Insights from CISO veteran Gary Hayslip

Are you selling your cybersecurity SaaS (software as a service) to CISOs?  Respected longtime CISO Gary Hayslip, who has more than 20 years of experience leading and managing security programs, teams, and projects in various sectors, offers some helpful tips in a recent interview with Slone Partners Cybersecurity.

Gary has a sustained record of building excellent security teams across all industries regardless of regulations and size. He is loyal to companies, a strong Partner to executive teams, a collaborator across organizations, and is always looking for ways to help companies grow.

His perspectives will provide important guidance to cybersecurity SaaS VPs of Sales and Account Executives who are hoping to persuade CISOs to purchase their products and services.

Slone Partners Cybersecurity: What is the single best piece of advice you can give commercial leaders when trying to network and sell to CISOs?

Gary Hayslip: Remember it’s all about relationships. Get to know the CISO as a person and in the process, you will find out the issues they are currently working on. Be willing to accept that the CISO may not currently need your technology/service. What’s important is to establish the relationship and understand the issues they face.

Slone Partners Cybersecurity: What are the most efficient ways for an Account Executive who is selling cyber tools/products/services to get your attention and reach you (email, LinkedIn message, conferences, etc.)?

Gary Hayslip: Email and LinkedIn messages are really spam, in my opinion. I am so busy I have very little time to read your email message if I didn’t request it. A better way to talk to me is at conferences, over dinner, or to have a peer, who is a customer, contact me to discuss what I am working on and refer you to me.

Slone Partners Cybersecurity: What strategies don’t work when approaching and selling to CISOs?

Gary Hayslip: Contacting a CISO and saying you only need 15 minutes to talk when you know you need 30 minutes at a minimum. That is an honesty issue for me, so I always say no.

Slone Partners Cybersecurity: What can an Account Executive do to ‘stay in your head’ for the next three to four months so that you will be amenable to follow-up contacts? Does that ever happen?

Gary Hayslip: One of the best ways I have seen this done was when an Account Executive contacted me for my input on their product, its pipeline, and their current sales efforts. They were contacting me as an advisor to make sure they had the right message for talking with CISOs and it was also a subtle way to establish a relationship, learn what’s important to me for my security program, and in the process of helping them, they hope to be able to help me in the future.

Slone Partners Cybersecurity: There are a lot of cyber products on the market. How do CISOs stay on top of the latest technologies to defend their organizations?

Gary Hayslip: The answer here is nuanced and involves more than just looking at technologies at conferences. CISOs spend a lot of time working inside our organizations to understand the overall strategy and changes that are coming. This enables CISOs to keep a flexible picture of the systemic risks facing the business and then we continuously review our security stack to make sure we have the correct technologies and services to protect our companies.

Staying engaged with the business and collaborating with internal peers/business units makes sure we are aligned with what the business needs. I use this knowledge when talking with other security executives to find out how they are addressing similar issues and then I proceed to speak with several of the vendors they recommend until I find one that meets my company’s requirements.

Slone Partners Cybersecurity: What is top of mind for CISOs today and how can sales and marketing teams at investor-backed cybersecurity companies be cognizant of your challenges to support and enhance you and your team’s ability to defend your organization?

Gary Hayslip: We are operating with tight budgets and small teams, so when you speak to us you should know the problems you are helping us solve and be able to speak to how your technology/service will be integrated into our current stack.

Slone Partners Cybersecurity: Where do you go to pro-actively obtain information about industry/product trends and services?

Gary Hayslip: I go to conferences, webinars, luncheons/dinners, and I continuously speak with peers. I also use services that will provide the latest research and recommendations on technologies for a specific sector, and with that information I again reach out to my peers to vet it.

Slone Partners Cybersecurity: What haven’t we discussed that you would like to share with commercial and executive leaders at investor-backed cybersecurity companies?

Gary Hayslip: There are two key points I would like to share. First, if you are selling to security executives you should expect we will ask questions about your environment, your CISO, and what frameworks/processes you follow. If we are going to partner with you and be a customer, we want to make sure you are secure. That just makes sense if you are selling to the security community. The second point is we no longer buy products to solve one problem. We purchase technologies/services to solve as many issues as we can. Plus, these technologies must be able to integrate into our current security and IT stacks.