Do you find #infosec vendor sales frustrating? Can't stand those emails: "Do you care about security?" or "Without <vendor> you're breached?" I talked about the unfortunate reality of security sales and what we can do to make it better scmagazine.com/home/opinion/…

The sales cycle for security tooling is the worst.

What else would make it better in your opinion?

It’s like asking what would make buying a new car from a dealership better. The whole process is geared for sales, regardless if the product is a good fit.

Fair. It seems the transition we need is from ‘used car sales’ mode to an actual valuable partner. In the past, I found myself first identifying quality teams I trusted. Then, if they were working on a problem that I was facing I was happy to explore their product.

Very much the reverse of sales. Instead of you selling me a product, I evaluate the quality of your teams and then ask if you have products that might be interesting to me.

Back in my PayPal days, we had someone that would coordinate calls with vendors, ensured they skipped the 10 minute intro/origin story/market blurb, and stuck to a tight agenda focused on our needs. I didn’t know how good we had it.

These days, I leverage my knowledge of tools I’ve used in the past and ask around in my trusted network for recommendations. OSS has a bigger role these days; it side steps the sales cycle, but comes with other costs.