How Security CX Teams Can Ensure CISOs Get What They Need

The unique requirements of Security teams don’t leave much room for guesswork. Theirs is a technical and precise business because the stakes are high and missteps can be costly, with breaches costing the average business $13 million in 2018. Security professionals, as a result, don’t have patience for people who think they know what they’re doing but don’t. When they have technical questions, they want someone qualified to provide complete, prompt answers. They want competence.

One reason is that CISOs and other Security executives have a lot on their plates, and they don’t have time to fumble through drawn-out deployments, opaque objectives and imprecise metrics. What they want are solutions that meet their needs in ways that work for their organization. They also want a Customer Experience (CX) team (aka Customer Success) they can rely on to help achieve that vision. Oh, and realizing rapid ROI doesn’t hurt either.

In fact, a KPMG study found that 40% of CISOs believe the right cybersecurity environment can help their companies bring products and services to market faster, while one third (33%) recognize that it can help demonstrate cyber agility and resilience. From that perspective, complicated roll-outs are less attractive to time-crunched Security teams. So are difficult-to-use Customer Support portals and unnavigable knowledge bases. And perhaps worst of all is the tendency of some vendors to gloss over reality in their attempt to sell, or later upsell, a customer on their offerings. 

Read the CISO wish list

A successful CX team understands what CISOs are looking for and does what they must to help Security (and IT) teams deliver it. It takes listening and responding, but any CX pro worth his or her salt already has those skills down. It also takes following a few other proven best practices.

• Acknowledge that your solution is just one piece of the security puzzle. No one solution does it all. Security environments are heterogenous—the average enterprise has 45 security tools—and successful solutions will play well with others. Many CISOs may worry that your solution might break or otherwise negatively impact others. Not only is it the job of your Customer Success Team to ensure that doesn’t happen, but you also need practical, proactive guidance so customers don’t even have to put this one on their worry list.
• Give it to them straight. Security professionals value straight talk, and direct, detailed answers to questions. As customers, they deserve nothing less. Never sugarcoat or spin your responses to questions about what’s possible with your solution. And make sure that when an issue arises, you’re sending the right person for the job. 
• Step in where it makes sense. In-house technical expertise can vary greatly from one customer to the next. Some simply want their cybersecurity vendors to be available to answer technical questions, but others want more. Know where each customer falls on that spectrum and ensure the team assigned to them is ready with the right level of support when customer needs arise.
• Make the hard stuff easy—if that’s what customers want. Customer Success teams are trained to help and guide the heavy lifting for large-scale integrations and other involved tasks. The right team can make an otherwise complicated and technical process relatively easy on the customer. And a self-service environment can streamline traditionally tech-intensive processes even further.
• Never, ever settle for good enough. The Catch-22 of cybersecurity is that if you’ve never experienced a breach, it’s easy to believe that whatever you’re doing must be working (and will continue to do so). The problem is that threats are persistently evolving, and what amounted to “state of the art” a year or two ago is likely now just table stakes. In the vulnerability management (VM) space, for instance, the combination of CVSS scores, scanner prioritization and spreadsheets were once accepted as the VM standard. Success metrics were fairly simple: Reducing so-called “critical vulnerabilities.” This simplistic, inefficient approach left remediation teams chasing far more vulns than they had the capacity to patch. So this old approach has given way to risk-based vulnerability management (RBVM), where Security and IT work together to prioritize and patch the 2% to 4% of vulnerabilities that pose the greatest risk to their specific environment. RBVM has since become the new standard by which VM solutions are, or should be, judged. The point is that hackers and other bad actors are well aware of this evolution and they are modifying their behaviors accordingly. So other advances, including data science-driven analytics and machine learning-driven prediction, are now necessary to accurately predict which vulnerabilities are likely to be weaponized, and which of those will probably target your organization. Within that environment, good enough is nowhere near enough, and it’s the job of the CX team to keep CISOs and their organizations a step ahead.

CISOs have enough to worry about without fretting over whether your security solution is really doing what it should, or whether your team is fit to deliver what it must. Follow these tips to alleviate CISO concerns, and you may find your cybersecurity tool rises to the top of that crowded list of 45.