Marketers need to get inside the minds of their customers. In the security world, that means the mind of the Chief Information Security Officer (CISO).

Bay Area technology marketers enjoyed a great chance to do so at IDG’s Security Priorities Breakfast, hosted by CSO Publisher Bob Bragdon on October 10th in Palo Alto. The meeting provided a couple of different windows into the minds and, of course, the priorities of these information security leaders for 2020 and beyond.

These insights can help marketers do a better job of positioning their products as well as developing an ongoing discussion with CISOs—which, as you will see, is what CISOs want, more than steady stream of gated whitepapers or invitations to offsite meetings during trade events.

Survey Says…

The morning started with a recap of key findings from the 2019 IDG Security Priorities Study, followed by a panel discussion of three CISOs.

The Security Priorities study garnered insights from 528 respondents involved in IT and/or corporate/physical security decisions.

Among the key findings Bradgon highlighted:

  • 2020 will see a modest general increase in budget and spending dedicated to security.
  • OpEx spend is growing while CapEx remains flat, reflecting the gradual move to a services-based model.
  • Areas of particular increased spending include Security Training & Awareness, Security Evaluation Services, and Cloud Based Cybersecurity Services.
  • Skilled staffing. including both recruitment and retention. remains a challenge.

In regards to recruiting and retention, Bragdon cited a huge increase in salaries for CISOs themselves, as their role increasingly demands the ability to make smart risk mitigation decisions, but also to communicate effectively to other executive leaders.

Survey respondents said they are currently researching a number of newer technologies and strategies including behavior monitoring and analysis, cloud data protection technologies and deception technologiesas they look to move beyond widely-adopted security basics such as firewalls and intrusion detection.

They indicated much less enthusiasm for blockchain, which some described as “a solution in search of a problem.” More than half of respondents said they have no plans to examine blockchain for security purposes.

Can You “Trust” Zero Trust?

Security buyers in the survey showed increasing interest in “zero trust” technologies. However, Bragdon noted (and panelists and attendees all agreed) that this term is being used quite broadly by the vendor community, so it’s difficult to zero in on which technologies are included. It’s also more of a long-term goal than a single project or implementation. Bragdon said that based on his own experience hosting CISO discussions and roundtables, identity management is regarded as a foundational element that most companies are working to put in place. Microsegmentation is also part of a zero trust approach to security, but fewer organizations have put it in place in production networks.

To learn more, view the 2019 Security Priorities Webcast.

Working with CISOs

Next on the agenda, three CISOs joined Bragdon to offer their own experiences and perspectives on current issues and offered some pointed comments to help marketers do a better job reaching this executive level of security leader.

While this was an “off the record” session for attendees, panelists Tom Baltis, CISO of Delta Dental Insurance; David Hahn, CSO of Silicon Valley Bank; and Ajit Gaddam, Head of Security Engineering at VISA, all shared valuable insider insights with attendees. Much of the conversation that ensued focused on their outlooks on the buying process and, of course, what marketers should know about engaging with security decision-makers. Without giving too much away, the panelists discussed qualities they look for in a vendor and explain the emphasis on finding products that have a number of features and will integrate well into their existing set-up; in other words, “playing well with others”. They pointed to vendor credibility as a key indicator in choosing a partner and mentioned the importance of using the same terms to describe a product or solution that security executives would use to describe their problem. This alignment will help marketers to garner genuine interest and establish quality connections that open the door for long term partnerships.

The panelists also commented on product innovation and selection. In an industry that is constantly evolving, the panelists echoed the popular sentiment that businesses should always look towards the future and focus on solving tomorrow’s problem to stay ahead. Security executives do not expect a magic fix immediately, but rather are in search of viable, long term solutions.

Our panelists agreed that vendor created content can be very useful in informing product decisions, but one panelist shared that gated content turns him away because by nature, being on a vendor’s site implies interest, so why require additional information before giving access to information pertinent to a specific product?

And while security executives look at research to inform decision-making, the word and recommendations of their peers remain their primary source of industry and product information.

A corollary for marketers: If your company earns a bad reputation with its existing customers, word gets around, and that reputation will be very difficult to shake.