BizTech BizTech Podcasts

Ep.106 Shocking Security Sales Blunders. Help Your Customers Quickly! Pt 3/3 with Jeff Sharon

February 28, 2024

Subscribe to the Next Level BizTech podcast, so you don’t miss an episode!
Amazon Music | Apple Podcasts | Listen on Spotify | Watch on YouTube

Tune in today as we bring in Security expert & incredible Telarus partner, Jeff Sharon of Cenergi. Jeff has been a big proponent of Advanced Solutions for years, so he’s seen many successful conversations and a few security blunders along the way. With Jeff, we will take a few perspectives. We hear him share what he’s seen unsuccessful competitors do in the market, along with vendors’ mistakes. Jeff offers great insight, things to avoid, but also key strategies to focus on for a successful Security sale!

Welcome to the podcast designed to fuel your success selling technology solutions. I’m your host, JoshLupresto SVP of Sales Engineering atTelarus And this is Next Level BizTech.

Hey, everybody, welcome back. We are on and we are talking about security. More importantly, today is titled Shocking Security Sales Blunders. Help your customers quickly. Say that five times fast. On with us today, we’ve got the wonderful the amazing Jeff Sharon ofCenergi Jeff, welcome on, man. Thanks for having me. Jeff, we’re gonna get to hear a little bit about whoCenergi is here in just a second. But I always like to kick this off. I want to hear everybody’s life path. How did you get to this? Where did you start? Did you start out wanting to be a boat mechanic and then got into technology? What’s the path, man?

I love my path. It ties me back to my family. I’m a third generation plumber. And so, but I decided at a young age that plumbing was not not what I wanted to do long term. It wasn’t the challenge that I wanted. I loved plumbing. But but there was just something that wasn’t fulfilling in it. And so even though I had got my card, and you know, I was a full fledged jury man, I wasn’t I was wasn’t gonna pursue it anymore. So there were some life changes that occurred for me. And it got me in proximity to technology. I mean, my first taste of technology was actually sitting in a call center.

One of those catalog companies taking phone calls, selling max,

all things. I didn’t even know what a Macintosh was. And then

he’s, he’s still a good friend today. But that company had a director of it and befriended me over lunch in the cafeteria. And you know, one of those, what did you do? And he started to describe and I went, that sounds exciting. So he just opened the door to all kinds of things for me was my first business partner.

And, and then one thing leads to another I was educated myself as a network engineer. So you know, I’ve, I’ve been in that data center, I’ve been doing all those whacking on the keyboard odd times at night. But what I found interesting is that the carryover of being able to look at problems within the IT space, especially the network. It was just plumbing all over again.

Ah, there’s the tie. All right. I couldn’t believe it. It was like, Oh my gosh, you know, the, you know, it was still about flow and restrictions and bandwidth and throughput. And it’s just a different medium. And so all of that experience that I had as a plumber and, and the nuances of troubleshooting that go along with it, translated directly. I mean, it’s different, obviously. But I mean, it just it’s the, the way one thinks through a problem. They translate it well.

Awesome. What’s the theory? The theory? Okem’s razor, right? We as technical folks tend to think this thing broke. Surely it’s got to be this problem 18 layers deep. And the reality is it’s probably not the, the RJ 45 is probably just unplugged. It’s, it’s go back to the basics, right? So no, I love that. Tell us, tell us a little bit about then. All right, tell us whose energy is what the business is all about. And, you know, how do we find you?

Sure. So the easy part to find us, it’s our website. We have a fledgling social media environment. So LinkedIn is probably the only other place that you can, you can get a hold of us, but the website is the best place. And so we, as an organization, we’ve, we’ve had, we’ve grown with the market.

We’ve, we’ve adapted and adopted and, and really, how I viewed my engagements and my clients. I’m a pattern individual. So when I see patterns, I begin to go, that keeps showing up over and over again. And then you can’t have that conversation in the middle of, you know, dealing with your client, but you can, you know, take it offline and have some conversations, say, look, maybe, maybe we can address some of these things. You know, it’s just some commonality and some of these issues. And so after, you know, almost 15 years, we’ve seen the same issue rise over and over again. That issue is not enough people, just isn’t enough enough enough people. And I would, I would go into, there’s probably enough people, maybe that’s the wrong ways. There’s not enough talent cycles. That’s how we say it. Is that an organization might have a very talented person, there’s only so many, so much time that that person has, or they might have a talented team. And still, it’s just a continuation of that. And so what happens is everybody does their best. And as we can see over the last probably five to eight years, the bad guys have figured out that there’s weak spot in the fence. So and, and that weak spot is directly related to there just not being enough time to get to keep eyes on things, get things done, move the organization forward. And so, so whatCenergi does today is that we tried our best to affect the margins of an organization’s operational

functionality. And we do that through providing a service which starts with a fundamental aspect of how they operate. And that is, we offer a discovery service, we discover all the assets on their environment, so that we all can say, this is what we’re optimizing, this is what we’re building, this is what we’re defending, all those types of things. And, and then we manage that for them, we manage that, that viewpoint. Because it’s one of those roles that I mean, I’ve yet to hear somebody say, when I grow up, I want to be an IT asset manager. It’s just something that there’s aspirations for. And so this is part of why, you know, who wants that job? And no one raises their hand, you know, it’s a sign to somebody and they’re like, Oh, and, and more times than not, what we find is that everyone knows they need that information. But nobody wants to own it holistically. And so they carve out their own little piece and they put it on Excel spreadsheet and they track their stuff. That’s it. Well, whether you’re talking business continuity, or you’re talking cybersecurity, that’s a horrible way to manage that data. And so we offer that as a service. And then from that perspective, we’re in a very unique position to, to advise, we pointed opportunities, we pointed risks that we see that they may not, and we might be seeing the same thing. That’s perfectly fine. But our eyes on the glass, you know, our organization’s made up of former operators. And so we look at the data in aggregate and say, hmm, that’s odd. And, and bring it to the attention. We’re not executing on anything. We’re not, we’re not orchestrating anything, we’re not doing anything. There’s other people that have those jobs, we’re just bringing it to their attention. And, and then in those cases where they have, maybe they have limited, or we already talked about them having limited skill cycles, but maybe they’re still tapped out, but this is a priority. Then we have resources and relationships through the ecosystem that allows us to be able to engage with detail and solve some of those problems. I love it. And I think that’s, that’s one of the things that you find, you start to get into some of these specialties, like security. You pointed out as these organizations, they don’t, they don’t tell you, you know, when you’re growing, you’re here now, you’re at a certain point now, you’re at a certain size now, you need those things now. And, and there’s also the assumption that the business leaders of those companies assume that people that they have are the people that can help them get those things done. And then inevitably, to your point with security becomes 20% of some other person’s job that may or may not be qualified. So a lot of huge value that you obviously add in that conversation, helping uncover and kind of demystify some of that. Yeah, there’s, there’s a, there’s an interesting balance that has a tendency to get very much unbalanced in the early stages of an organization because that there’s, you know, just too small. And that is, IT operations is a perfect balance between people, process and technology. And I didn’t make that up. But it’s, that’s, everybody understands that. But as you get into your limitations of your own capability to deliver, you will lean on technology and thus you become tool centric and oh my gosh, this nice shiny tool is going to help me be able to be more productive. Well, how many times can you really say that? Yeah, one, one tool, okay, that helps. But how does the second tool help you when you’ve taken all of all your time managing the first tool, you know, it’s just like, it compounds. And what happens is you have all these tools that nobody uses. And so it drags on resources, it they are, in some cases, a risk themselves, because the tool has too many rights. So, so, you know, and that’s one of the interesting things. And when we engage, we discover all of these things. So we get to see the history of an organization as well. You know, things that should have been uninstalled. Yeah, that worked. Yeah. And so why do you have three network orchestration tools in your environment live, you can only use one. No, wait, what, you know, no one even knows it’s there. And so it’s, it’s a very interesting interaction. So let’s talk. Let’s talk about mistakes and blunders. So I want to take a couple different perspectives on this. First, we’re going to get to the customer in a minute. But you get exposure to a lot of different vendors, you get exposure to a lot of different teams. And you get to see a lot of different sales styles and things like that, right. So take this for many, you’ve seen this in so many different flavors. Let’s talk about because again, I want to call these out because I want other people to be able to avoid these. But let’s talk about the mistakes of the vendors. What are some of these common mistakes that you see the vendors make in the process and and how do you help alleviate that or make that as as best as you can possibly make it for the end customer?

Number one, know who you are. What I see in vendors suppliers, however you want to call them. There seems to be there’s always obviously their business and so revenue is important. Driving the number is important for them. And what I find is that typically has more of a priority than actually solving the problem. And so, and so how that manifests is this. If I am an organization for which I have, I provide, you know, help desk services. And oh, by the way, that has a tendency to plug into the SOC of an organization, right? I’m not a security organization. I’m a help desk organization that has the kind of the spirit that can help support a SOC in a couple different ways. And then I’ll see them sell themselves as SOC. That’s like, well, you’re not. And so maybe a SIEM management, where you’re looking at low level logs, and that kind of relates to, you know, some of the help desk. But point being is that the number one thing that I see is that people aren’t being organizations aren’t being real with who they really are. This is who we are. And we’re great at this. Because we are all subject to meeting our clients where they’re at, where they’re at in their life cycle, where they’re at in their growth, where they’re at in their maturity, we meet them where they’re at. And if this is where we are, and this is where they are, the suppliers have a tendency to, so we’re close enough. Yeah, that’s I think we could do that. Yeah, I think that that’s the number one thing that I see that, you know, it’s better to just say, that’s not who we are. Because I think things get off the rails quite, quite quickly. Because you’re not able to speak to it in totality. And once you get into that conversation, you have already built up enough trust the expectations that you said yes. And so it better be yes. And I am you know, as a as an advisor, who has been in part of in those conversations before. That’s stressful. That is that it that could that could ruin my relationship, the trust they have in me. And so I think that’s the most difficult thing. And number two, though, there’s a there’s a close second. Going back to the clients, you know, IT organizations propensity for tools. I love the tools. That leads to a sales focus that leads with tools. Because they think that that’s the fastest way in which to, to gain trust has nothing to do with the problem has no idea when they’re not the tool is going to look at my tool. And I’m, I’m just I’m not a fan. I’m not a fan of that that methodology because it’s it’s it doesn’t take a lot of listening skills to do that. I would grade somebody’s listening skills if they were able to have a conversation say, Yeah, our stuff isn’t right for this. Well, and I would argue too, when when suppliers say that to us, all that does is makes me want to find them perfect opportunities for them because they know exactly where they’re a fit. Yeah, I mean, whether you’re talking a tool or you’re talking a tool stack, you know, say they’re a managed service and they in, and they go, this is what we do. You know, in that sense that you’re unicorn hunting. Like, you need to have some agility or some flexibility to meet people where they’re at because I can guarantee you not everybody has the same stack. Yeah, it might have five, you know, six of it. But yeah, that sixth one is their orchestration environment. So yeah, it’s not gonna work. That’s important. Yeah. No, good. I like those. So let’s let’s shift gears a little bit. Let’s talk about let’s talk about the customers. This arguably could be its own show, I think in just things that we need to be ready for. So let’s talk about, you know, from a security blunders perspective, I know you’ve alluded to tools a little bit. But what are what are some of the mistakes that you see the actual customers make throughout the process? And then how do you how do you intervene in that to help avoid some of those?

So we had a client who had completely outsourced a portion of their their cloud operations. So and basically, we’re had their environment being hosted. That’s essentially what it was.

But it was Azure. So completely in Azure. But part of that Azure build was, and they had included the Palo tie ins into Azure. So it was they have a Palo environment. And this should have never been there. It was part of a service. So again, it was part of that stack. The client completely depended upon that supplier to and this wasn’t one we provided. This is what we engage the client here at this level. To make sure that those palos were operating in best practices. And so there is these and this is where the troubleshooting came in. There is these repeated instances that were occurring for which you’re like, how’s that even happening? That shouldn’t, that that noise shouldn’t be there. You know, oh, it’s, let’s go through the logs. You know, it’s it’s it’s it was so weird that they were even there because in your mindset, you believe everybody operates in best practices. Yeah, minimum, minimum, right. And so we couldn’t figure it out. We were looking everywhere, low balancers, I mean, everywhere we were looking to figure out where was this noise coming from? And so we said, you know what, why don’t we just why don’t we just look at the palace? Let’s just look at the config. Let’s let’s let’s do a compare and contrast and see if there might be some something off. Well, no one configured them. They turned them on. That’s it. Turn them on. Got traffic to flow through them, but nothing was configured. Well, they’re palos. It’s all got to be set up already. Exactly. They should regret another box. And we’re like, we’re like, I’m not even totally sure we want to show this. This is like, whoa. And so it’s just one of those things where everybody means well, everybody expects well. And when you don’t have those cycles to do the the analysis, the double checking, the holding accountable, prove it type of stuff. This is what happens is that there’s no explanation as to why it happened. And I’m not going to go into that. But in scenarios like this, it could have been that day, that that provider had their Palo engineer quit. Yeah. Or get sick, and then got reassigned. This was happening during COVID. So it could have been that very thing.

But this happens more than it should ever happen. Is that have you fine tune your the the nuts and bolts of your organization, the building blocks of your wall? Did you put mortar in it?

Just stack a bunch of block. So it’s, it’s those things where I think, for us, that’s what we pride ourselves why we go and we look at the detail at the foundational levels, like let’s not accept. Everything’s good. You know, we ask simple questions, like to a see so do you have visibility to every asset you have in your environment live? Most say no. Most say no. And so that opens the door having a much deeper conversation. It’s like, okay, well, what? Why not? Yeah, how do you that’s I know everybody listening to this is gonna go, but what do you say now? How do you navigate with the see so that’s, that’s that’s scary. I don’t want to offend it. Take us through that next step of the conversation. What do you do from there? Yeah, so we do see a small trend. The trend is cyber just isn’t a priority yet. So a toolset that is meant for a viewpoint of the entire organization, and be applied and utilized by the entire organization, all different divisions of it. I already want to describe that typically will not fall in the budget of security. And therefore, it’s a tool they don’t have. Now, there are solutions out there that that have been brought to bear that that have, you know, try to address this threat surface problem, visibility problem is what I’m talking to you. So we don’t have visibility. How can we secure what we can’t see? Great question. It’s so basic. It’s a great question. But you know, we when we ask him why not it typically is there’s a misaligned organization in regards to the priority of what that budget line item should should reside. Who’s going to manage it? You know, going back to what I was talking about, you know, it’s a discovery tool. Who’s who’s going to who’s going to own this? Are you, you know, and the cybersecurity team, we would love to. Because our, our very being kind of revolves around us. You know, if we can’t see it, ignorance isn’t a defensive position. So, you know, I just my heart goes out to these guys, the job that they have, because sometimes they’re, you know, they’re asked around 100, 100 yard dash in hip, deep and mud. This Yeah, come on, get that number under 10. Just make it work. Make it work. Make it work. It’s just it’s so, you know, I just we’re, we’re gentle. Probably the best way. There we go. And to your point, right? I mean, this is, this is always a judge free zone. I think that’s the tone that everybody has to take is that people, it’s hard to get people to be vulnerable. But when they realize, look, this is a judge free zone, everybody else is going through the same thing that you’re going through. I’m just here to help you make you look like a hero to the powers that be and make your job easier and give you less anxiety, the wall start to go down a little bit. And that tone has to hold the whole way, right? Because we’re just here to help.

Yeah, it’s it’s it’s unfortunate, you know, the budget is always keen. It is always keen. So, you know, unless there is a culture, you know, that had this foundation, really, almost every organization suffers from some form of this, you know, it’s a it’s not it is shocking yet not shocking that asset information, just where it is, resides on spreadsheets. Yeah, to the day. Yeah. You know, giant spreadsheets. I know that that they’re referring to as artifacts. Now they haven’t, they might have an enterprise architectural depository. It’s a fancy way of saying spreadsheet. Yeah. Wow. So, you know, those are those are areas where we believe that we can have impact. Those are, you know, it’s all in the margins. You know, it’s not one giant iron, you know, fix something and, you know, have a parade because you know, oh my gosh, we just did this. Yeah, it’s it’s a, you know, the the reverse of death by 1000 paper cuts. Yeah. Well, we want to provide life by eliminating those paper cuts, healing paper cuts 1000 band dates, paper cut band dates, whatever. I might have to think of something better to say we are neo sporing. Never thought I’d say that. But hey, whatever, whatever analogy it takes to get people to understand it. No, that’s good. Let’s talk about then, if I’m a if I’m a seller in an adjacent technology, maybe I just haven’t ventured down. Maybe I haven’t talked to see says maybe I haven’t stepped into security this deep yet. What would you what steps would you give it to another seller to help build some of those? What are the practical steps or strategies you’d recommend to step into this board?

It’s a great question. I think the first thing that I would say is of all the spaces that we can operate and advise and sell. Okay, in general sense. cyber is a is the equivalent of

climbing the highest peaks climbing Mount Everest. Okay.

You don’t just decide to climb Mount Everest. Because we do you’re gonna die. It’s just there is no other outcome. You likely will stay there. And they will talk about hey, we found some bones 30 years from now. That’s likely what will happen.

Not just for you. For who you engage. And that’s what you need to look out for. So it doesn’t mean you can’t go climb the mountain. But you need to train. You need to understand what it takes to climb that mountain. You need to understand all of the intricacy parts. You need to understand sec ops in its whole understand how all of the tech stack works with it. Within it. And then then you can have conversations around with those clients as to how they are managing that. And if if you can have those conversations, you can have a peer to peer conversation there. Then you can build trust, because there is nothing in cyber that we’re doing that has anything other than starting with trust. They don’t trust you. I’m trying to build trust with suppliers. It’s more than half my job is to go

do I really want to make this intro? Yeah. And so I’m screening them. We’re having conversations. I want to know what do you know? How do you look at this world? And then I have a pretty good understanding of, you know, one, whether or not there’s going to be conflict to whether or not, you know, that that’s my job. My job is to make sure that if I want to be a matchmaker, not to downplay it. But my my mind’s eye should be on marriage. I’m gonna bring two parties together. I’m gonna be a matchmaker. I this is for good. This is for ever. And so I better be damn good at understanding both parties when I bring them together.

Love it. Love it. Alright, final couple questions here. If we look at I mean, I feel like I say this in every episode, because it’s true. But this is a rapidly evolving landscape from the customer side, from the technology and vendor side, but anything that you see from a security perspective that you think other sellers should consider over the next 12 months, different trends, same trends, staffing, what’s your thoughts?

No, that these people are stressed out beyond comprehension.

And so calling them during working hours makes you a jerk.

So go find out where they hang out. That’s what I would say. Go befriend them. They do hang out. They do go find ways in which to, to relieve their stress. That probably is the most productive thing we can do is see them as people and then meet them there. Interrupting their day. Especially the doers. I mean, it’s one thing talking to leadership that’s a little easier. You think it wouldn’t be but it is it’s easier to talk to the leadership. They’re more available. They lean on the team. Yeah. Yeah. But we have a tendency to go down the totem pole and interrupt the people are trying to get stuff done. And yeah, I don’t know about you. But if I don’t like being interrupted when I’m reading a book, I’m focused. I’m in his own. Don’t talk to me. I can’t imagine being in a stressful that that that is. And then having somebody from the outside world say, Hey, stop what you’re doing. Listen to me. Regardless of whether you’re bringing the cure to cancer. It doesn’t matter. You just interrupted me. You know, it’s so irritating. And so finding a different mindset. And then you’re going to be able to do that. And so finding a different way to engage and be useful. Yeah, you know, beneficial. Fair. Good stuff. Okay. All right. Now pivoting a little bit here. Final thoughts as we wrap this up. If I am a business owner, right, I want to talk about the actual customer. I’m a customer. I know I’ve got some gaps. I know I’ve got some things that I’m going to tackle in 2024. What’s the advice that

to consider further security measures in my environment? Right? What are the kind of pitfalls or how should I be making some of my decisions?

So first thing that I would say is, or I would ask is, are you operating from a roadmap? Yes or no. And have them define or describe that. I guess subjective, I guess. Sure.


And then I would say, have you gone through a maturity model exercise? You know, basically looking at your organization from a maturity perspective, and had a keen third party eye review that and and say, okay, is your roadmap aligned with your maturity model? And the reason being is, if your roadmap is

basically all the roadmap is, is executing on a maturity model. That’s basically all it is. Other than upkeep. Okay, I don’t consider upkeep part of the roadmap. Yeah. So if you’re going on that journey, are you adequate? Are you honestly moving the needle the way you need it? Because if you are working, you have things on your roadmap that is a maturity level three, and you’re a 1.4. Why are you doing that? You are misaligned. And so if you can’t define that, then define it.

Whether you do it internally, externally. Better to do it externally, because you’re where you’re at, because you’re internal. So you’re too close to those trees to see this forest. So it’s a it’s a it’s a worthy, small budget item to say, come and give me a third party understanding of where we are at. And you can do that across all of it. This isn’t something that’s just the central to cyber, it can be all of it, because it’s all related. So you might as well do it. But that would be my advice. When I engage is, I want to know where they’re at. You know, and if all they’re doing is reacting to everything, they are probably not on a roadmap. Yeah, I just love the I love the just some of the verbiage to just maturity model, right? Where do you think you are from maturity perspective? I think that’s great. Great call outs.

Awesome. All right, man. I am out of questions. Jeff, thank you so much for coming on. You dropped a ton of knowledge. Clearly, there’s a lot to this. But I think you’ve distilled it down in a way that that is going to help a lot of people. So thank you, sir, for coming on. Okay, until next time. All right, everybody. Jeff Sharon fromCenergi I’m your host JoshLupresto SVP of sales engineering.