negotiating table. They are even more important in the wake of the NSS Labs Q4 IPS reports as this, I believe will aid some sales teams, hinder others and if leveraged properly benefit the consumer of these products. Great insights.