E11: How to Become a Trusted Advisor in the Cybersecurity industry with Dave Reeves

advisor cybersecurity regulated companies risk management sales leadership sales tips tech sales leadership
 

Timestamps

01:06 - Early days in IT security

4:04 - Leaders who are nearing burnout

6:28 - Working with bank and mining companies

7:24 - Building credibility and value proposition

8:24 - How can someone become a trusted advisor?

11:51 - Working for a client, as an SI, and as a vendor

15:21 - Why is risk important?

18:06 - How can an AE engage other executives to talk about risk?

20:30 - Career advice for cybersecurity professionals or advisors

 

About Dave Reeves

Dave Reeves is a rare Cybersecurity Executive who has worked in the Army, and then founded and exited two successful businesses. Then he worked on the client side consulting to major Banks and Mining companies and grew US vendors like Leidos, Forescout, Tenable and now Delinea.

 


 

How to become a trusted advisor in the Cyber Security industry

The conversation with Dave Reeves was rich with his personal experiences and it came with actionable lessons about building a career in Cyber Security.

Here are actionable insights to build your career:

 

1. Don’t be afraid to start from scratch

Dave shared that cybersecurity, originally called Information Security or IT security, has evolved over time. His journey in cybersecurity started when joined the Army at 17 and completed an electrical apprenticeship in the federal government. After that, he moved to Brisbane, where he met his mentor and worked as a consultant. During that time, he also started his own business, BSEC, which was acquired by Deloitte in the mid-2000s. Building BSEC opened his eyes to the enterprise space.

Just like Dave, don’t be afraid to start from scratch. If you’re not equipped with the right knowledge yet, just gain the right experiences to confidently call yourself an advisor.

Actionable tips

  1. Invest in Upskilling. If you lack expertise in a specific cybersecurity domain, such as cloud security or penetration testing, enrol in relevant courses or certifications like the Certified Information Systems Security Professional (CISSP) offered by (ISC)2.
  2. Network and Find Mentors. Join professional networking platforms on LinkedIn or Slack to connect with new or experienced cybersecurity professionals.
  3. Attend Cybersecurity Conferences. Joining these events will expose you to cutting-edge research, trends, and insights shared by leaders in the industry. Here’s a list of cybersecurity conferences in AU you might like.

 

2. Take breaks to avoid burnout

Leaders nearing burnout often struggle with pressure, time, poor performance, and overwork. Dave shared that taking breaks can help you manage your energy. In fact, he takes a long break every seven to eight years to change the scenery. He also recounted how he found a transformational career in banking after he took a break. As you can see, taking a break might not only replenish your energy but could also lead you to better paths.

Actionable tips

  1. Schedule short and long breaks. Step away from your desk. Take a short walk, practice deep breathing exercises, or listen to calming music. Additionally, plan longer breaks or vacations every few months to change the scenery and fully recharge your energy.
  2. Delegate tasks and responsibilities. Identify tasks that can be effectively delegated to team members based on their skill sets and expertise. Delegating tasks not only lightens your workload but also empowers your team members and fosters a sense of ownership
  3. Set boundaries and manage your time. Avoid overcommitting tasks or projects that may lead to overworking. Use time management techniques, such as the Pomodoro Technique, to maintain focus and productivity without pushing yourself to exhaustion.

 

3. Get hands-on experience in your client’s industry

Dave shared that working with banks and mining companies gave him valuable experience in understanding risk, strategy, and future plans. It helped him understand the cyber threat landscape better and implement tools to mitigate risks.

So, if you want to become a trusted advisor, remember that the less-trodden road is always more rewarding. Go where the crowd avoids, as you might just gain valuable insights into the cyber threat landscape and opportunities.

Actionable tips:

  1. Seek Industry-Specific Experience. If you are interested in providing cybersecurity services to financial institutions, consider working with the bank as a consultant.
  2. Embrace the Unconventional. Consider approaching smaller mining companies that may not have advanced cybersecurity teams. You may uncover valuable insights into specific vulnerabilities and risks prevalent in the mining industry.
  3. Build Your Internal Knowledge. Let's say you've been working with a manufacturing client for a while. Invest time in understanding their production processes, supply chain, and specific cybersecurity needs. Having this internal understanding, you can confidently advise them on the best cybersecurity practices to protect their intellectual property, manufacturing secrets, and sensitive customer data.

 

4. Understand your prospect’s internal processes to build credibility

To build your value proposition as a trusted advisor, Dave suggests you understand your prospect’s risk management and technology risk processes. For example, banks are more risk-averse, which means they’ll likely trust your service if you have previous banking experience.

On the other hand, if you haven’t worked in your prospect’s industry, just make sure you understand how they operate. This knowledge will help you in navigating the complex landscape of large organisations, which will enhance your overall value proposition.

Actionable tips:

  1. Research Your Prospect’s Industry and Processes. If your target is a healthcare organisation, familiarise yourself with its compliance requirements and technology infrastructure. This knowledge will enable you to tailor your sales pitch or advisory services to address their specific needs.
  2. Highlight Relevant Experience and Expertise. If you are pitching cybersecurity services to a bank, showcase your successful track record of providing similar services to other financial institutions. Demonstrating your domain knowledge builds credibility and instils confidence in your capabilities.
  3. Adapt to Your Prospect's Risk Appetite: Understand your prospect's risk appetite and tailor your approach accordingly. For instance, with risk-averse clients like banks, you can focus on highlighting your offerings’ robustness and compliance aspects. On the other hand, if the prospect is in a more agile industry, emphasise your solutions’ value to show that you can cater to their preferences.

 

5. Position yourself as a part of your prospect’s long-term plan

To become a trusted advisor, you have to learn the long-term business impact of your work. If you’re helping them with their cybersecurity strategy, don't think in three-month chunks; instead, think 3-4 years ahead. Knowing how to position yourself for that journey is highly important.

That’s why whether you’re a new advisor or vendor representative, you should have knowledge about the industry and the organisation's unique features. This is especially crucial when you’re pitching services or products in industries with which you’re not familiar.

Actionable tips:

  1. Demonstrate Your Long-term Vision. When discussing your services or products with a potential client, showcase that you can plan for the long term. For instance, if you are offering IT infrastructure solutions to a growing tech company, highlight how your scalable and future-proof solutions will support evolving needs over the next 3-4 years.
  2. Understand Industry Specifics. Before engaging with a prospect, read about their most painful struggles. For example, healthcare providers need to invest in robust data protection measures. So, if you're pitching your services to a healthcare provider, familiarise yourself with their challenges (ex. Securely handling sensitive patient data, including medical records and personal information.)
  3. Provide Value as a Trusted Cybersecurity Advisor. Share relevant threat intelligence, cybersecurity trends, and real-time information about emerging threats, so they can make informed decisions to protect their assets.

 

6. Immerse yourself in a variety of roles

In Cybersecurity, Dave worked with Systems Integrator, the client company, as well as the vendors. All of those three roles gave him unique learnings, but they all contributed to his success in becoming a trusted Cybersecurity Advisor.

As a Systems integrator, you can learn how to come up with solutions to achieve business outcomes. As clients become comfortable with your organisation, they might also get your help in seeking newer solutions. This sharpens your problem-solving skillset as an advisor.

As a Client employee, you gain a deeper understanding of the organisation’s unique features and enjoy the satisfaction of achieving their goals. That’s why if you want to be a goal-oriented advisor, you can start offering cybersecurity services to clients.

Finally, as a Global Vendor Leader, you’ll likely get a broader regional experience. You’ll focus more on acquiring new clients and meeting new people. So, if you want to build your client acquisition skills as an advisor, have some experience in the vendor space first.

Actionable tips:

  1. Gain Experience in Client Services. Take on a role as a client relationship manager. This will help you develop strong communication skills, understand clients' unique needs, and build lasting relationships. As a result, you can offer more personalised cybersecurity advisory services.
  2. Develop Skills in Systems Integrations. If you work with an IT consulting company, involve yourself in projects that involve integrating different systems for clients. This will enable you to recommend more comprehensive cybersecurity solutions.
  3. Explore Vendor Roles for Broader Regional Experience: Join a cybersecurity software company and focus on sales and business development. This experience will help you hone your client acquisition skills, gain exposure to diverse client needs, and enhance your understanding of regional cybersecurity challenges.

 

7. Work in well-regulated environments

In regulated environments, companies must meet certain standards, such as the Australian Prudential Regulation Authority (APRA), and Payment Card Industry Data Security Standard (PCI-DSS), to ensure compliance. That’s why if you want to work as a cybersecurity advisor, work in well-regulated environments.

Well-regulated companies understand that failing to meet legal and regulatory obligations could lead to the loss of their licenses to operate. That’s why they make sure to comply with these standards accordingly. By working in these well-regulated environments, you can continuously sell your solutions and securely increase your revenue as a Cybersecurity Advisor.

Actionable tips:

  1. Specialise in Regulatory Compliance. Develop expertise in regulatory compliance frameworks, such as PCI-DSS or HIPAA, by pursuing relevant certifications and training. For example, if you work in the healthcare industry, obtain a Certified HIPAA Professional (CHP) certification to demonstrate your understanding of healthcare privacy and security regulations.
  2. Seek Employment in Well-Regulated Environments. Look for job opportunities in financial institutions, healthcare organisations, or government agencies. If you aspire to be a cybersecurity advisor, consider applying for positions in banks, where compliance with financial regulations like APRA is crucial.
  3. Provide Solutions to Regulated Companies. If you are a vendor offering cybersecurity software, tailor your product to address the unique security challenges faced by financial institutions. This targeted approach will increase your chances of selling your solutions to well-regulated companies and boosting your revenue in the long run.

 

8. Find unknown risks in a large organisation

Dave also emphasised the importance of finding unknown risks in an organisation. For example, large organisations with a strong strategy team often look at their cybersecurity strategy and implement controls to minimise risk. They may be transitioning their equipment from on-premise to cloud environments. Unfortunately, this exposes them to more threats. So, to minimise these risks, Dave suggests that they must establish new controls and work through the necessary steps to ensure they’re well protected.

Actionable tips:

  1. Stay Updated on Emerging Threats. Subscribe to cybersecurity threat intelligence feeds and attend industry conferences to learn about emerging risks. Armed with this knowledge, you can proactively advise large organisations on mitigating new threats.
  2. Conduct Comprehensive Risk Assessments. If you work as a cybersecurity consultant for a multinational corporation, conduct a comprehensive assessment of their IT infrastructure, data storage, and cloud services to uncover vulnerabilities and potential security gaps.
  3. Implement Proactive Security Measures. If you work as an internal cybersecurity expert for a major tech company, recommend the implementation of security measures like multi-factor authentication, regular penetration testing, and security awareness training for employees.

 

9. Understand regulation if you’re selling solutions

Dave suggests that if you’re selling solutions, you should understand an organisation’s risk register, including cyber inclusions, which can help identify areas for improvement. Take note that while this can be a game of cat and mouse, the benefit you’ll get from this is you’ll get to provide them with insights into the best potential future actions.

Additionally, you can show your value as a vendor by focusing only on engaging with regulated companies and learning their risk management strategies. Using the knowledge you gained from the latter as a selling point, you’ll have a higher chance of securing a successful partnership with a major regulated company.

Actionable tips:

  1. Familiarise the Requirements and Processes. For instance, if you offer cloud-based solutions, familiarise yourself with the specific data protection regulations and risk assessment procedures for industries like healthcare or finance.
  2. Assist Organisations in Identifying Areas for Improvement. If you are selling endpoint security solutions, for example, analyse the client's current cybersecurity measures and propose additional measures to address potential threats.
  3. Only Engage with Regulated Companies. Focus on fintech scale-ups, insurance companies, or pharmaceutical organisations. Demonstrate your knowledge of anti-money laundering measures, policyholders' potential risks, and FDA approvals. Through this, you can create more partnerships with other major players who need your expertise.

 

10. Engage executives to talk about risk

If you’re an advisor who wants to help executives create meaningful risk-oriented conversations, Dave suggests you help them understand password management, risk management, and off-site password rotation.

Moreover, by asking the right questions and addressing technical limitations, executives can better understand and mitigate risks in their operations. Meanwhile, as the advisor, you can also help articulate the technical limitations of existing solutions and help mitigate risks. This approach can help the organisation work within the constraints of their current practices and make more well-informed cybersecurity decisions.

Actionable tips:

  1. Provide Solutions to Address Technical Limitations. Suggest implementing additional security layers or compensating controls to enhance protection against cyber threats. By addressing technical constraints, you empower executives to make informed decisions and take actions to bolster cybersecurity.
  2. Educate Executives on Password Management and Risk. Organise workshops or training sessions for executives to raise awareness about password management. Highlight the importance of strong passwords, two-factor authentication, and regular password rotation to prevent unauthorised access to sensitive data.
  3. Facilitate Risk-Oriented Conversations. During a meeting with the C-suite of a healthcare organisation, for instance, inquire about their data handling practices and how they address the risk of data breaches. Encourage them to think critically about potential vulnerabilities.

 

Final thoughts

Developing a three-lens view (S.I., Client and Vendor) is invaluable in becoming a trusted advisor to clients in the cybersecurity industry. It’s a journey anyone can choose to embark on while making careful choices about their next career move.

 


 

Hiring or replacing someone in the next 90 days?

We partner with tech sales leaders who are time-poor, under-pressure and introduce them to top performers without wasting time or risking average hires, so that they can build winning teams and careers.

Message [email protected] today

Want to be informed about the latest episode?

Get access to our best ideas from leaders who are building high performance teams to achieve great results.

We hate SPAM. We will never sell your information, for any reason.