Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

Users' Most Hated Sales Pitches

What ticks you off about security vendors' sales pitches? Exasperated customers offer their un-favorites

They're the things that make you want to get up and walk out of a vendor's security sales presentation. The claims, the cliches, the mindless drivel. They make you want to scream, "Shut UP!"

Here at Dark Reading, we get a ton of security sales pitches, too. So during Interop week, we decided to give our readers a chance to share their pet peeves about these pitches, and what really drives them crazy about their sales reps.

Consider it a collective primal scream. Vendors, if you're reading this, we don't mean to pick on you. But if you find some truth in here, consider it a little bit of constructive criticism.

Here are the comments we heard, in no particular order. Many of our respondents preferred not to be quoted -- ironically, they didn't want to tick their vendors off.

Wanted: A Lighter Touch
"Certain vendors drive security much harder than it should be. The common sense approach works better for me -- don't browbeat me that it's a malware or virus problem. Microsoft's OneCare has antivirus, anti-spyware, and backups, but they're not beating it into your head like the AV vendors do that if you don't have it, you're not protected.

"I get tired of antivirus messages when I think the bigger issue is putting policies in place. Security isn't always about a product -- it's about people and policies."
— Will Wilson, director of information systems, Guardian Management LLC

Can You Use It in a Sentence?
"The thing I hate most is when they don't know squat about the product they're trying to sell. They say something like 'We're the only vendor with Hegelian Geometrics Technology' -- which may be true, but their competitors all have the same thing under a different name. Or they'll say, 'Only our product can protect you from zero-day attacks on your production pentest network with IPSEC partially enabled' -- but really, they're just reading off buzzwords they found on CIO.com.

"If you ask them any details, they want to shovel you into LiveMeeting (great, now I have to find a Windows machine) with somebody who knows just barely more than they do."
— Anonymous

Ghost Products
"My biggest pet peeve with vendor sales pitches is vaporware. Vendors are always offering discounts and incentives to buy now, telling me that a particular needed feature will be coming in the 'next' release.

"I always ask vendors to describe what makes their product different/better than their competitors. If they can’t list the competitors, or tell me some information about their competitors’ products (which in most cases I have already reviewed), then I view everything they say with suspicion."
— Robert Mims, vice president of security and privacy at a large clearinghouse

Try This, Muttonhead
"The thing I hate most is the amount of time they spend calling and emailing you with the same question: 'Are you ready to try our solution?' In our shop, it takes months -- sometimes a year or more -- just to get the higher-ups to even look at a security solution we've evaluated or recommended.

"I tell the vendor just that. Nonetheless, they continue to call. Then they email me if I don't call back. And I don't mean a day or two later -- they call, then email, within 30 or 40 minutes. It's a waste of their time and mine. They just want to make their call sheet look good to their bosses, like they have you on their hook, just waiting to reel you in. It's just a pain. When we want it, we'll let you know."
— Anonymous

Put a Cork in It
"I [don't like it when vendors say they] will stop your data leakage problem. Most of the stuff I hear about has no assurance mechanisms or audit tools. Without those, you're just buying a really expensive, useless box.

"It better make us money, save us money, or mitigate risk. Security pros are the worst salespeople out there, so you can only cry wolf [with the COO or CFO] once before you lose all credibility. I'd also like to see more vendors that sell solutions and services," that are more holistic or work with other key IT systems.
— Eric Latalladi, VP, CTO and acting chief information security officer, J.B. Hanauer & Co.

Do Eskimos Really Buy Refrigerators?
"The thing I hate most is vendors' complete lack of knowledge regarding the underlying needs of security in my environment. If a tool isn't going to help me solve a serious security issue, as determined by my risk assessment and prioritized by my policies, I'm not going to waste time on it.

"They can't admit that my environment really doesn't need what they're selling. This might be a common failing of salespeople, but security salespeople seem particularly prone to it. You can't pitch security software the way you pitch office suite software or other kinds of applications -- the needs are driven completely differently."
— Anonymous

Bash Off, Bub
"It turns me off when they bash another vendor's product. As soon as they start doing that, I walk away. If they can't sell it on its own merit, I'm not interested."
— Mike Tepedin, technology manager, Johnson & Johnson

It Also Makes Julienne French Fries!
"I hate it when they portray their solutions as if they are ‘plug-n-play’ panaceas. Anyone who’s been involved deeply with security knows that the tool is often secondary to the underlying business and organizational policies that it must support. The success of any measure lies at the end of an implementation and improvement cycle -- not at the execution of a program, or plugging in a device.

"Even telling us that the implementation isn’t just an installation -- that the setup process will take awhile -- would be helpful. Especially when a C-level visionary has purchased one of those 'miraculous' products as the result of one of those sales pitches, and you have to make it work in your environment."
— Anonymous

Actually, It Is Personal
"It's about the relationship for us. If there's a vibe that they just want to make a sale, we're probably not going to work with them. We don't answer a lot of cold calls, and there's a reason we do voicemail filtering. My boss gets this 'I know you're getting this voicemail -- please just call me back' message a lot.

"Vendors need to be a good fit culturally. We need to know that when we need support, there will be no questions asked -- the vendor will just do it."
— Kevin Sonney, technology systems manager, Zumiez Inc.

Sorry, I'm Not In Right Now
"I often get salespeople leaving nasty messages, seemingly indignant that I didn't return their prior, unsolicited sales call voicemails. Sheez! Why do they think I let it go to voicemail in the first place? Caller ID is a godsend."
— Jay Wessel, vice president of technology, Boston Celtics

Even Our Compliance Is Compliant
"One thing that bothers me is the grinding away at regulatory compliance -- especially when the vendors don’t care enough about making the sale to find out the compliance needs for the business they’re pitching it to.

"I work for a university, so about the second time that a pitchmaster mentions regulatory compliance issues for a brokerage -- yet doesn’t even mention the Buckley Amendment -- I figure that their post-sale support and understanding will be about the same quality as their pre-sale caring about our needs. Then I cross them right off the list."
— Anonymous

You're Waking Up My Sled Dogs
"The thing I hate most -- or am bemused by, depending on the day -- is that many vendors don't seem to understand the concept of time zones. I am in the Alaska time zone, which is four hours later than the eastern time zone, and I cannot count the number of times I have arrived at work and found a vendor call on my voicemail that was recorded at 5 a.m. my time. That doesn't help in selling me products."
— Eric Knapp, security analyst

— The Staff, Dark Reading

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26246
PUBLISHED: 2020-12-03
Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions.
CVE-2020-29279
PUBLISHED: 2020-12-02
PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution.
CVE-2020-29280
PUBLISHED: 2020-12-02
The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page.
CVE-2020-29282
PUBLISHED: 2020-12-02
SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.
CVE-2020-29283
PUBLISHED: 2020-12-02
An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php.