How to be incredibly unsuccessful at everything cyber security as a Vendor

Part two


The views and items listed may offend or be taken in the wrong light. To those people we apologize. To the rest, we hope it provides food for thought. Please feel free to comment if we missed anything important! Here we go...

As a Vendor:

  • Spend the majority of your funding on marketing and a super flashy UI, not the product itself, and especially not on stability and engineering.

  • Make sure I must have 5 tabs open and use at least 6GB of ram on my browser to use your solution, as it motivates for new equipment.

  • Don’t build and document quality API’s. Your reporting, and your console fits my needs exactly, and no one plans on doing automation, ever.

  • As soon as your customers are used to your platform, change everything! UI, API even the Product name, and do it often, it is exciting having to figure stuff out when I’m in a rush.

  • Make customers and the channel pay for your certified training, and make it super expensive, that way the cost of management and our commitment to your technology is solidified! Oh and please make your channel training really fluffy, we will buy professional services from you later.

  • Make comments like super ROI, Time to value, quick installation, based on your marketing deck and “independent research” not actual customer experiences.

  • Buy drinks, drinks, drinks, and more drinks, at every opportunity and event, the industry is high stress and high pressure, encouraging overindulgence is a great coping mechanism for us, you are really helping us cope!

  • Sex sells, so please make sure you have scantly clad ladies at every event, it really drives inclusion and respect, inside and outside the workplace.

  • If you struggle to find ladies to do these events, use your own daughter, and get the full selling experience.

  • Don’t listen to your customers, they only consume your ideas (at a premium) after all, they shouldn’t have a stake in your roadmap.

  • Do not do QA on releases, and please introduce more vulnerabilities.

  • Have support and maintenance contracts, so customers can pay you for your QA/UAT failures in your product, it is a great revenue generator.

  • Tie your customers into long term purchases because it only makes sense to give discounts this way. No one wants Opex models, that are consumption-based and easy to scale up or down.

  • Make sure your solutions need the highest level of access (domain admin is preferable) to extract the data you need. The least privilege is the customer's concern, not yours.

  • Treat bug bounties/researchers poorly and with no respect, after all, they don’t understand your product.

Resellers/MSSP

  • Don’t listen to customers, you know everything in the field, and they don’t know what they need.

  • Tell customers your offering is better, without understanding the use case or customer challenges, it's better because you’re selling it, that’s all the customer needs to know.

  • Sell “BLAAS” (Blatant Lies As A Service), customers are stupid, and won’t notice.

  • Don’t have KPI/Service measurements that are hard to implement, especially if they are what’s right for the customer, make them easy to achieve.

  • Have watermelon reporting, no matter what (green on the outside, red in the middle).

  • Onboard as much technology as you can, someone will buy it.

  • Add “value-added reseller” to your title, customers love “value”.

  • Only speak to customers around renewal time, or when you have a new toy to show them, they are busy and do not want a relationship that delivers more than transactional value.

  • Be unethical, it is the only way to win.