Technically Speaking, Episode 1: Why do we keep seeing CISOs in deals?


Share this video:
Facebook Logo
Twitter Logo
LinkedIn Logo
Share Email Logo

This interview has been edited for clarity.


I want to start by asking you, why are sales people seeing such a big uptick in security reviews in deal cycles?


If you look back over the last 10 years, you probably see that number go up, up, up and to the right. And I think it’s largely a result of just the increased awareness around security issues and how devastating a cyber incident can be for a company.

I also think there’s the regulatory landscape, right? The compliance landscape. We are seeing new privacy legislation pop up all over the world every year. There’s something different, something new. Even within the United States, we’ve seen  individual states have their own privacy legislation that is forcing companies to really think about the way they protect data, and then also the way their third party processors and sub processors think about data as well.


The last thing we want is security to break a deal. So when you think about reviewing software, are there any particular deal breakers when it comes to security reviews that maybe an account executive should be aware of? But also that a chief information security officer should be aware of?


Any, any piece of software, any third party company that we work with as a business. We look at it thoroughly. We have a standard lens or filter that we look at those organizations through. But, every single deal is different because the use cases, the data that’s processed, is going to look different depending on the provider.

So if you’re an account executive selling into a company that has a robust security program and strict security requirements, you’ve got to be aware of how your product impacts their compliance and their security program. That’s going to look different depending on what the use case for your product is and who the users are within the company you’re selling to. 

Account executives are not expected by any buyer to be security experts — unless you’re selling a security product. If you’re selling a security product, you probably need to be somewhat of an expert in the product that you’re selling. But if you are an account executive and you’re being asked security questions, you need to know enough to be dangerous. You need to know enough about how your product impacts the security program of the buyer. 

But there are likely resources within your business that can help with those reviews — your sales engineers and others.


Where do you typically draw that line? Is it talking about high-level certifications? Or is it more in how we’re processing data as you mentioned? 


So I mentioned knowing enough to be dangerous when it comes to things like SOC 2 and ISO 27001.

I think the folks in the organization that are responsible for those certifications and those reports ought to be enabling sellers to know:

“What is a SOC 2?” 

“Why does it matter?”” 

What’s the difference between SOC 2 and ISO?” 

“What’s the difference between those and complying with GDPR and other regulatory requirements?”

Those are things that the sales organization should be enabled on. 

But then when you get into really technical questions around cyber security, if you’ve got a buyer who’s asking about your application security processes or what languages you use in your source code, those questions are probably not something that an AE should be speaking to. Then I mentioned sales engineers, too. Sales engineers often have another level of depth of technical understanding on a platform. So sales engineers can be massive weapons for AEs as well.


What are some things that are going to come up in the next year or so that we can get ahead of today? 


This is more compliance than security, but I think some of the stuff that’s coming out of Google and Yahoo, specifically around domain reputation and spam practices, I think is going to be really, really important for sales teams to be aware of.Making sure that their practices are protecting the health of their domains, given these new requirements.

And I think what that means is figuring out where the right line is between volume and getting your message out to your buyers. But also sincerity and making sure that the messaging that you’re putting out in the market is quality and targeted.

Ultimately the stuff that’s coming out of Google and Yahoo is really, really good for the sales world. 


Personalization, relevance, being really strategic with who you’re going after and the messaging to your point is really what’s going to make the difference. That’s how you’re going to convert.

In the first three episodes, join Salesloft security leader Mike Meyer for an inside look why we keep seeing CISOs in deals, what’s on security’s mind during the sales process, and what’s ahead of data protection.

If you’re like us (and we think that you are) you’ve been looking for a place where sellers and security folks can get together to nerd out over all the changes, news, and politics where these two fields overlap. 

Let Salesloft VP of Technology and Information Security Mike Meyer and Senior Sales Director Asa Winchester, take you to that place together. 

Asa interviewed Mike to hash out the uptick of security leaders in buying committees, some tips for CISOs newly involved in the sales process, and who AEs should lean on for those complicated security questions. 

Check out the rest of the series

It’s nice to know that you don’t have to be an expert, but that you should know enough to be dangerous. What does that look like for you and your team of AEs? How can you pull your sales engineers into the mix? If you thought that was informative, check out part two and three with Asa and Mike where they discuss sales, AI, and cybersecurity and business risks. Then subscribe to our YouTube channel to get notified about sales strategies, security advances, and more.