CISOs ignore exaggeration

Everyone  understands that you have spent a lot of money developing your cyber security product or service and its capability has been aligned to a known issue that exists. So why do so many organisations position the product as the answer to everyones prayers with the capability to turn water into wine or find the pot of gold at the end of the rainbow?

Even if your management think you have created nervana, No product or integrated solution has the answer to every issue that a CISO needs to address today (a crystal ball is good for the future). You never originally set out to answer the call for utopia, so why have you gone so far off message?

If you have done your homework correctly as part of your GTM strategy, you'll know who your target market is, you'll have a good idea of the people that are in the decision making process and you'll understand the functional value of the product/service.

The goal of all messaging and positioning is to gain awareness of your company and product with future purchasers and have these new prospects and existing customers consider your company when the need for such a product or service is required. The only thing I can guarantee is that any seasoned client facing individual would never walk into a meeting and say "I'll guarantee our product is the answer to your prayers and will stop all threats", because the duration of the meeting will come 2nd to the time you spent walking from reception to the meeting room, or in current terms, the time it took you to logon to Zoom.

This may sound counter intuitive, but your messaging hierarchy that you convey as part of your outbound activities (media and people) is not from bottom up (product capability) but is top down. But top down does not mean exaggeration by using blue-sky statements or BHAG's (big hairy audacious goals) its about driving top down messaging based on your company or product PURPOSE.

Let's assume we are talking about the product here as no CISO intentionally goes out to buy your company.

Your product 'Purpose' is short, succinct  and clear. It says what the product has been developed to achieve. No nirvana, utopia, bhag's or blue-sky. Why not, because you never had the engineering budget approved to build something that is intangible and cannot be measured.

Why is top down not based on Vision, Mission and Strategy?,  because these are all internal measurements that CISOs have no interest in during the initial consideration stages of product evaluation and selection.

Whats the best way to understand what could be built into the 'Purpose' statement and subsequent layers of messaging, go talk to the CISO. Believe it or not they are not monsters and welcome being part of a process that helps them and their peers understand what your product or service can do to help them convey this to their management team and make their teams more effective.



Alternatively, talk to me as I talk to CISOs on a regular basis and have insights into their pains and pressures.