August 2024 – joemac.io

rapid fire rfq

One of my favorite talks at RVASEC 2024 was one I was most surprised with, called “Social Engineering the Social Engineers” by David Girvin at Sumo Logic.

If you work in a technical leadership role, you should absolutely view this talk, because 1) it’s funny, and also 2) it will really help you understand the relationship between you and salespeople, the ways salespeople are incentivized, and how you can leverage the sales process to inform better decision making around tooling evaluation.

The net result of this enlightenment should be a shorter evaluation to deployment lifecycle, enabling you to extract more technical value out of your tools. Girvin broke a lot of my assumptions about sales and I’ve already started putting some of his tips into practice to good effect.

I want to pause for a minute here and say that I have worked with some truly great salespeople and some of them have become friends of mine. I have also worked with very poor salespeople. Tech sales is a tough job and I respect it, but I also have my own job I need to do.

Anyway, Girvin makes a big deal out of transparency and not keeping the competition a secret. In retrospect, that’s actually an obvious tip that goes back to Kerckhoffs’s principle, and it’s not like vendor A is unfamiliar with competing vendor B. They “know the system.”

I had a unique opportunity to put this tip into practice, and did an experiment in radical candor when my org had a popular enterprise security product up for renewal. The scenario was essentially “hey, we have this tool and it’s up for renewal, we need to put cost pressure on them.” Worst case scenario was we couldn’t get pricing, and we’d just apply indirect pressure – after all, “this is my best and final offer” usually isn’t.

So I contacted two competitors. Vendor A and Vendor B. I contacted them through the sales intake forms on their websites. An SDR responded to me from each vendor “wanting to know what we were looking for.” Here was my response:

Thanks for getting back to me. I want to be transparent about the outreach – we are currently $EXISTING_VENDOR customers, we are pretty happy with $EXISTING_VENDOR, we are probably not looking at an extended demo or POV, and our focus is getting comparable and competitive pricing.

Of course, if it’s a slam dunk, there might be something here, and although right now we’re doing a primarily numbers/market-based evaluation, we’re happy to get a product/feature overview.

Vendor A played ball on this. We had a conversation, it was a good product, we got the product overview and a brief demo, and the next day we had a quote, and it was in fact lower, though not by much, than the existing product. Vendor B did not get back to me after my email above. But we only needed one response. We also now know that we were talking to a legit competitor, and even in this biz, relationships are king.

During the call, I presented this as us doing a “rapid-fire RFQ” (request for quote), and it became clear to me that the SDR thought this was an unusual tactic. “Do you do this for all of your renewals?”

Well, we do now.

linkedin is bad, actually

The week before this last vacation, I wrote an at-length post on LinkedIn discussing the Crowdstrike RCA report that I thought was helpful in explaining some of the details of the report and actions you should or should not take as a Crowdstrike customer, and how I thought the future of this thing was going to go down with their customer base.

That post got almost no engagement, likes, reposts, comments, or anything spurring further genuine discussion, or things I had missed.

It was at this point that I devised a theory – that if I wrote a post about Hawk Tuah Girl AKA Hailey Welch, it would generate better engagement than the illustrative and professional content I wrote about a recent cyber event.

I didn’t use the words “hawk tuah girl” in the post, but I barely disguised the fact that I was talking about this woman, and used her full name. I pre-empted any accusation of unprofessional content by citing the Vanity Fair and NYMag articles about her.

Sure enough, hawk tuah generated significantly more engagement than my Crowdstrike RCA writeup. It was at this point, and among many other reasons, that I decided I’d had enough and closed my LinkedIn account.

There are people I connected with on LinkedIn that I genuinely did enjoy interacting with, and I will miss that. I felt the same way about Twitter/X. I have not had a Twitter account in a number of years. But, when I ask myself the question: “what have I really gotten out of this platform” – in the long run I just can’t come up with a good answer other than “actually, I think this may have been a colossal waste of my time.”

I have never networked my way into a job from LinkedIn. I came close once, when a very good recruiter came across my profile and reached out, but I ended up withdrawing and took the job I’m in now that I got from old-fashioned networking. All of the other jobs I’ve gotten have either been through applying directly or from in-person networking.

The vast, vast majority of recruiters who reached out to me on LinkedIn seemed like they were following a spray-and-pray strategy, often advertising jobs to me that – had they actually read my profile – which was 1:1 with my resume, they would’ve known I was not qualified for.

When I closed my account, I had 176 open requests to connect. Almost all of them were from salespeople. I have worked with some great salespeople, however:

1) I’m really not interested in talking to a stranger about their product. I am aware that BDRs/SDRs make money based on the number of appointments they book, and that is the endgame here. It’s cliché, but I’m well aware of what my pain points are. I will come to you if I need a problem solved.

2) When you connect with salespeople on LinkedIn, your feed fills up with content for salespeople. Ultimately, this is probably doing salespeople a disservice.

I know people find career success on LinkedIn, but it has never worked for me personally. I am not interested in sales calls.

I am also appalled at the amount of straight-up bad behavior there is on LinkedIn, including the stolen and re-hashed content, content obviously generated by AI (it’s really obvious), grifters, and a frankly disturbing number of people who use mental illness as a shield to deflect any claim that they’re being rude and shitty.

So, I am gone now. I maintain a private Instagram account with a small number of followers for the use of my close friends and family, and have no other social media presence.

And I’m upset about this, mostly at myself, for the wasted time I invested in another ARR generator for Microsoft. For the time I could’ve spent with my family, coding, or working on a side project, or even this website, which I operate and maintain entirely on my own.

I’m upset about the value they captured that I didn’t.