I was recently at an auction for my daughter’s elementary school. The amateur auctioneer/actual school parent was doing a great job getting the rest of us to engage with him and bid up items. He kept saying, "Come on people, my dad taught me to ‘Go for the No’." He was doing his best to keep the bids rising by reminding us of our cause. He was great at getting what he needed to make this auction a success for our public school.
I kept thinking, "Go for the No" – we could use that approach in the security industry. Too often I hear from my clients that they do not have executive mindshare. They say it is so difficult to get buy in on security investments and even security policies because they often don’t have executive sponsorship. Security is an afterthought. My clients employ different approaches to squeak out funding – tying it to other IT projects as an add-on, waiting for compliance requirements to dictate it, or worse waiting for a negative event with financial impact like an a cyber attack. What they may not be doing enough of is commanding executive mindshare by thinking like a business-person. Security professionals need to ask themselves, "Do I 'Go for the No' with my executives?"
"Go for the No" is a selling strategy for complex sales. We might think security is a no brainer – but selling it to executives can be quite complex. Security becomes compelling to executives when it impacts what they care about. Each security organization needs a mission statement and a plan that directly correlates to the business’ objectives. “Go for the No” can help you get there. In this overview of the selling strategy, Jeff Thull writes about the four phases of the "Go for the No" approach. Here is how a security team can use them.
- Discover – Set the stage for a compelling relationship with your "customer" (the executive). Do this by understanding their overall goals. What are the company’s critical objectives for the year? Are they focused on increasing margins, driving new product sales, or customer retention?
- Diagnose – What problems or challenges may prevent the company from achieving these goals? External competition? Employee performance? How can security impact this?
- Design – Create a security plan that helps the executive achieve their goals.
- Deliver – Present the plan to executives in a manner that clearly aligns security objectives with business goals.
What do you think about "Go for the No?" Will you try it with your CEO?
