A Value-Added Approach for Marketing to CISOs

A Value-Added Approach for Marketing to CISOs
In large and enterprise organizations where data is the product, the CISO makes decisions about cybersecurity purchases. While these individuals often have a background in IT, data analytics, or software development, by necessity they also control budgets, growth, and revenue drivers like C-levels. Selling to the CISO can feel impossible, even if it is easier than dealing with a non-technical CEO. You don’t have to convince CISOs of the importance of cybersecurity threats, but you have to make a case for your product’s ROI.
CISOs have to balance acceptable risk levels with expendable budgets, current skill sets, and growth metrics.
CISOs have to balance acceptable risk levels with expendable budgets, current skill sets, and growth metrics. Balancing these priorities in marketing assets can put cybersecurity marketers in a bind. To add value to CISOs, you need to convince them that your products solve problems while also selling security products as good investments that supersede or improve upon current technology strategies. How do you do that? Start by crafting content that supports consumer advocates within target accounts and then make long-term plans to provide tools that increase the software’s long-term ROI. The suggestions in this article range from marketing assets you can produce now to company-wide changes you’ll want to strategize on for the long term. Let’s start with what you can control.

Free or low-cost (and product-supportive) education

Don’t wait for advocates to come to the product. Make advocates, instead. If you teach the skills they need to thrive in the marketplace, cybersecurity experts will follow. Become their partner in security. Give them support, invest in the future of their company, and step in to help where you can.

Why should you build educational content systems?

CISOs love partnering with education-focused vendor experts because it lightens their training workload. This goes beyond that self-serving thought leadership you see all over LinkedIn. When you give people the information, skills, and know-how, they can do their jobs better. Educational tools bring people back to your company over and over again because your site is a destination for industry learning, not just for a great product.

How to get started

Education as content marketing requires dedicated resources from your marketing team, but an educational initiative doesn’t take much more than buy-in for the time and resources to produce it.
  1. Start with what you know: your marketing site. What educational resources do you have in-house that you can gather and publish in a central location? Make these resources free to anyone or offer them as a lead generation tool in exchange for an email address. Then look at the resources you can revise to will help people better understand cybersecurity threats. Try promoting your educational content through a simple email newsletter or a drip campaign marketed as a week-long course.
  2. Next, think about the types of education that would help CISOs. If they have a small team who needs education but they don’t have a lot of budget, what resources can you provide to help ICs get the certifications and knowledge they need? Webinars, online courses, and in-person events boost your brand image and help convince CISOs that your brand is a partner in cybersecurity, rather than just a vendor.
  3. Finally, education should also extend to the rest of the enterprise. Teaching the entire company about cybersecurity and how to avoid threats means less work for the CISO, less budget spent on response, and longer-term revenue growth.

Pro Tip

It’s easy to forget that you’ve got your marketing hat on when you build educational content, but try taking it off — temporarily. Build your educational content around education. Minimize the number of references to your product to those that happen organically or use them to illustrate best practices. Educational content is not a case study or testimonial. Also Read: They’re Not Paranoid, They’re Security Pros: Successfully Finding and Marketing to the IT Security Audience

Freeing up space in budgets

As marketers, we use case studies and testimonials to show added value. From there, we leave it up to the decision maker to give a thumbs up or thumbs down on the product. But, what if there was another way that we could produce results for CISOs without giving away the farm?

Why you should help customers find budget for your product

This is the heart of sales enablement: overcoming objections. Provide an answer to “The budget won’t allow it,” with worksheets, free tools, and proactive defensive strategies. When you have these marketing assets ready and waiting, your sales team (and the customer advocates at your target account) can answer confidently, “We’ve thought of that.”

How to get started helping customers free up budget

Consider some of these options — in order of least to most company involvement:
  • Budgeting worksheets that show how your product improves the overall return
  • Worksheets or support to help CISOs align tool purchases with business goals
  • Tools that highlight response and detection, rather than focusing on the perimeter and defense
  • Free tools for monitoring or testing
  • Open source technologies
  • Industry forums and communities
The point isn’t to reduce your revenue, but to focus on the long-term gain. Help your customers by giving them greater insight into how much they need your tool, and how much you can give back.

Pro Tip

Case studies, reviews, and testimonials are powerful tools for arguing for budget, so keep investing in them. Once you’ve built a system for sourcing user feedback for marketing materials, branch out into other BOFU content that adds value during the decision phase of the purchase funnel.

Build automation into your tools

By building automation into your product, you can save enterprises time, make your app less susceptible to human error, and promote your brand as a time and budget-saving tool. If your tool already automates processes, you can build educational white papers, blog posts, and case studies to show the value of the tool, promote it, and get your customers to buy it.

Why should you build automation into your tools

In addition to making things really easy throughout the cybersecurity lifecycle, they also reduce the need for individuals to be on the alert at all times, which reduces overhead. Automation picks up where hiring budgets leave off. An automated tool doesn’t require benefits, never needs time off, and rarely asks for a raise. Adding value to your tool by easing the need for HR overhead means companies have more budget to spend with you.

How to get started with automation in your tools

Automation comes in all sorts of forms, so there are millions of places your tool could start. If you’re at a loss for the most important tools, start by questioning your customers.
  • What reports do they look at every day?
  • What actions do they repeatedly take within the app?
  • What notifications or alerts would benefit them the most?
  • What information is difficult to access quickly?

Pro Tip

It’s easy to get caught up in the buzzwordiness of automation, which can make it feel like a pipe dream. Focus on the customer value in your marketing materials: hours saved, percentage of work completed, and number of tasks completed. Hard numbers are impressive, but jargon will make eyes glaze over.


We’ve offered three big ways — in increasing order of company involvement — to improve advocacy with target accounts. While you may not have control over the product’s roadmap, you have the resources to increase the value of your product for CISOs. Target value-driven content, education, and product improvements will increase advocacy for your product. We know how to market to CISOs because we speak with them every day. Let us help you find CISOs and cybersecurity decision makers who are looking for you.
Related Posts