To get on a soapbox for a second, podcasts are free.  They contain real facts, real opinions from real people.  Practitioners in the field. Sure, podcasts are governed by less stringent practices than mainstream media – so may not be as factually correct, and sometimes take bigger liberties, but you actually get more of what people really think.  I’m re-challenging myself to take some of the time that I spend on junk TV, music at the gym (if I ever get there), on listening to talk radio on the commute, to background noise on a flight, and turn it into time spent listening to (and watching) podcasts.  You can find podcasts on just about anything. Time well spent (although be discerning… the fact that anyone CAN have a podcast, means that there is definitely quite a bit of junk to wade through). /RantOff

FYI, this post is about technology sales, although I’m certain that many people can relate to it.

A great guy that I know, Martin Fisher, Twitter @armorguy, is one of the hosts of the Southern Fried Security podcast at http://www.southernfriedsecurity.com.

Yesterday I listened to Episode 176, called “Money Changes Everything” found here http://www.southernfriedsecurity.com/176/.  It’s about getting your internal information security and risk management projects funded.  I think it’s also a must listen as a technology sales person.  Martin is joined by Andy Willingham, @andywillingham, Yvette Johnson @JetSetYvette, and Steve Ragan, @SteveD3.

Here are some of the things that I picked up from listening to this episode:

In this installment, Martin brings up the adage from Glengarry Glen Ross of “Always Be Closing” in the context that it’s important to know what the business is reading about, is concerned about and align it with internal projects, and more importantly align technology with that business need.  Need to understand what the technology your stakeholders are hearing about does.  Real understanding.  Then, “Don’t talk about stuff that doesn’t matter”.

Have multiple “elevator” pitches prepared –  get to know how to best present you and your company to your customers and prospects, to everyone from the influencer, to the decision maker, to the person in charge of purchasing.  Have them handy for engaging with vendor field reps, for vendor SEs.

Pay attention to what Forbes, Business Week and the WSJ has to say about InfoSec (or whatever it is that you’re selling).  If you don’t know what they’re saying, you’re misinformed.  Make the connections, know how to tie technology into business challenge.

Don’t just look at trade news (CRN, CSOOnline, Gartner), look at industry news, business news.  At a macro level, Forbes, Business Week, NYT, WSJ, all of those are great.  But find the vertical publications too – what are financial institution CEOs reading, what do hospital administrators turn to for news and information about how to run a successful hospital?  While they may not talk about phishing, or malware per se, they talk about the business problem.  Whether you’re a salesperson or an executive that is working to “sell” into your customer, or within your organization; your job is to understand how technology can be used to protect your organization against those problems. Those threats. The fact that mainstream media has picked up on this significantly means that it’s a more widely known problem… more pervasive… and it doesn’t just matter to technologists now, this is a problem that people are aware of throughout organizations.   Data Threats are not going away, and this is a unique time to be able to help your customers or your organization protect what’s most important to them.

They also talked about which departments need the solution, and get their support.  This led me to think harder about that one – what if we actually knew for sure the following info, do you think we would make more sales? Better sales?


  • Know which departments need the solution
  • Know the impact on the department
  • Know if the department shares the funding burden


Think about it – the more departmental support we have, the more we know where the budget comes from, the easier the budget


No matter who our primary contact is, we have to stop trying to sell to IT, and start selling to the business.  That’s a game changer.  If you have a customer that has no interest in understanding what the business needs? If they’re reluctant to change their way of thinking? We can help educate them and  build value for them within the organization.  If we can help grow them, great, if not, we’re there to recognize opportunities. Another Glengarry Glen Ross borrow for the phases of the sales process:

Attention – Something bad happened.
Interest – How well are we protected?  How do we prevent this from happening to us?Decision – What should we do?
Action – Validation of investments you’ve already made, or getting the go-ahead to fill the gap.

Good comment – “Cautionary tales are wonderful, but FUD is the devil”. – Don’t make the cautionary tale worse than it is by exaggerating “Fear, Uncertainty & Doubt”, or over-promising what the solution you’re selling will deliver.

Tangible things that people forget about that they can use to get positive attention:

  • Using audit – especially external findings / assessment findings.  Audit findings, non-conformances, observations & negative findings are business risks. Companies, especially publically traded businesses, really care about that.
  • Evolving compliance standards – PCI – DSS is continually getting updated, HIPAA rules are becoming reinterpreted, almost every compliance standard goes through being re-defined and re-evolved.

Interest is all built on relationships.  Early in a customer engagement, relationships on our side are built on expertise power (knowing or thinking that we have superior knowledge in an area).

I don’t want to give you the whole thing – listen to the podcast.  It’s worth it. By the way, I highly suggest subscribing to this podcast and making it a regular listen. If you don’t do that, you’re cheating yourself by not at LEAST listening to this episode.

Sample Podcast Lists

Information Security Podcast Lists

https://isc.sans.edu/podcast.html – SANS “StormCasts” & ISC Podcast

General Podcasts


I also suggest going to ItunesU and Itunes and check out the educational material and podcasts available there.


What podcasts do you listen to? What blogs do you read?

The opinions stated here are my own.  Not endorsed or paid for by any company or government entity.  No animals were harmed in the making of this blog post.  No trees either.  THAT MEANS DON’T PRINT IT.

Check out SalesRoundup.com.

It’s pretty great stuff.  Don’t take my word for it, head over and take a listen.

Focused specifically on IT sales (hardware, software, services).  I’ve gotten something out of each podcast I’ve listened to.