Defenders of the Realm

We often talk about not selling using fear, uncertainty, and doubt (FUD). It is quite a big thing in the cyber security industry where the entire purpose of existence is to help people and organisations manage risk to prevent, detect and respond to impact to confidentiality, integrity, and availability. A key foundational component is that we operate using science, trust, and integrity.

This does however become quite interesting when you look at some rather dubious sales and marketing techniques employed by a few.

What I have noticed are there are a range of patterns that are similar (it is like they all went on the same con artist course!) so I thought I would look at some of the indicators I see which bring up flags to me.

Snake Oil Spider Sense – Indicators of Snake Oil (IoSO)

There is a range of indicators from my point of view which are red flags which I am coining Indicators of Sake Oil:

  • Are the claims too good to be true?
  • Do they claim that no one else in the world has solved the problem?
  • Do they say they have proof then never actually show it?
  • Do they promise to solve a problem, tell you they have the solution but then hide the answer?
  • Do you constantly highlight words and repeat claims regardless of challenge?
  • Do they make you feel a sense of dread?
  • Do they emphasise the fact they know something you do not but fail to show you what this is?
  • Do they use excessive jargon?
  • Do they name drop at every opportunity?
  • Do they claim to have resources they likely do not have?
  • Do they use a range of logos which seem unlikely given the company context

If any of these occur you are possibly in a negative sales arena… if alot of these occur that’s a major red flag. It’s also important to recognise the conversation styles as well. Let’s look a that.

Sales Conversations

When engaging the conversation tends to go like this:

  1. Customer: Can you explain x?
    1. Snake Oil Vendor: Of course, we use ZYZ magic technology that no one else in the world has which leverages (insert many topical buzz words)
  2. Customer: Can you show me how that works?
    1. Snake Oil Vendor: No of course we cannot! it is our proprietary technology which is very expensive! You can only see it if you pay for it, and because we are the only ones in the world to have this technology, everyone else is wrong!

Any questions, challenges, or citation of an industry good practise or standard will likely be met with aggressive defence, ridicule, and statements to make you feel inadequate, inferior, and quite frankly lacking in intelligence. You may also find they resort to attacking you personally or your credibility etc.

All of this is a massive red flag to me and if I encountered this as part of research of a sales cycle, I would be incredibly suspicious of the product/service and organisation.

Indicators of Good practise

Sales and marketing are obviously conducted with the intent to entice and attract customers. I have no problem with this (I used to run a presales team and I have worked in technology sales as part of my consulting career for the last 14 odd years). I have read a book or two and have written more proposals than I care to remember. I have worked with vendors and customers and I am a customer myself (shockingly I actually buy technology services and products, who would have thought it!). I have worked with tenders as both a supplier and customer from small to fairly large so hopefully my insights come with a decent enough level of exposure. So that aside, against a wave of IoSO let us look at some good practises:

  • The sales and marketing materials clearly articulate the value of the product/service
  • The materials make claims which are independently verifiable
  • The vendors offer trials of their products
  • The sales team welcomes critical questioning of the product
  • Concerns and queries are addressed in clear language
  • Internationally recognised standards are used as references

It is fairly simple when it comes down to it, most successful vendors and products are fairly chilled in my experience. Hell, my friends, and I were flown to Scotland to talk to a product team at IBM because we asked so many questions.

Combating Snake Oil

There are a ton of ways to protect your and your organisation from snake oil, here are some of the techniques I use:

  • Read related vendor documents
  • Look at related vendor guidance
  • Conduct credit checks
  • Conduct open-source intelligence
  • Look to industry peers for views and opinions
  • Look for independent reviews
  • Look for previous customer feedback
  • Attempt to validate statements by the vendor/supplier

In the end I tend to find that if the feeling I get during the ‘sales’ experience is similar to that of a scam whereby I’m pressured or made to feel negative is a really good acid test. Even if the experience is good, I follow up with a range of activities as above, I have made mistakes before by making too many assumptions, so I try and have a modus operandi of taking a cautious approach.

Be safe, be secure and may the force be with you!

Leave a Reply