Mastering Tech Sales: Addressing Pain Points, Selling Compliance, and Understanding Client Needs
Hi. I'm Max Clark, and I want you to sell me this pen. There it's in focus. It's It's on focus. It's in focus.
Speaker 1:I don't know. Right? Sell me this pen. Have you ever heard this before? Sell me this pen.
Speaker 1:If you immediately go to, like, oh, you know, it's mechanical. You know, it'll it'll come back in so it it, you know, it doesn't stain your shirt. You know, it's got gel versus ink or it's got a roller paddle or look look it's got a nice, like, soft tip on it. Right? Like this thing right here, it's got, like, a nice thing on it.
Speaker 1:Like, boy, you've lost. Like, you know, like, what's your first question that you need to ask in this one? When's the last time you used a pen? Do you currently have a pen? Do you need a pen?
Speaker 1:Like, no. I don't need a pen. I have 10,000 pens in my drawer, and actually don't write very often anymore because I tap on the keyboard instead. Right? Not a customer to buy a pen.
Speaker 1:Not a prospect. This is a parallel that I see almost every day with tech, and we shove things at buyers. We shove acronyms at them. Right? We shove SD WAN, SSE, Sassy, RBI, CASB, SWG, ZTNA.
Speaker 1:You know, like, the list the list goes on and on and on, and then we create more acronyms. You know? Now everything has to be as a service because that's the marketing terminology that goes with it. Right? So we have desktop as a service, UCaaS, CCaaS, SECaaS.
Speaker 1:That's my favorite one. You know, BaaS, DRaaS. Like, you know, are you looking for DRaaS? Like, do you even know what DRaaS is? Probably not.
Speaker 1:Maybe not. Maybe you don't know. Do you know what I mean, do you know what SECaaS is? You know, sock ass? And it's so it's so disconnected.
Speaker 1:It's so disconnected. And I see this all the time, and I ask a lot of security practitioners this question specifically. Like, how do you sell security to somebody who's not buying security? And security, by the way, means a lot of different things. There's lots of different layers of security.
Speaker 1:You know, you could be talking about selling a point pollute point solution. You could be talking about selling a framework. You could be talking about selling compliance. You know, you could be talking about maturity. You can be talking about instant response.
Speaker 1:I mean, there's there's tons in the security world. But I've been asking this for over a decade. Like, how do you sell security to somebody who's not buying security? And along the way, I still haven't answered this question, by the way. So if you've got a good answer for it, please tell me your secret.
Speaker 1:Like, comment below. Send me an email. Call me. Like, I wanna hear your secret. But, really, the only thing I've really figured out with this so far is you need to be solving a pain point or meeting an objective.
Speaker 1:Right? Now can you map your product or your service to a pain point? Does that pain point currently exist, or can you map it to an objective that needs to be met as well? And maybe you have a supply chain requirement now that's coming up. Right?
Speaker 1:So CMMC, if it's in manufacturing. Media entertainment has TPN. If you're in different advertising, like segments. Right? Maybe you want access to data from Facebook or Comcast or a large media organization.
Speaker 1:Right? They're gonna have specific requirements for you. Maybe you're a SaaS company and you wanna be SOC 2 compliant because it's gonna help you sell into the enterprise. So if you're selling compliance, you know, there's there's a specific need. Like, hey.
Speaker 1:We have to get compliant because we have to be compliant in order to do what? To generate revenue. Right? So, like, what's the actual chain of events that happened there? Well, the objective is we want to generate revenue.
Speaker 1:Like, we wanna go do business with this company. So in order to generate revenue, we have to meet this compliance. In order to meet this compliance, now we have a defined framework within that compliance that we have to do, and we it's like, okay. We have to have x, y, and z. What else are we seeing in insurance right now?
Speaker 1:Insurance carriers are getting smart. They don't wanna pay out insurance policies. Insurance companies make money when they don't pay you. Like, might be might be ruffling some feathers here, but let's be real. Everybody each would like like honestly, you pay the insurance company.
Speaker 1:The insurance company signs a a risk value to you. Based on that risk value, they're going to either offer you insurance or adjust your premium rates. Right? So maybe if you don't meet the risk profile like, if you're in Malibu in the hillside with, like, nothing but brush around you, the risk for fire insurance is really high. You might not you might be uninsurable.
Speaker 1:Right? Like, it's just not worth the risk. Or they might come back and say, we'll insure you, but it's gonna cost you 5% of the value of your house per year, 10% of the value of your house per year to insure you. And, I mean, that's not affordable for you. Right?
Speaker 1:Like, you don't wanna spend that kind of money. Or they might come back with a third thing and they say, we'll insure you. But before you can get insured, you have to clear, you know, 500 yards of brush around your house. It has to be done every 3 months. You need a fire spray you know, suppression system on your roof.
Speaker 1:You need to have this. You need to have that. You have a contract with a with a specialized private, you know, firefighting agency that's gonna come out and just protect your house. Like, there's all these other requirements. Okay.
Speaker 1:Simplistic example now is take it to insurance. Insurance for cybersecurity might say things like you need to have, identity access management, I'm You need to have multifactor authentication or 2 2 factor authentication. You're gonna have to have security awareness training. You're gonna have to have endpoint detection response and EDR tool. And that's you know, you have to have a annual, penetration test.
Speaker 1:You know? Vulnerability scan. Probably a vulnerability scan. Not really a pen test. They're gonna say you're gonna have to have an annual vulnerability scan, and you need to have all those things in order to get the insurance.
Speaker 1:And then based on which thing you have, we're gonna change your insurance rate, what your premium is for your business. We're seeing this right now. This is not, you know, theoretical. This is this is going on. And then we start talking about how do you layer up.
Speaker 1:Right? Now, again, what's what's the objective? The objective wasn't was it wasn't that a company went out and said, oh, we need to have endpoint detection response. It was you know, that gets triggered usually because we have an insurance renewal that happens. The insurance renewal says, like, you're not insurable or your premium is gonna be so expensive.
Speaker 1:It's actually just cheaper for you to level up your tooling because after you level up your tooling and your resiliency increases, the insurance premium is gonna drop to a point where it's gonna pay for itself to go out and do it. So, like, there's this, like, carrot and stick approach happening with a lot of enterprises. If you pay attention to sales trainers and people that talk about, you know, you know, anybody that's doing, like, SDR, BDR, AE, you know, work, the good ones will talk about in, like, highlighting the cost of inaction. Hey. Your tree is rubbing on your roof.
Speaker 1:Did you know that if you leave that tree branch alone and it continues to rub on your roof, it's gonna rub through your roof? And on average, we see this happening, you know, based on what's going on right now. It's gonna happen in the next 5 or 6 months, and that's gonna cost you $30,000. Or I can have my crew here tomorrow with a ladder and for $500, we can cut these branches down, and you don't have to worry about your roof, you know, going away. Right?
Speaker 1:So what is the potential pain or cost of inaction you're trying to achieve? This gets really hard in the cybersecurity world because we don't talk about it in that language, and we have these reports that get published that are really scary. You know, Verizon publishes the data breach investigation report. By the way, DBIR is just probably the biggest name in that space, but all the security companies are publishing their version of these research. And it talks about dwell time breach, source of breach, you know, aggregated across a lot of stuff.
Speaker 1:And, you know, the scary things within that become what percentage of I'm not gonna tell you the stat. Just go look it up. Because if I tell it to you and, you know, like, it it's the numbers are so high, you're not gonna believe me. Right? You know?
Speaker 1:So or by the way, go ahead and comment below. You know? What's the stat? Right? You know, the percentage of companies that are gonna experience a cyber incident on, you you know, each year equals x percent.
Speaker 1:Right? Like, it's just a thing. What percentage of those comp what's the average cost per cyber event, and what percentage of those companies are going to go out of business as a result of it. By the way, the going out of business, I think a lot of people still kind of associate it as, like, a one to 1. Like, it's a direct thing.
Speaker 1:Like, oh, you know, I had ransomware and it put me under. Usually, what happens with the going out of business is it's a much more painful kind of, like, bleeding out. Right? So you have however many days of interruption of your business. You just can't work.
Speaker 1:You can't produce product. You can't service your customers. So you have your loss of revenue. You have your direct cost because you're now still paying your employees. You're paying for your facilities.
Speaker 1:And then how many days of that can transpire before you can't pay your employees, you can't pay your facilities, goodwill that you lose? How long is before your customers start to find alternatives? The stickiness of an incumbent is really high. You probably if you're in business, you understand this. It's hard to acquire a customer.
Speaker 1:It's easy to lose a customer. It's almost impossible to get them back. If enough time passes and your customers switch to other companies, other, you know, providers, it's hard to get them back. It's also hard to deal with issues if their data is leaked and you've got any sort of issues related to that. So right?
Speaker 1:You know? Oh, you're a 10 person legal office. Like, we don't have anything of value. Yeah. You have your customer's intellectual property and confidential information that is gonna be really bad if it gets out there.
Speaker 1:Right? You got somebody going through a merger acquisition, the m and a, right, trying to sell their business, dealing with, you know, whatever it is. Right? You have you have stuff that's valuable. I don't wanna harp on this for too much.
Speaker 1:Circling all all the way around. Right? It's like, are you solving a pain point? Can you illuminate a pain point that maybe they're not aware of? Can you provide information on the cost of inaction?
Speaker 1:Can you paint a picture of the future? Can you provide value across those different things at the same time? This is the approach that has to be taken here. And and just understand also, if you're trying to sell, like, like, a product, you know, in the market, they might not be a buyer. Maybe they're they don't have budget.
Speaker 1:Maybe they already have the solution. Maybe they don't think they need the solution. Right? Like, the the pushiness that I'm seeing with a lot of these organizations, like, you know, no. You can't incentivize them to buy your service because you're gonna give them a free month worth of service.
Speaker 1:Like, it's not an approach that actually works in the real world. So if you think it's working and you're watching this and you're on the sales side, just, like, stop doing that because that's not what's triggering your your customer to buy from you, your prospect to buy from you. Do you understand what they're actually trying to do? Do you understand what their objective or pain point is? Can you help them get to that end point?
Speaker 1:Can you help them avoid a pitfall along the way? Can you highlight and illuminate the cost of inaction? Is that cost of inaction high enough that it'll actually motivate change? Right? People respond to change based on pain.
Speaker 1:And, you know, I'm not gonna go I don't think it's it's I don't need a pound on this one. I I think I've been harping on this one already for long enough. But the point here is is, you know, like, coming back to it, like, sell me this pen. Think about how you're selling this pen, and if the person you're trying to sell the pen to actually is buying a pen in the 1st place. And if not, why not?
Speaker 1:And can you figure out a better way to find people that need the pens and go sell them pens? By the way, everybody needs cybersecurity. So, like, if you don't think you need the cybersecurity, you do need the cybersecurity. ReachOut will make this really easy for you. It's actually surprising how cheap it is to get, like, measurable increases in your cyber security posture and your maturity.
Speaker 1:Chances are your platforms are already giving you stuff that you just need to push a button and turn on, and you can just get it for free. No. It's not a drag. No. It's not that hard to do.
Speaker 1:Yes. It's worth it. Yes. You want it. Comment below.
Speaker 1:Happy to help. Give me a call.
