Earning Trust As A Cybersecurity Vendor
Practitioners, executives, and investors know the stakes for cybersecurity are incredibly high and will only get higher. Ransomware locking up mission-critical devices in Oil & Gas or Healthcare, disruption causing standstills in Logistics, and identity theft rising due to your data being leaked ten times over. The story in global cybersecurity that I spend a lot of time thinking about right now is not a doomsday or Creative Destruction narrative, it is that there are a lot of great solutions out there ready for the task at hand. The challenge is getting them implemented at a global scale, in a relevant timeframe. The greatest inhibitor to the required scale and speed of adoption in my experience is trust or lack thereof.
Taking a step back, the amount of dependence enterprises put on their cybersecurity vendors is astonishing. IT and cybersecurity within the enterprise can be human-engineered mayhem with near-infinite permutations; a vendor getting one thing wrong, like a config, can bring everything down. Cybersecurity leaders have a difficult vendor paradox – be highly trusting of current and future vendors to speed up product adoption, or be distrustful of vendors which slows down product adoption. There are real risks with either end of this spectrum, specifically getting burned by a vendor with false promises or missing out on key security technology before you needed it.
I sympathize with cybersecurity leaders on this deeply. I worked at the Department of Defense in cybersecurity and would hear vendors pitch magical sounding, often Machine Learning based, solutions that ultimately weren’t real. The gravity of this industry unfortunately breeds snake oil product companies, which anyone who owns cybersecurity problems knows all too well.
I don’t believe there is any silver bullet to earning trust as a cybersecurity vendor, it comes down to the culture of the organization and product design. We’ve been focusing on trust as a cross-functional principle for over a year now at Stellar Cyber and I believe it is a huge differentiator for us. We as an organization and platform are by no means perfect and have a lot of work to do, but I sure want to be the best version of ourselves when it comes to trust. Some things that we do as an organization and platform:
● Make our Product Roadmap accessible to all of our customers
● Build and maintain, what I think is, world-class documentation
● Partner with our customers so they have access to enablement, support, and our leadership to help them win and know our company on a personal level
○ This is harder to scale but with the right discipline I think it is possible to scale
● Design our product to be interpretable and not a black box
● Encourage free Proof of Values of our platform on real data, always, even if a prospect might not think they need to (e.g. RFPs), because we believe in what we offer and want prospects to know exactly what they are getting
Our team and I are always looking to be better trusted partners. To that end, we welcome any feedback from any of our current customers or any security professional on how a cybersecurity vendor can be world-class at trust. Ultimately, our customers trust us with a mission critical role in their success, and we take that very seriously.