Cybersecurity is an interesting word. It’s often referred to as an “industry,” yet the word evokes imagery not of a factory or a production line but of hyperintellectual technologists tackling mindbogglingly complex technical challenges, electronic ninjas dueling with electric katanas in the ether, and ever-vigilant sentinels protecting the nation from those who would do us (cyber) harm. An industry, in contrast, is (according to the Cambridge dictionary), “the companies and activities involved in the process of producing goods for sale, especially in a factory or special area.”
The truth is that the Cambridge dictionary’s definition better reflects reality. Cybersecurity is a business. And like any other business, cybersecurity companies identify customers’ needs and then create products and/or services that they hope will be both effective and responsive to those needs.
Wide adoption of a product or service represents success, lack of adoption is failure. While that seems obvious, it highlights an often overlooked but essential part of the cybersecurity industry: The cybersecurity sales force. Technologists can create the best products the world has ever seen, but if those products aren’t successfully injected into the market, they solve nothing and serve nobody. It’s the sales force that brings products to customers, convinces them to try and buy the products, and in doing so, brings value to the community. That value, with respect to cybersecurity, means safer and more secure operations.
Given the sales force’s pivotal role in both the commercial success of the cybersecurity industry and the flow of effective security mechanisms to meet demand coming from all sectors (i.e., commercial, government, non-profit, and education), doesn’t it make sense to ensure that the cybersecurity sales force is developed and nurtured in a manner that ensures its success?
There are a number of principles underlying the development of an effective cybersecurity sales force. First, there are two domains with which every salesperson must be (or, if entry-level, become) conversant: 1) The cybersecurity domain in general and 2) the sales model for the product or service. Success will be elusive without this knowledge. This domain knowledge is then supplemented with training specific to the company’s products or services that develops a level of expertise in the sales team that enables them to understand where the product or service fits within the cybersecurity domain in general and, more importantly, enables them to effectively communicate the product/service and the value it provides. Finally, a set of metrics is defined and routinely captured and analyzed to generate an understanding of what worked, what didn’t, and foster a culture of continual improvement.
Sales, for the cybersecurity industry, is where the rubber meets the road. Without an effective sales force, cybersecurity companies cease to exist, and innovation and effective security never make it into the broader stakeholder community. According to cybersecurity sales teams with at least the same level of care and concern as technical teams isn’t just a good idea, it’s essential for the survival of both companies and the United States of America.
Build it right, America.