Key Highlights from the Show Conversation:
What makes a good partner?
Susanne: A good partner is somebody who it's like a almost like a friend who you feel like you're in this together. I mean, cyber security, it's a war. And that's why you heard John talking about the fact that it's like we have this community, right? We support each other and it's an incredible community just because of that and so you have to have a vendor that is part of that community and that realizes that we need that. I find the transactional are the ones that are like okay I got to make my number, I got to make my number, I got to make my number.
The first camp are the ones that are trying to work with you and it's really easy for me to sus those people out, because I'm very up front. I'm like, "This is where I am. This is what I want. This is why I want it. This is what I can give you in return." And, you know, take it or leave it, right? Can you do that or not?
Erik: I mean, the honesty I think is very important. Figuring out your limitations and not overpromising because I sincerely believe it will eventually blow up in your face.
That's the way it's been described to me by some of our customers we’ve been doing business with for 25 years. And when you ask them why, they often use terms like “you guys share the pain.”
What are some of the challenges you see with security leaders?
Erik: I think some of the challenges we see is really the people shopping features. If the features are related to an outcome, I don't have an issue with it, but often you can read between the lines when they're shopping.
Like I can almost guess which vendor got to them first. The RFP or whatever their process is reads exactly like vendor X or vendor Y.
So for us it's problematic because we view the world more in problem solving terms, not necessarily exactly which tool you need to fix the issue because quite frankly most tools out there and any respect are quite capable and it's often a question of how you use them and how it integrates with the enterprise the rest of the process how you mitigate risk with them and I feel like the industry is shifting towards that but then a new toy comes along and people forget.
Currently it's AI people kind of revert to that well I want a solution to my problem. I want to buy this solution as opposed to doing the hard work which is how do I kind of you know go end to end between the problem to the outcome I want and fix it because that's hard.
What's required to have a successful Proof of Concept (PoC)?
Susanne: We have very firm line at my company, which is if the supplier is going to have access to personal data, for example, for many of our crown jewels. Even if we decide to do a PoC, it can take months.
It used to be that you would do a PoC with just an NDA. And we're like, no, we're giving you access to our environment, and you might have access to customer data. We've got risk so we're pretty conservative about it.
Once we get them in it's usually pretty quick because you can also tell during that period it's like who is this company and then you end up having more conversations anyway and so then during the PC it's like what we care about is again do you take feedback and by the way we also ask for feedback it's like what can we be doing differently too right yeah and we actually really like it when our vendors tell us.
And we love the PoC's where we're surprised. Those are the best.
Erik: Proving your worth as a service provider for custom services is completely different. So, we prefer to propose a more limited engagement where we can show value. Tell me a problem I can actually solve for you, I'll solve it. You'll get a sense of our style, our engagement, and how we can partner together.
And that to me is a good test that could replace a PoC.
