- Audience 1st
- Posts
- From Salesperson → Business Value Analyst: How to Help CISOs
From Salesperson → Business Value Analyst: How to Help CISOs
How does a CISO present to their board without killing them with numbers? And why are CISOs not getting help from the sales side - the people seemingly more attuned to business acumen than them?
Dani Woolf
12 Jul • Read Time: 8 minutes
Dmitriy’s tenure as a CISO for the last four years has been a drastic transformation in the way he thinks about cybersecurity, specifically risk management, in general, and, more importantly, how that ties into the whole business flow of a company; not a technical entity, but a business in a company.
Words like:
Business value
Return on investment
Long-term planning
…have a very different meaning to executives and the boards than what CISOs (techies) think.
How does a CISO present to their board without killing them with numbers?
And why are CISOs not getting help from the sales side - the people seemingly more attuned to business acumen than them?
In this episode of Audience 1st, I have a brutally honest conversation with Dmitriy Sokolovskiy, VP of Information Security at SEMRUsh, and previous CISO of Avid, a Software Development company, about his challenges, how to build relationship capital, and tangible ways to help CISOs do their job better.
POLL: What's your biggest challenge in adding value to CISO conversations? |
Before we dive in, don’t forget to subscribe to join 1700+ cybersecurity marketers and sales pros mastering customer research. You’ll get notified whenever a new episode and buyer insights summary drops.
Who is Dmitriy Sokolovskiy?
Dmitriy Sokolovskiy is a seasoned cybersecurity executive with over two decades of experience in the field.
Currently serving as the Senior Vice President of Information Security at Semrush, Dmitriy brings a wealth of knowledge and expertise to his role.
Throughout his career, Dmitriy has held several high-profile positions, including Vice President and CSO/CISO at Avid Technology, where he spent nearly five years shaping the company's security strategy.
His experience spans various sectors, including defense contracting, financial services, healthcare, and technology.
Dmitriy's journey in cybersecurity began in the late 1990s, working hands-on with servers, networks, and datacenters.
He spent 11 years at CyberArk Software, playing a crucial role in the company's growth and public offering while managing a cybersecurity professional services team.
His expertise extends to incident response, having participated in remediation efforts for some of the largest data breaches in U.S. history.
A respected thought leader in the industry, Dmitriy holds multiple certifications, including CISSP, GIAC Certified Enterprise Defender (GCED), and the Boardroom Qualified Technical Expert (QTE) certification from the Digital Directors Network.
He is also a SANS Mentor and a member of the GIAC Advisory Board.
Dmitriy's influence extends beyond his day job, as he serves on advisory boards for several information security startups and provides guidance to venture capital and private equity firms.
His comprehensive understanding of cybersecurity, from technical intricacies to boardroom strategies, makes him a valuable asset in navigating the complex landscape of information security.
Pro Tip for Connecting with Dmitriy
Approach Dmitriy with insights tailored to his board's needs and business challenges, not just technical solutions.
Demonstrate your understanding of his specific industry, and he’ll be far more open to having a conversation.
Insights and Key Takeaways
Shift the Conversation from Numbers to Value
Insight: CISOs often struggle to present cybersecurity data to the board in a business-centric way.
For many CISOs, translating technical data into business terms remains a core challenge.
Boards and executives care less about metrics and more about understanding business impact, ROI, and risk mitigation.
CISOs need to communicate how cybersecurity initiatives contribute to business objectives, but this isn’t always straightforward.
"How do I present to my board without killing them with numbers? What does my board care about? What do my executives care about?"
Vendors and GTM teams, who are typically well-versed in business language, could play a pivotal role here by assisting CISOs with strategic insights.
The opportunity lies in understanding business value and articulating it in a way that resonates with decision-makers, moving beyond jargon and tech specs.
The Untapped Opportunity for Sales and Marketing Teams
Insight: Sales teams have an untapped opportunity to support CISOs in crafting board presentations and business cases.
Sales teams are traditionally skilled at pitching value propositions and translating technical benefits into business impact, yet this skill isn’t often extended to CISOs.
Dmitriy points out that while CISOs can benefit from this support, it’s rarely offered.
"Why am I not getting the help from the sales side? People seemingly more attuned or should be more attuned to business things than me. How come I'm not getting that help from them?"
GTM teams should collaborate with CISOs, not just during the sales process but also post-sale, helping them make a stronger business case internally.
This support builds deeper trust and long-term loyalty, positioning you as a partner rather than a vendor.
Build Relationship Capital, Not Just Revenue
Insight: Focusing on authentic relationship-building can lead to long-term partnerships, repeat business, and a positive sales reputation.
The traditional sales mentality of closing deals and moving on no longer works, especially in cybersecurity.
CISOs value authentic relationships and trust-based partnerships.
"If it wasn’t simply a sale, if it was an attempt to help with a problem and bring value, you didn't lose a customer. You have a continuous partner."
When vendors prioritize understanding the CISO’s goals and challenges over simply selling a product, it creates a foundation for a lasting relationship.
This approach not only fosters customer loyalty but also opens doors to potential referrals, feedback, and insights for future offerings.
Building “relationship capital” means that even if the current solution isn’t needed, the vendor remains in the CISO’s network of trusted contacts.
The Importance of the Business Value Analyst Role
Insight: GTM teams should adopt a “business value analyst” mindset, focusing on understanding the broader business processes and challenges.
Sales and marketing teams need to act as “business value analysts” rather than traditional salespeople.
This role involves understanding not just the cybersecurity landscape but the company’s entire business process and identifying where value can be added.
"You are not a salesperson. You are a business value analyst. You're helping CISOs figure out the best place to bring value to the business."
A business value analyst is someone who can ask the right questions, identify gaps in business processes, and suggest solutions that go beyond the technical scope.
This proactive approach can differentiate a vendor from competitors, earning the trust of CISOs who are navigating complex business environments.
Nurture Long-term Relationships Beyond the Sale
Insight: Even after a sale, maintaining relationships with CISOs can create opportunities for cross-selling, expansion, and referrals.
Sales and marketing teams often miss out on opportunities by ending relationships after a sale.
Dmitriy emphasizes that a deal isn’t the end of the relationship but the beginning of a potential long-term partnership.
"Even if I don't need your product in the immediate term, if you’ve shown me value, you’re still a trusted partner in my network."
Continuously engaging with the CISO by offering value, sharing relevant insights, and maintaining open communication keeps you top of mind.
This relationship-building mindset can translate to repeat business, internal referrals, and new opportunities when the CISO transitions to a different company.
Potential Annual Recurring Revenue (PARR) vs. Annual Recurring Revenue (ARR)
Insight: Real relationship-building can unlock potential recurring revenue streams, even when your product is not currently needed.
Potential annual recurring revenue (PARR) is a metric often overlooked by sales teams.
The key to unlocking it is by maintaining trust and value with existing and past customers.
Dmitriy argues that even when a product is no longer in use, a strong, value-driven relationship with the CISO keeps the door open for future business.
"How many previous customers would identify you as a trusted vendor to whom you can bring any new product?"
When marketers and salespeople focus on sustaining relationships, they become go-to partners for future needs, cross-sells, and even feedback on new products.
TL;DR
Too many vendors still pitch CISOs with numbers and product features, hoping to impress them.
But if your pitch revolves around metrics and jargon, you’ve already lost their interest.
Today’s CISOs want partners, not pushy salespeople.
They want marketers and sales teams who understand the business implications of security—not just the tech.
The game has changed.
It’s no longer about selling a product; it’s about adding tangible value to their business.
Until next time,
Dani
Subscribe to Audience 1st Podcast Newsletter
Thanks for reading! If you like summaries like this, subscribe to Audience 1st Podcast Newsletter to get notified whenever a new episode drops.
Excited to collaborate? Let’s make it happen!
Check out our sponsorship details to connect with real security practitioners and showcase your brand to an engaged community of cybersecurity decision-makers giving and seeking real buyer insights.
Reply