They're the things that make you want to get up and walk out of a vendor's security sales presentation. The claims, the cliches, the mindless drivel. They make you want to scream, "Shut UP!"
Here at Dark Reading, we get a ton of security sales pitches, too. So during Interop week, we decided to give our readers a chance to share their pet peeves about these pitches, and what really drives them crazy about their sales reps.
Consider it a collective primal scream. Vendors, if you're reading this, we don't mean to pick on you. But if you find some truth in here, consider it a little bit of constructive criticism.
Here are the comments we heard, in no particular order. Many of our respondents preferred not to be quoted -- ironically, they didn't want to tick their vendors off.
Wanted: A Lighter Touch
"Certain vendors drive security much harder than it should be. The common sense approach works better for me -- don't browbeat me that it's a malware or virus problem. Microsoft's OneCare has antivirus, anti-spyware, and backups, but they're not beating it into your head like the AV vendors do that if you don't have it, you're not protected.
"I get tired of antivirus messages when I think the bigger issue is putting policies in place. Security isn't always about a product -- it's about people and policies."
Will Wilson, director of information systems, Guardian Management LLC
Can You Use It in a Sentence?
"The thing I hate most is when they don't know squat about the product they're trying to sell. They say something like 'We're the only vendor with Hegelian Geometrics Technology' -- which may be true, but their competitors all have the same thing under a different name. Or they'll say, 'Only our product can protect you from zero-day attacks on your production pentest network with IPSEC partially enabled' -- but really, they're just reading off buzzwords they found on CIO.com.
"If you ask them any details, they want to shovel you into LiveMeeting (great, now I have to find a Windows machine) with somebody who knows just barely more than they do."
"My biggest pet peeve with vendor sales pitches is vaporware. Vendors are always offering discounts and incentives to buy now, telling me that a particular needed feature will be coming in the 'next' release.
"I always ask vendors to describe what makes their product different/better than their competitors. If they cant list the competitors, or tell me some information about their competitors products (which in most cases I have already reviewed), then I view everything they say with suspicion."
Robert Mims, vice president of security and privacy at a large clearinghouse
Try This, Muttonhead
"The thing I hate most is the amount of time they spend calling and emailing you with the same question: 'Are you ready to try our solution?' In our shop, it takes months -- sometimes a year or more -- just to get the higher-ups to even look at a security solution we've evaluated or recommended.
"I tell the vendor just that. Nonetheless, they continue to call. Then they email me if I don't call back. And I don't mean a day or two later -- they call, then email, within 30 or 40 minutes. It's a waste of their time and mine. They just want to make their call sheet look good to their bosses, like they have you on their hook, just waiting to reel you in. It's just a pain. When we want it, we'll let you know."
Put a Cork in It
"I [don't like it when vendors say they] will stop your data leakage problem. Most of the stuff I hear about has no assurance mechanisms or audit tools. Without those, you're just buying a really expensive, useless box.
"It better make us money, save us money, or mitigate risk. Security pros are the worst salespeople out there, so you can only cry wolf [with the COO or CFO] once before you lose all credibility. I'd also like to see more vendors that sell solutions and services," that are more holistic or work with other key IT systems.
Eric Latalladi, VP, CTO and acting chief information security officer, J.B. Hanauer & Co.
Do Eskimos Really Buy Refrigerators?
"The thing I hate most is vendors' complete lack of knowledge regarding the underlying needs of security in my environment. If a tool isn't going to help me solve a serious security issue, as determined by my risk assessment and prioritized by my policies, I'm not going to waste time on it.
"They can't admit that my environment really doesn't need what they're selling. This might be a common failing of salespeople, but security salespeople seem particularly prone to it. You can't pitch security software the way you pitch office suite software or other kinds of applications -- the needs are driven completely differently."
Bash Off, Bub
"It turns me off when they bash another vendor's product. As soon as they start doing that, I walk away. If they can't sell it on its own merit, I'm not interested."
Mike Tepedin, technology manager, Johnson & Johnson
It Also Makes Julienne French Fries!
"I hate it when they portray their solutions as if they are plug-n-play panaceas. Anyone whos been involved deeply with security knows that the tool is often secondary to the underlying business and organizational policies that it must support. The success of any measure lies at the end of an implementation and improvement cycle -- not at the execution of a program, or plugging in a device.
"Even telling us that the implementation isnt just an installation -- that the setup process will take awhile -- would be helpful. Especially when a C-level visionary has purchased one of those 'miraculous' products as the result of one of those sales pitches, and you have to make it work in your environment."
Actually, It Is Personal
"It's about the relationship for us. If there's a vibe that they just want to make a sale, we're probably not going to work with them. We don't answer a lot of cold calls, and there's a reason we do voicemail filtering. My boss gets this 'I know you're getting this voicemail -- please just call me back' message a lot.
"Vendors need to be a good fit culturally. We need to know that when we need support, there will be no questions asked -- the vendor will just do it."
Kevin Sonney, technology systems manager, Zumiez Inc.
Sorry, I'm Not In Right Now
"I often get salespeople leaving nasty messages, seemingly indignant that I didn't return their prior, unsolicited sales call voicemails. Sheez! Why do they think I let it go to voicemail in the first place? Caller ID is a godsend."
Jay Wessel, vice president of technology, Boston Celtics
Even Our Compliance Is Compliant
"One thing that bothers me is the grinding away at regulatory compliance -- especially when the vendors dont care enough about making the sale to find out the compliance needs for the business theyre pitching it to.
"I work for a university, so about the second time that a pitchmaster mentions regulatory compliance issues for a brokerage -- yet doesnt even mention the Buckley Amendment -- I figure that their post-sale support and understanding will be about the same quality as their pre-sale caring about our needs. Then I cross them right off the list."
You're Waking Up My Sled Dogs
"The thing I hate most -- or am bemused by, depending on the day -- is that many vendors don't seem to understand the concept of time zones. I am in the Alaska time zone, which is four hours later than the eastern time zone, and I cannot count the number of times I have arrived at work and found a vendor call on my voicemail that was recorded at 5 a.m. my time. That doesn't help in selling me products."
Eric Knapp, security analyst
The Staff, Dark Reading