How can Cybersecurity Help Sell More Jeans? A Conversation with Former Levi’s CISO
“How can you help me sell more jeans?” This is the key question Steve Zalewski, former CISO of Levi Strauss, put before me on a pleasant summer morning last July. Despite the fact that he no longer held the title of prospect or customer, I was still drawn by the opportunity to sit down together and have a conversation. The fact that there wasn’t a selling agenda liberated us from the confines of such a structure, opening the field for something much more insightful; something that we, as vendors, should take to heart as we strive to do better in helping CISOs and security executives navigate these times of unprecedented digital transformation.
Before I give you the answer on how to sell more jeans, it’s imperative to first understand the roadblocks that prevent security teams from accomplishing a seamless security deployment from a technical and relationship-driven perspective:
- Digital Transformation makes transition to cloud even more complicated: The dynamic nature of underlying technology drivers, such as the rapid acceleration to the cloud, can create challenges for organizations in terms of how to control and secure their digital assets and platforms.
- Disparity in the C-suite: Zalewski explained that CIOs and the IT organization are evaluated primarily on efficiency, whereas CISOs and the security organization are judged on effectiveness—while still being accountable to efficiency. This disparity can create friction in the C-suite, which can extend downward in the organization.
- Vendors leading with fear vs positive intent: As cybersecurity professionals, instead of leading with the positive intent to improve security posture, we often take the same approach as the media—we leverage fear as a means to market and sell our solutions and services. In the security industry, this is what we call FUD: “Fear, Uncertainty and Doubt.” These days, because it’s more surprising to not read about a new daily high-profile breach in our morning feeds, it’s tempting to lead with FUD, as it’s rooted in the limbic system of the human brain and right next to the hippocampus, which is involved in storing memories. Fear is adjacent to memory formation, and although it’s powerful and necessary, we can also incorporate a refreshing approach of positive intent that inspires confidence and assurance.
- Loss Prevention vs. Profit Protection: By focusing our commercial approach on empathy, we’ll better equip our CISO champions to speak the language of the rest of the executive team and board of directors—thus increasing the likelihood of getting more budget, more influence, and as Zalewski said, change the perception of the CISO role from a cost center of mandatory security to a profit center—think “loss prevention” to “profit protection by managing appropriately the key cyber risks to the company”.
Ok, so back to the original question: “How can you help me sell more jeans?” It’s so easy to focus on Zero Trust, cloud-native services, and other macro-themes in our work, but embracing this subtle shift toward always being mindful of the fact that all of this fancy technology, is, ultimately, intended to help drive the core business—whether that’s selling more jeans, acquiring new account-holders, or making better software, is so very important. By speaking the language of the business, we’ll actually help both ourselves (vendors) and our CISOs.
“The security community is a small one and we have a common goal, protect our companies from a common enemy. If we think of ourselves as the village trying to collectively raise the security child, then we need to share the responsibility of educating and protecting that child. This means establishing trusted relationships that demonstrate you have the best interest of the child at heart. So to all the sellers that focus on FUD and pushing products, consider the importance of building a trusted relationship with each prospective customer and consistently demonstrating that you have put the best interest of every company first in protecting us against the common enemy,” explained Zalewski.
It’s all in the delivery: The value of positive selling for profit protection vs. loss prevention. Vigilant risk awareness and profit protection aren’t mutually exclusive – particularly as virtually all industries move further into digital transformation. Zalewski explained that successfully straddling profit protection and the reality of an ever-growing threat landscape requires the need for the executives to acknowledge the brutal truth without hurting morale—offering employees, partners, and vendors something more real and actionable rather than the perpetual glass-half-full delivery from the rest of the executive team.
Collective defense, mission assurance and mutual aid are where the future lies if we want to truly solve the problem. As long as selling more product drives the security industry and it’s approaches to measuring ultimate success, the systemic problems we see in the industry as a whole will continue to exist, to the detriment of everyone. The truth is that most CISOs can’t solve the security problems alone anymore, and that we have to consider that every CISO and every vendor has to embrace a shared responsibility to do the right thing against our common enemy. That is easily said, but will require real fortitude on everyone’s part to take us on the next phase of our journey to enable every business to effectively manage the growing threat landscape.
Relationships Matter, with technology and our people. In this modern age of complexity and interconnectedness, deep understanding of, and control over, those relationships are the only ways we can mitigate operational and security risk. My conversation with Zalewski made me realize more than ever that Relationships Matter.
At vArmour, we understand the need for digital and human relationships to operate smoothly, as demonstrated in our tagline, “Relationships Matter.” We believe in and demonstrate in our software and mantra that there is meaning and value in the relationships between things (applications, network, infrastructure, users, data and also in vendor-CISO relationships) – potentially as much, or more, than the things themselves. Understanding the relationships in technology and your community creates harmony amongst executives, secures more funding, and makes security more scalable, easier, and faster to deploy to gain immediate results and peace of mind.
My advice: Take a moment before a meeting to remember that although we have a fiduciary duty to our companies, because it’s still two (or more) humans having a conversation. Help your CISO’s help you by speaking the common language of the C-Suite and Board. Consider empathy and a little less fear. Help them SELL MORE JEANS. I bet you’ll love the result.
About the Author: RJ Belles is a seasoned sales professional, having spent many years in the technology, healthcare, and entertainment industries. A genuine student of the game, RJ enjoys applying psychology and neuroscience to the sales process, mixing art and science together to develop human relationships built on empathy and trust. RJ currently helps run Go-to-Market in the western U.S. for vArmour. To contact RJ, email firstname.lastname@example.org.