July 6, 2022

Security Awareness for SMBs with Rodrigo Leme

by Breaking Through in Cybersecurity Marketing

Show Notes

Rodrigo Leme, Marketing Director at Right-Hand Security, joins us this week to cover the often ignored topic in cybersecurity of marketing to small and medium-sized businesses, or SMBs. Covering the concepts of business use cases, security awareness training, and post-sales support, Rodrigo explains the ins and outs, the good and the bad, the tips and the tricks of cyber marketing in the SMB world and when we should consider the bottom line (hint: it’s probably more than you think).

 

Timecoded Guide:

[03:14] Talking to non-technical customers in SMBs about cybersecurity and security awareness training and getting to the root of their problems and pain points

[08:30] Seeing past the term of SMB to understand the people you’re marketing to and what a good culture of cybersecurity can bring to them

[23:39] Advocating against fear, uncertainty, and doubt when marketing to SMBs and the importance of focusing on what’s good for your people, not what’s scariest

[29:09] Understanding the importance of post-sales support, engaging with customer feedback, and recognizing what customers want to see from your services

[35:39] Exploring strange and unusual business use cases and seeing the commonality of empathy for pain points in marketing 

 

Rodrigo, can you tell us about marketing to the SMB customer?

We don’t always get a chance to dive into SMB marketing with such a knowledgeable source, but Rodrigo invites us to consider the differences between an SMB and a large company customer throughout this episode. First, consider the size of a team you may be working with. Instead of having a CISO or a head of security, a business owner may be working on security themselves, hoping to find guidance from you on how to move forward in a small team. Additionally, Rodrigo warns that many SMB clients may not see the security opportunities beyond their tech goals, such as a restauranter seeking to add WI-FI to their offerings and missing additional security awareness strategies that need to be pointed out to them.

“The SMB customer has problems on the surface that he knows he has, like, ‘I want Wi-Fi in my restaurant for my guests.’ And he has issues that he's not aware of, or he has opportunities he's not aware of, like he may have security issues behind that Wi-Fi access that he doesn't know about.”

 

Can you tell us how Walmart used cybersecurity for PR?

According to Rodrigo, good cybersecurity is even better for PR. This idea could be held up with a myriad of examples, but one Rodrigo is particularly enamored with is Walmart’s prevention of gift card scams. With the ability to prevent scams and return funds before customers lose their money, Walmart has saved their customers over a million dollars and have been praised for this initiative by major news outlets. Although this is a drop in the bucket within an ocean of an issue, Rodrigo points out that saving any customer any amount of money and preventing them from being scammed in any way leads to massive PR benefits, especially when you can show off how well you understand your customer’s pain points. 

“Let's say that you're protecting those customers from getting into scams that make those people lose their mortgage money, or whatever. You're saving them a million, even if it's only a million, that's good PR. That only happens if you understand the end customer pain points, not the immediate pain points of the organization.”

 

What are your thoughts on FUD (fear, uncertainty, and doubt) in marketing to these SMBs and in these business use cases? 

We’ve discussed the idea of FUD before on the podcast, and how it’s never a good cyber marketing tactic to exploit someone’s fear, uncertainty, or doubt. Although our examples have ranged from large corporations to individual consumers, we wanted to talk with Rodrigo about his perspective on marketing for SMBs and the danger of FUD. Rodrigo, considering himself a positive person with a lighthearted demeanor, finds using FUD in marketing to SMBs to be manipulative and redundant. Rodrigo argues that not only do small business owners fear for their security, they also come to Right-Hand with a desire to enhance their security already in mind. They don’t need to be scared further if a positive approach could be just as influential.

“I do not like fear, uncertainty, and doubt. I do believe that, since we're in the education business, I do like educating. We do believe in empathy. We listen to our customers, we do ask the ‘why,’ to understand the pain points of the customers.”

 

What are some best practices around supporting the post-sales process, after you've sold a product? 

Marketing so often focuses on the beginning of the sales cycle. We love to reach out to new customers and encourage those doing their research to check out our products, but we don’t always talk about what happens after a sale takes place. For Rodrigo and his team at Right-Hand, the post-sales process requires its own understanding of your customer and their security goals beyond what they might see for themselves. Following up with customers post-sale not only leads to high-quality feedback for Rodrigo and his team, it also allows for them to see where support is still needed for their customer, including analyzing the results of their security awareness training and setting up further opportunities to reduce human risk.

“Are we really reducing human risk? If we're not: How can we help them? Can we help them leverage the services? Can we sit down with them and help build stronger content training content? Are they having problems creating content for the training?”

----------

Links:

Spend some time with our guest Rodrigo Leme on his website and LinkedIn

Learn more about Right-Hand Cybersecurity on LinkedIn and their website

Follow Gianna on LinkedIn

Catch up with Maria on LinkedIn

Join the Cybersecurity Marketing Society on our website, and keep up with us on Twitter

Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter

 



Transcript

Gianna 00:00
Welcome to the Breaking Through in Cybersecurity Marketing podcast.
Maria 00:04
Where we explore the hottest topics in cyber marketing.
Gianna 00:07
Interview experts.
Maria 00:08
And help you become a better cybersecurity marketer.
Gianna 00:19
Hello, and welcome to another amazing— And yes, I do say amazing a lot, for all you listeners who felt the need to point that out to me. Thank you so much, mom. Another amazing episode of Breaking Through in Cybersecurity Marketing. I'm your co-host, Gianna Whitver.
Maria 00:36
And Maria.
Gianna 00:38
And we're so excited to have Rodrigo Leme, the Marketing Director at Right-Hand Cybersecurity, and a voice of reason and knowledge all about cybersecurity awareness, all about actually finding the business use-case for the customers that you're selling to. And also, a really smart guy on how to market to SMBs, which is not something that we hear a lot about in the cyber marketing ecosphere. A lot of us are targeting these enterprise customers and so, Rodrigo is coming in to tell us like, "Hey, small companies matter, too, and here's how you can reach them and here's what they care about." Rodrigo, tell us a little bit about yourself.
Rodrigo 01:15
Okay, so, first of all, my journey into tech, not even cybersecurity, but my journey into tech started in 2006. My career started in 1999. Oh, I know, I started my career before the y2k, but iI didn't even start in tech, I started as a marketing consultant, and I think that's the foundation of being so business-case driven, as I am, which is the foundation everything we're going to discuss today. Being a marketing consultant gives you a lot of perspective. Even when I joined the tech business in 2006, I worked still as a consultant for telecom expense management companies. So, it was all about understanding pain points and delivering telecom expense reductions to customers. That journey brought me into Cisco, into the SMB business, which is another one of my specialties, another place where you have to derive business cases, because most of the time you're talking to the owner, you're not talking to a CIO, or CISO. You're lucky if you have a CIO or CISO to talk to in a small or medium business. The journey into cybersecurity is very recent, by the way, and again, in a very different position working security awareness training, which is very important in the grand scheme of cybersecurity things, and yet, a non-tech position, even though we're very tech-inclined, because our solutions are phishing simulations, we're delivering security awareness training, based on adaptive learning. But still, it's all about how we deliver cybersecurity awareness throughout the entire company. So, it's all about making a business case to the entire company. So, in a nutshell, that's how you press over 20 years of marketing experience into two minutes of conversation.
Gianna 03:08
Love that. Well, we can't wait to dissect all of those years of experience in this episode.
Gianna 03:14
Rodrigo, can you tell us a little bit about marketing to the SMB customer?
Rodrigo 03:20
There's the particularities that I already said, right? So, SMBs, most of the time, you're talking to a nontechnical person, you're talking to an owner that already delivers you a pain point, but most of the time that person is coming with the most immediate pain points, right? Let's start, let's drop the whole like, consultant experience that I had before. Let's go straight to Cisco, because I came to Cisco with a very clear mission. Cisco had an SMB portal, Cisco has 1000s of SMB customers, and very few enterprise customers. So, they wanted a way to get all these 1000s of SMB customers and connect to the 1000s of SMB partners, so they created a portal. So, the portal was, we offer routers, switches, Wi-Fi equipment, and we want these customers to come to the portal and say, "Either I have a project or know what kind of equipment I want. So, I'm going to shop online or present a project online." And these partners are going to come and say, "Okay, I have this equipment, I can offer you the equipment, or I can offer you their proposal for this project." That's easy enough.
Rodrigo 04:25
However, most of these customers didn't know how to do that. Either they voiced the project in a very simple way. "I want Wi-Fi for my customers in my restaurant," or, "I want to build a network in my office," or they didn't even know what they wanted. They just wanted a router, but what do you want a router for, right? What do you want Wi-Fi in your office for? So, that's when I came up with the idea of adding content to that portal. So, it's not just transactional, it becomes a communication with those customers before they get to the partners. It's a way for Cisco to talk to these guys, so we can drill down ask, "Why, why, why," like, five times you ask why to someone to get to the bottom of the problem. So, you do that with content, you deliver them a contract about IP telephony. Why do you need IP telephony? How do you implement IP telephony in your office? What's the possible advantages you have? And from there, we started to have a real conversation with those guys. When we got to a real conversation with those guys, we could deliver it to the partners, and the conversion rates just went through the roof.
Rodrigo 05:29
So, we delivered hotter leads to these partners. The SMB customer. He has problems on the surface that he knows he has, like, "I want Wi-Fi in my restaurant for my guests." And he has issues that he's not aware of, or he has opportunities he's not aware of, like he may have security issues behind that Wi-Fi access that he doesn't know about. So, in the case of Cisco, or in the case of startups such as us, it's our job to asking questions that get to the bottom of the problem. In my case, as a security awareness training provider, it's not just getting to a customer that comes to us and says, "We need phishing simulations." It's not just about phishing simulations. What do you do after a phishing simulation? You get a report that this many people opened, this many people clicked, this many people interacted with it, this many people bought from the fake Amazon vendor expecting the package and today, they're homeless, or things like that.
Rodrigo 06:30
What's after that, right? What do you do after that? You need to do training, but do you have a training program in your company? Most of them are going to say, "No, we don't have anything of the sort." So, you need a training program. So, after the training program, are you able to sort it out? Like, what kind of risks your employees are most likely going to have? Because sometimes phishing is not a problem, your employees may be very good at identifying the real thing from a threat, but your employees suck at managing passwords. Like, password123 is the champion of your company.
Maria 07:05
Aw, man.
Rodrigo 07:08
Oh, you have to change your passwords, Maria, sorry about that, I did not want to expose that. So, you need to have the kind of empathy, and that's something that we champion at Right-Hand. We talk the same way with small-medium businesses, the way we talk with enterprise companies, because sometimes they share the same things. They have problems on the surface, but they also have problems underneath. It all comes down, and we're going to talk about this today as well, but it all comes down to business case. And these are the things that you only find out by talking, talking, talking, talking, and not just getting the first thing that's on their minds, or even worse, the first thing that's on your mind, right? Because we, as companies, have a portfolio and we have priorities on our portfolio, right? The hottest thing that we're launching right now, or our sales champion, or something of the sort, so it's not about what we want and it's not even about the first thing on their heads. Of course, they have their priority, but it's up to us to deliver the priority and whatever else is urgent for them.
Maria 08:08
Sorry to cut you off, but I wanted to go into the type of content that you've seen create hotter leads, for when it does get to the sales cycle, and particularly in SMB world, considering maybe the sales cycle is a little bit shorter. So, what do you think is the piece of content that has the most influence on the deal?
Rodrigo 08:30
It's not about SMBs. Let's break a little bit here, right? Because it's nice to talk about SMBs, but in the end, we're talking to people, right? It's all about people, the CIO and the restaurant owner, they are people. So, I'm going to use something that we heard from a prospect that became a friend of the company, of Right-Hand. One of the first meetings that he had with our CEO, he came to us and he's on the retail business, the fashion business, and he asked us, like, "How can your solution help me sell more jeans?" And that's a question that kind of threw us off, right? Because how can even a security awareness training solution, let alone a firewall solution. How can that help a company to sell more jeans? What's the path that takes you from here to there?
Rodrigo 09:21
Because usually, and I'm not criticizing anyone, but some people are looking from here to here, right? Like, from point A to point B. This guy is looking from point A to bottom line, all the way through, because that's the mandate he has, as either business owner or CISO, doesn't matter. Bottom line is on the top of their heads. Bottom line is what drives the CISO to get budget, bottom line is what drives a business owner to survive in an SMB. So, whatever content that we bring to these guys, has to have what I call "baseline business case." What's the baseline business case? Whatever I do, what's the advantage of what I do for all the department heads of these organizations? Why is my cybersecurity solution, or why is my security awareness solution good for the CFO, for example? How am I helping the CFO with budget efficiency? Security awareness training is awesome, because the lower the human risk in your organization, we talk about human risk in my trade. The lower the human risk, the
lower the chances, you get ransomware attacks, right? Because humans are responsible for most of the ransomware attacks.
Rodrigo 10:33
That's where it starts because someone clicks when they shouldn't, or something like that. Why is it good for the CEO? For example, we offer compliance solutions. So, it's good for ease of frameworks, right? It's good to be compliant. Why is it good for the CMO? If you get ransomware, is it good for a reputation? Is it good for a financial institution that gets a data breach? Is it good for PR? It's awful, right? And the upside, we can bring this case later, but good cybersecurity is great for PR if you market it right. For CHROs, cybersecurity is great for culture, right? Especially the training aspects. But a culture of security is good for HR. For sales, if you're a secure company, if you have a culture of security, doesn't matter if it's for platform or for training, availability of sales ops, it's a must-have for any sales director, right? And so on.
Rodrigo 11:29
I can make the case for every role, this is what I call baseline business case. This is what every
organization should want from cybersecurity. It changes from organization to organization, it depends on the nature, it depends on the industry, but everybody should want it. And that's what we do when we deliver marketing assets, we should deliver that first. Of course, we need the technical, we need the white papers that explain the technical aspects of the solution, so the technical people can understand what the ins and outs are of the solution. But we also need assets that explain, and we need pages, we need landing pages, assets, whatever, that explain what are the benefits that go beyond the realm of the CISO, because this CISO is going to go to a meeting, this CISO is going to give interviews about the results. This CISO is going to give interviews about what you helped him build in terms of cybersecurity and how it helps the end customer to achieve something in terms of security, right? But most important, very first thing, this CISO is going to a boardroom meeting and say, "We need this kind of solution." First of all, he needs to sell the concept. "We need this kind of solution, so I need this budget to drive this." And, okay, he's sold the concept, he got the budget: Who's the very first vendor that he has in mind? The one that helped him make the business case. So, there is no magic bean here. You just need the baseline business case, you need to understand, for that guy, what's more important, how he wins hearts and minds of everyone, and bottom line. It's how you help that guy sell more jeans, how who helped that guy open more checking accounts, how you help that guy wash more clothes at the end of the month, or whatever. Bottom line. That's all that matters.
Maria 11:40
Or, how you help them look good, really, with their team and their boss, right?
Rodrigo 13:23
Yeah, exactly.
Gianna 13:25
That's so brilliant. It's so simple, Rodrigo, but it's a thing that a lot of us miss, because we get caught up in the features and technicals and benefits and only selling to, you know, the CISO, the CIO, the director of IT. The CISO and the CIO have to sell, like you said, to the CEO, they have to sell to the person who writes the check for them. You know, we're all like, "Oh, they're the check writer," well, sure, but they have to pull from a budget that got allocated to them based off of a business use case, right? It is about: What can we do for the business? It boils down to it, but in the pre-call, we were talking about a very interesting use case for a customer. You were talking about Walmart, right, Rodrigo? Can you tell us a little bit about how Walmart used cybersecurity for PR?
Rodrigo 14:07
I just loved this case, and I'm a big fan of Ira Winkler, who recently took over Walmart in cybersecurity. I'm a fan. I do sound like a groupie, but I can't help it. I've loved Ira even before he joined Walmart, so I'm not pushing anything here. I already, if you're listening, I'm not trying to sell anything, but I loved you, Ira, even before you joined Walmart. He's a brilliant cybersecurity mind. He's a brilliant cybersecurity mind because I have him as a reference of a guy who sees the business, just not only cybersecurity. You see his books on security awareness. He sees through it, right? And Walmart, being Walmart, being this gigantic organization, they developed most of their things in-house, right? But even developing things in-house, it applies to vendors as well, they saved $4 million from elderly customers who got into gift cards scams, right?
Rodrigo 15:09
So, in a nutshell, for those who never— I think it's hard, not hearing of gifts cards scams, because these are as old as telephones, but elderly customers get a call from people saying, "Oh, okay, you have these issues with the IRS, or whatever, and you need to pay up. Otherwise, we're going to arrest you. So, you can pay up, you go to Walmart and buy a gift card, and you give us the code for the gift card, and we're good." So, Walmart developed systems that get these red flags from gift card purchases, so it's connected with police reports. They can recover the funds from these purchase before these gift cards are used. They worked with the Department of Justice, and they recovered about $4 million. I know it's a drop in the ocean, I think the amount of money lost to gift cards scans totals at $100 million per year, or something of this sort, but it's a step on the right way. And honestly, they got onto CNBC, they got onto CNN, they got onto Fox News, they got PR out of a cybersecurity initiative. That's amazing.
Rodrigo 16:10
Honestly, like, if you're the vendor who can understand, and Walmart is its own vendor, fine, but let's say you're the vendor who can find a solution for a major financial institution, a solution that can help deliver, a solution that avoids losses to that financial institution. Of course, CNBC is not interested in a big financial institution saving money for itself, but let's say that you're protecting those customers from getting into scams that make those people lose their mortgage money, their college funds, or whatever. You're saving them a million, even if it's a million, or 2 million per year, that's good PR. That only happens if you understand the end customer pain points, not the immediate pain points of the organization. That only happens if you drill down the business case, from top to bottom, from the CISO concerns to the bottom line. Because the CISO also has those concerns, and he also has a major desire to get to those pain points. Sometimes, he doesn't have the bandwidth, or the vision, to get to these himself. He wants someone from the outside to look into his organization, and see the opportunities that he can't see himself. There's the old saying about consultants, right? A consultant is a person that you pay a lot of money to sell the things that you already knew, but you didn't see. So, it's harsh, but sometimes, it's true. Sometimes, you're so involved with the day-to-day stuff, that you need someone from the outside. That's where we, as vendors, and now I'm talking seriously, I'm not making jokes. That's where we, as vendors, with the perspective, with the portfolio of customers, with the experience of having served people in the same industry as that guy, come and say, "Oh, we've seen cases such as yours before, let us test a few theories. Let us talk to you, let us talk to your team. If we have access to other department heads, let us interviewed these people. Let us make the best cybersecurity solution, not only for your immediate problems, but also for the business case." So, we can make it solid not just for you, but for the entire organization.
Rodrigo 17:02
Yeah, that's so true, and doesn't that make it just so much easier to connect your value proposition of your product to that emotional connection of, either the end user, or the end user's customer? When you do make that connection to beyond just the immediate value, I think it's so much easier to add emotion to it.
Rodrigo 19:00
It's easier if we connect with our personal lives, right? Do you just work for your paycheck? Yes, right? Of course, we do like the money, we do like to get paid, and we, as vendors, we do like to get paid, the CISO, as a professional, likes to get paid. But it's easier to connect with the customer, the prospect, if we do find a higher purpose, that guy's higher purpose, our higher purpose as vendors. What is that guy looking for? He's looking for a seat at the table, right? We always think of customers as those perfect organizations where, "Okay, there's the boardroom, the CIO is sitting here, and the CISO is sitting right here," and sometimes that's not true. Sometimes, the CIO guy, his organization does not even have a CISO, right? Does not have a cybersecurity dedicated team.
Rodrigo 20:02
Sometimes, cybersecurity is an afterthought in organizations that should have a CISO or should have a cybersecurity dedicated team. So, things are not beautiful, or as beautiful as we want them to be. So, we should be looking into these higher purposes, right? We shouldn't be looking into: What is this guy looking for? Sometimes, this guy is looking for a seat at the table, and we only help him find the seat at the table. Sometimes, he actually has the seat at the table, but he doesn't have much say on budget stuff. Sometimes, he has a baseline budget and he have to work with that, and he wants more, because he believes more can be done. So, what are we doing to help him achieve that the higher purpose, right? It's not just about the paycheck. That person is looking for a vendor that can help him do the stuff that he wants to do, to achieve the mission, to get to that dream state where he's on CNBC, talking about how he helped the end customer and saved their lives from cybercriminals.
Gianna 21:04
Or even, like you said in our pre-call, just help a restaurant owner or a cafe owner attract more
customers, because now they have Wi-Fi. People can come, buy a coffee, and have Wi-Fi in the store.
Rodrigo 21:16
Yeah, I want to expand my restaurant, but expanding my restaurant means I want to double my revenue, but I don't want to double my expenses. Technology can help me achieve that, right? And let's go back to cybersecurity and let's go back to SMBs. It's bad when Colonial Pipeline has to pay $42 million for a ransomware attack. Yes, it is bad, but it's catastrophic when a small business has to pay like, $5 million in ransomware. We've seen cases in the past when small municipalities had to pay a lot of money for ransomware attacks, and they pretty much go broke, right? There's plenty of cases in the US about that. So, these are small businesses as well. They're not small in any geographical sense, but they're small business. So, how do we help these organizations achieve that higher purpose of being secure, and keeping their heads above water, right? Because this is catastrophic. They pay ransomeware and they close the door. We're not just talking about providing Wi-Fi. We're not just talking about, "Okay, I want IP telephony because it's super cool." Like, okay, to have redirecting my
calls, that's super nice, okay, but you get a data breach, you lose your data, you're broke pretty much. If you don't have cyber insurance, if you don't have a fall safe, you're broke. How do we help these guys that just want a technological solution, how do we help them see that? And how do we help them do that in a budget-conscious way?
Gianna 22:58
And now, we'd like to take a moment to thank our sponsors and producers, Hacker Valley Media. Chris Cochran and Ron Eddings run an amazing studio here, which produces not only the Breaking Through in Cybersecurity Marketing podcast, but a bunch of other shows that you're going to want to listen to as well. So, all these shows, plus more and then, on top of that, probably even more coming soon, are available to look at, listen to, and sponsor at HackerValley.com. Make sure you go over there and say, "Hey, Gianna, and Maria said, I should come check out your website, to listen to your shows, and sponsor a podcast or two."
Gianna 23:39
So, Rodrigo, I'm so curious about your opinion on this. A lot of things we try to steer away from, and we advocate against, in the Society is FUD, or fear, uncertainty, and doubt. What are your thoughts on FUD in marketing to these SMBs and in these business use cases? What do you think?
Rodrigo 23:54
I don't like it. Honestly, I'm a positive person. Your listeners do not know me, but Maria generally does and we've talked a few times before and I'm always turning things into jokes, and whatever, so I'm always a positive person. When the year ended, when last year ended, I tried to do a different approach on social media for Right-Hand, because no one is watching, you know? So, I did some posts like, "On the last day of Christmas, my CISO gave to me," and we started listing benefits from our security awareness training. So, that's what I like to do.
Rodrigo 24:31
I'd like to come from, again, business case, I'm going to pitch, I'm going to pitch my stuff here. We do have an adaptive learning security awareness training solution, which is pretty unique to our market, unique as per Wednesday when this episode dropped, which is pretty unique to the market. And when we talk about the adaptive learning solution, we always talk from the perspective of the user who is working with the CISO, who is working with the security awareness team, and we're going to rate to that designer that works inside the company. We're going straight to that data analyst working inside the company. We talk to that person and tell them that your user can sit on the couch and take five minutes off security awareness training on the couch, or on an Uber ride. That person can get a nudge to get their daily training and they can set the schedule to get that nudge at the time they want to. We tell them that the training, instead of getting everybody in the same room to watch the same videos, the same slides together, they are going to get customized, personalized training, based on their assessments. So, it's unique to them, it's unique to their needs, it's not clutter.
Rodrigo 25:41
Everything we say is based on that person that's going to consume the training. So, I'm not up to say, "Oh, if you don't get our phishing simulation training, your guys are going to click on so many malicious emails and it's going to be crazy, you're going to the drowning ransomware." Like, it's not about this and I do not go to the CISO and say, "You got to crack the whip with these guys, because they're clicking on so many malicious emails." It's not about that. Security awareness training, first of all, we do not advocate for punitive cultures and I do not advocate for punitive marketing. So, that's the company culture. That's my culture. That's why I work for them. That's why they work with me. In a gist, that's it. I do not like fear, uncertainty, and doubt. I do believe that, since we're in the education business, I do like educating. We do believe in empathy. We listen to our customers, we do ask the why, why, why, why, why, five times why, to understand the pain points of the customers. I do provide lots of why's to them
on the assets. Why should you do this? Why is it good for your people? Why is it good for you? Why is it good for your board room? Why is it good for your CMO? Why is it good for a CFO? We don't need to do that, we don't need to cater to fear.
Gianna 27:04
We love that because a lot of people will default to that fear to that small customer because they're thinking that small customer, they're so much smaller, they're SMB, but there's a way to say, "If ransomware takes hold, it's going to be pretty bad for you," without being a scary monster about it. You can sell in a more positive way, like you were just saying. Cybersecurity awareness training is one of the, I'm not gonna say easy, but it's one of the things you could do without buying a $50,000 product, or whatever, a year thing. It's something you could deploy to everybody on your team and it provides security and helps improve the cybersecurity maturity of your organization easily.
Rodrigo 27:41
But the cards are on the table, everybody knows the risks of ransomware. Everybody knows the risk of data breach. It's on the news today, you don't even need to say these things. This was something that you previously needed to go to specialized news channels to know about, but today, it's on mainstream media, right? So, you never needed, in my point of view, you never needed to play with fear, but these days, people are very much aware of that. You do not build a solution with your customer, regardless of size, if you start with fear. You need to understand, they know the stakes. If they come to you, they know the stakes. And most of our customers come to us with the need for education, not just because they're afraid of the consequences, but they want their team to understand, for example, sometimes it's not even about risks. It's sometime about compliance. I've worked with some of our customers who
need to deal with the California Protection Act, for example, or GDPR, for example. So, they need their employees to be aware of compliance because they're dealing with customer data. So, they want their employees to be empathetic to the responsibilities of working with customer data, but that's not fear. That's empathy, to be better servers to their end customers. It's not about fear, it's about being better professionals and productive without compromising their work, or their productivity. That's it.
Gianna 29:09
Awesome. So, let's go into another topic that you sort of hinted at earlier, which is post-sales support. What are some best practices, or some success stories you've seen, around supporting the post-sales process, after you've sold a product? And of course, in cybersecurity awareness training, of course, that'll be more applicable to that than potentially, other services and products, but it's still important for every cybersecurity company. There's a reason there's a thing called customer marketing now.
Rodrigo 29:42
I'm going to go with us again, because that's something that we have as a priority for us like we are a startup and being a startup. That's as I say, that's no excuse being a startup but we do that all we do the customer first approach right so we do have a customer success. As manager, and that's the person with the finger on the pulse. After we onboard the customer, this customer success manager is responsible for doing, as I said before the five times why stuff? So what's your read not only your relationship with the solution, but what's going on in your industry? What's going on in on your day to day? What are the challenges that you're facing? How can we make your not only our solution better, but what can we bring to you that will help your end customer, your organization? Better? What can we bring to you what's going on? Right? If we can, we can, if we can't, we can't, I always say that. We take
that into development.
Rodrigo 30:42
There's another process inside our team, where we bring all of these into production, into the product team. And then, we allow customers to uphold the ideas that are brought from customer success. So, let's say that— I'm going to give an example or top of my head, like G Suite integration with our platform, and that came up from a customer and it was chosen by other customers as something that they wanted to see. So, we developed that for the customers, we brought that in. That's a post-sales success story and that's something that we are always doing. We always like feedback and we're bringing in stuff from the customers, stuff inside the company, and we're allowing customers to say, “Okay, this is desirable, the community says what's desirable, and we're always looking for talent to do exactly that.” So, the same empathy that we show with that, we need to show as marketers. I have to show the same empathy that I pushed myself to have as a marketer, to talk from bottom line. That's a
provocation that I carry from Steve Jobs, in my mind, like: How do I help that guy sell more things, right? We, as a team inside the company, when we do post sales, of course, we live on annual recurring revenue. That's the kind of sales that we do.
Rodrigo 31:55
We are worried about selling the solution. We are worried about how many users are onboarding the solution, because after we sell it, these users have to download the training, have to start engaging with the training, have to start engaging with decision simulations, but that's not just the concern with the contract. That's a concern about: Are we really reducing human risk? If we're not: How can we help them? Can we help them leverage manage services? Can we sit down with them and help build stronger content training content? Are they having problem creating content for the training? Can we help their process? Can we make a feature that will help them drive something that has 10 clicks to 2 clicks? That's the kind of concern empathy that has to drive marketing and sales, all the way to postsales. Empathy makes me create assets that, again, has business bottom line basics, and empathy is
the thing that makes the product team think, “Okay, can we make this 2 clicks instead of 10?” So, both sales success is about empathy, and there's no other way but listening to the customer as to what's desirable, what makes their life easier, not only with the solutions that we have right now, but with the challenges that you have currently, among all these things that we can do for you. What's desirable for everybody? How fast can we bring this to you? So, it's all about agility as well and as we grow, we still try to make these things happen in the speed and urgency that these guys need.
Gianna 33:38
Everything's empathy. I'm gonna ask an oddball question, because I'm an oddball.
Rodrigo 33:46
What's my favorite food?
Gianna 33:48
No, we're gonna get to that though. Actually, what is your favorite food?
Rodrigo 33:51
Oh, wow.
Gianna 33:53
You brought it up.
Rodrigo 34:01
My favorite food. I developed quite a taste for, and don't laugh at me, but when I was in Canada, I developed quite a taste for beaver tails. So, I gotta say, beaver tails is my favorite food.
Gianna 34:17
We just won the oddball award.
Rodrigo 34:19
So, you guys got a Google "Beaver Tails," you guys who are not from Canada, eh? You guys got to Google "Beaver Tails," it's delicious, but if you guys are from America, I gotta say ribs.
Gianna 34:39
I know what that is now.
Gianna 34:43
What about Brazil?
Rodrigo 34:48
If you guys are from the US, you probably gotta Google all of this, but for US listeners, ribs.
Gianna 35:04
We'll do this targeted. We'll just switch out what your favorite is, based on where the person is.
Rodrigo 35:09
When I worked for Cisco, every time I went to San Jose, I was addicted to Olive Garden. Don't ask me why, but there was a time I was addicted to Olive Garden, but ribs is my favorite American food.
Maria 35:21
Love it.
Gianna 35:22
Maria, how is this a food podcast? Like every episode?
Gianna 35:26
It always ends up connecting to food somehow. I mean, this is connecting the business case, all the way, right? This is a good example. Mind blown.
Gianna 35:39
So, Rodrigo, the oddball question I was going to ask, before we went super oddball, all thanks to you. And thank you for that, by the way. It was going to be, I don't know if you have something off the top of your head, but like, do you have a weird business use case that you made ever? I'd be so curious if there was like something that was like, this is the value prop connection that we're making here? I'm wondering if there's anything totally zany. Like, maybe it's related to a circus or something?
Rodrigo 36:07
Does it count if it's a weird industry I worked with?
Gianna 36:10
Yeah, tell us.
Rodrigo 36:12
Outside of tech, I work in marketing for the adult industry for a year.
Gianna 36:20
This is absolutely how we're getting a non-sponsorable podcast.
Rodrigo 36:25
I can be totally clean talking about it. I talked about it in interviews and job interviews. So, I worked in the adult industry for a year, and that's another place where empathy goes a long way as well. No tongue in cheek here, but you have to be completely understanding about other people's choices. It's about ways of living, so it's where your empathy is most tested and that's the place where empathy goes a long way. So, that was a good training about understanding other people's issues and how you deliver solutions. I worked in hard marketing like, storefront, because it was a chain of stores here in Brazil, for the project that we worked in. So, it was storefront and customer-facing stuff, talking to customers, and the whole, like, asset development and customer research. So, you have to be very open-minded and very understanding of different kinds of people, different preferences, and different viewpoints. So, that's how you practice understanding and listening. Most of all, listening and delivering
what people need the way they want it. So, yeah, it's funny, because this question that had the least chance of being oddball about food became the oddball one and the oddball thing became the most serious thing, but yeah, I worked in the adult industry, it was a chain of adult stores, and it was very eye-opening and very interesting. In a sense, it's about finding the business case, but its customer driven, right? It's for people, it's not for companies, but every company is composed of people, so it's about understanding people. So, it was very interesting and in that sense, learned a lot from that.
Gianna 38:25
That's really cool. I don't know if we can, but maybe one day, we'll have you back on to talk about that. Maybe we will start a new podcast called, "Interesting Marketing," or, "Oddball Marketing." Maria,
should we play our game? Do you want to do the game?
Gianna 38:40
Yes, let's do the game. Oh, you want me to explain it?
Gianna 38:45
I'll explain it, if you want.
Gianna 38:50
So, Rodrigo, we always like to ask our guests, or actually, we like to guess, what type of career or job they would be doing if they weren't currently a cybersecurity marketer. So, Gianna and I will take turns and guess what would be your career and then, you can tell us how wrong we are, or how wrong I am because Gianna usually gets this right. So, there goes Gianna celebrating, I hate you. Okay. Okay, so I'm gonna guess first. Rodrigo, if you weren't in cybersecurity marketing today, I think you would actually be a security practitioner. So, kind of on the other side of the table, so somewhere IT, security engineering.
Rodrigo 39:36
No, no.
Gianna 39:38
Shot down. I have a chance, Gianna comes in with the— I don't know a sports term. So, Rodrigo, I'm going to guess that you would be the owner of a new hockey league in Canada called the Beaver Tails.
Rodrigo 39:54
No.
Gianna 39:56
Damn it.
Maria 39:58
That was very specific, Gianna. Okay, what would you be doing today?
Rodrigo 40:05
I would pretty much like to be a writer for TV.
Gianna 40:11
Oh, wow. I was gonna say in television, but I changed it because in your background, which the listeners can't see, I see like sports figurine. I changed it, I would have won this.
Rodrigo 40:23
If you had said hockey coach, I would be very tempted to say yes, but you had to say hockey owner, which is a lot of stuff and not all of them are funny. Writing is my passion. I started with content. When I was in college, I wanted to be a copywriter. To an extent, I am a copywriter today, like my first approach to everything is copy. I'm old school like that. I start with copy with everything. So, yeah, I would be a writer and I love television. I love script writing. Being very specific, I would be a writer of pretty much anything, but TV movies would be where I would try my hand at. I can still try it, like, I'm gonna retire someday when I get to be a millionaire by doing cybersecurity marketing, right?
Gianna 41:21
When Right-Hand IPOs for one bajillion dollars, which is a number.
Rodrigo 41:26
Right? A gazillion dollars.
Gianna 41:29
Well, we look forward to watching. I mean, maybe you could write the Cybersecurity Marketing
Society's upcoming drama on HBO.
Rodrigo 41:39
And the Netflix movie.
Gianna 41:42
Yeah. The story of us. Oh, god. Okay.
Rodrigo 41:46
Which is the coolest being an HBO TV series, or a Netflix movie? It's hard to tell today.
Gianna 41:52
I don't know. I think it's like, HBO, because they're like the cool brand, right?
Rodrigo 41:56
Yeah, I think HBO is better today, right?
Gianna 42:00
Maria, what do you think?
Maria 42:01
I don't know. I mean, I'm a bad example. We subscribe to all of them. It's terrible. We cancelled cable and thought, "We're gonna not do cable because we want to be rebellious and save money," and then we ended up spending it on other subscriptions.
Rodrigo 42:16
Cut the cable! Cut the cable and then, you spend more money on streaming than you spent on cable.
Maria 42:22
Yep, that's exactly what happens.
Gianna 42:25
Well, wherever your show ends up, we'll be listening and promoting it in the show notes. Rodrigo, where do people find you? Where can people contact you if they so want to do so?
Rodrigo 42:39
Yeah, so, the usual places. LinkedIn, Twitter, Facebook. I did not go to Facebook other then to do corporate stuff. Honestly, I got tired of Facebook, but LinkedIn and Twitter are the most up-to-date. I swear to God, I'm going to finish my website sometime this week or the next one. So, you guys can go to RodrigoLemeMkt.com.br to get it. You guys are going to get the link on the podcast description. You guys are going to find like, a very sympathetic page with my picture smiling on it, smirking, not smiling, and with my channels on it. But somewhere in the world next week, or maybe knowing that the episode is going to drop next week, maybe I'll finish the page over the weekend or something.
Gianna 43:36
So, this episode is actually gonna drop in 3 months. So, if the website is not up and live by the time this episode airs, everyone knows how to contact Rodrigo, and any listeners feel free to just like LinkedIn message him and say, "Hey, Rodrigo, why isn't your site done yet?"
Maria 43:55
"Where the hell is your page?"
Rodrigo 43:59
"Why are you saying that it's still in construction?" Because I'm an artisan, I do not do things on your urgency. I do things on my inspiration, you know?
Gianna 44:12
Good for you. That's a good lesson to take the heart. Alright. Thanks, everybody, for listening. Thank you, Rodrigo, for being on. We had a blast and we're gonna have you back on in the future. So, we can dive deeper into some topics around content and use cases and other things that you find interesting. So, everybody listening, it you want to be on the show, send a note to Podcasts@HackerValley.com. Hacker Valley being our magnanimous producers. If you want to join the Cybersecurity Marketing Society and continue the conversation with cybersecurity marketers, a large group of friends, a huge community now of over 1000 of your fellow cybersecurity marketers, just visit CybersecurityMarketingSociety.com, also linked in the show notes, and apply to join our group. We'll see you next Wednesday. Make sure to like and subscribe. Bye.
Gianna 45:00
Thanks for joining us. Bye bye.

Influence as Currency in Modern Marketing: Channel Partnerships ft David Brown

August 10, 2022 Breaking Through in Cybersecurity Marketing

00:00:00