The Open Letters to Security Vendors

Open Letters


Estimated Reading Time: 2 minutes

Way back in 2015, before it was the ‘in’ thing to do, I penned a three-part ‘Open Letter’ article which was meant to highlight the challenges I saw with the interaction between vendors and CISOs. What I thought would be nothing more than a way to vent about the frustrations I was feeling with vendors, suddenly became recommended reading. The positive feedback I received on Part I (the only part originally planned), evolved into the three-part series that’s still as applicable today as it was in 2015.

Below you find links to each of the articles with a brief explanation. It’s suggested to read them in order, but they all stand on their own if you choose not to.

The Open Letters to Vendors…

An Open Letter to Security Vendors – Part I – The piece that started it all. The original article that focused on marketing and the lack of messaging most security vendors have and more importantly, how to fix it. The feedback on this article was so positive, that it not only filled up my inbox with countless MadLib’s, but also provided the inspiration for Part II and III.  

An Open Letter to Security Vendors – Part II – Part II is all about you, that venerable Salesperson. Want to know how to get my ear? What’s the best approach to getting me to look at your product? (Hint: tchotchkes are not the answer.) Most CISOs want partners they can rely on to help them fix problems and help build out the strategy.  Part II gives some insight into how to achieve that.

An Open Letter to Security Vendors – Part III – It’s All About The Tech. Most solutions overlook critical operational functionality and only focus on the security side of the product. This one mistake is the reason many vendors never even get a chance to sell to us. Even if, on the odd chance that your product actually does what it claims – if running it adds complexity to my environment or it makes my team’s life more difficult, it won’t even be considered. Part III details the major pitfalls many vendors succumb to and some considerations on how to make sure you don’t fall into the same trap.

The Follow-ups…

Simplify Your Value StatementThis is a follow-up to Part I of the series. In order to communicate their message quickly, Vendors need to develop a value statement that appeals to a CISO by quickly articulating how your solution reduces risk, minimizes staffing issues, or enhances budget. We’ll review three different value statements and see how they can be leveraged to expedite your sales cycle.


Copyright © 2002-2024 John Masserini. All rights reserved.


Chronicles of a CISO