Channel Security Secrets

[00:00:00]
lou-rabon_69_10-14-2025_103603: I'm stoked to chat with our guest today. He's a cybersecurity executive advisor and ethical hacker with over 16 years of experience in security leadership.
His background span, security, engineering, risk assessment, AI security, and leading high performing security teams. At nig, he pioneered the company's threat intelligence detection, engineering, and incident response program. Today he directs [00:01:00] Global Cybersecurity, ensuring the protection of data assets and brand trust worldwide.
Co-author of the cybersecurity book, 97 Things Every Application Security Professional Should Know He's the Global Director of Cybersecurity at Monks Alexander Wald, welcome to the show.
aj_2_10-14-2025_103607: Oh yeah, definitely. I really appreciate being here. You know, it's, uh, I think, uh, a fascinating time in our history as an industry. So, uh, I think there's a lot of opportunities, um, and also, um, a lot of challenges. So I really appreciate being on the show today.
lou-rabon_69_10-14-2025_103603: Yeah. Yeah. We're, we're, we're stoked to have you because, you know, you're a practitioner, you're not a salesperson. So we're gonna talk about, uh, you know, what it looks like when, uh, you're the. Receiver of some of these sales pitches that you're getting, but let's, let's get into our first question, which is, what is the biggest secret to your success in security?
aj_2_10-14-2025_103607: I would say probably my biggest secret is, uh, just general, uh, tenacity and then follow through. [00:02:00] So, uh, insecurity, there's a lot of, um, uh, rocks to overturn, and the only way you can discover vulnerabilities or issues is by looking and then by trying to see things from a new perspective. being tenacious and just continuing to dig for more, uh, uh, answers to questions, uh, is what I think has really made positive outcomes in my career.
lou-rabon_69_10-14-2025_103603: Yeah, it's um, it's interesting because we see this. Actually with non practitioners too, anyone that we've spoken to, curiosity, right? That's, that's what it boils down to, is don't just accept the first answer. Don't accept things at face value, but dig and, you know, question, question everything,
aj_2_10-14-2025_103607: I would definitely, you know what? Questioning everything is, um, a core part of, uh, my philosophy. 'cause, um, whether it's your, your priors from, uh, your family, your community, um, your industry. gonna be ways of working that people will just assume is the, um, the proper way. But then [00:03:00] hackers don't think that way.
They think of how do I get around what's standard and how do I understand the system in the way that other people don't, um, understand or don't expect. So, question everything is, uh, definitely, um, rings true with me.
lou-rabon_69_10-14-2025_103603: Yeah, that's great. So, you know, we're, our audience typically is made up of, of people that are, uh, buying and selling within this trusted advisor channel. Um, and, uh, I, you know, you're. I know, you know, Jacob, that's how we, we met, uh, from Three Tree. So, so you understand the model. Um, one of the things I think people would wanna know is since you're one of the buyers, you're getting approached by these trusted advisors, what do you consider to be like, um, you know, what are the effective ways to reach you?
I know that cold calling is dead, right? Like I, especially with, I don't know if you've, uh, used the recent iOS, but it's got some really good anti-spam features now where you know, if you're not, if you're an unknown [00:04:00] caller, you're immediately put to another queue. You know, sometimes you. You can be blocked.
Uh, there's also apps obviously that block that stuff. So cold calling doesn't work. And then cold emailing I think is pretty dead these days too, with spam filters and especially if you're using, um, you know, any of the major, uh, mail carriers, plus having corporate, uh, email security, there's ways to really tone that down.
So, um, you know, essentially how are people reaching you and what do you respond to?
aj_2_10-14-2025_103607: Oh yeah, definitely. It's a great question because, you know, whether it's a spam filter or, um, even just fatigue, um, through mess. Messaging systems, it's, uh, um, there's, you're trying to get the attention of the person, uh, to get my attention. It takes a lot of effort actually. So, uh, is, um, usually what works best, um, with me and also with, uh, other individuals I work with.
So, uh, you know, with a trusted partner, for example, the hardest thing to do is to build trust. Um, so with that [00:05:00] trust building, you have to really go where the practitioners are going. So whether that's events, whether that's conference, whether that's webinar, uh, actually being where the people are is a critical first step in order to, uh, get the initial, um, uh, foot in the door approach. Um, cold calling, cold emails. Uh, they might have worked in the past. People today might actually see it as, um, annoying or they might not even go with a solution because it's. Um, not providing any initial value. Um, there might be a lot of, a lot of like, prior assumptions or prior understandings from, like, past interactions with a company, or it's, it might be totally untrue today. Um, a lot of times a, uh, companies will also assign, for example, uh, uh, regional staff. So if your company's headquartered in one country, then you'll usually get calls from people in that country where they're originating from. If you're a global company, I might be getting calls at 3:00 AM not very likely.
I'm gonna answer your call if [00:06:00] it's at 3:00 AM
lou-rabon_69_10-14-2025_103603: Yeah.
aj_2_10-14-2025_103607: Some very human level, um, understanding of, uh, how to get attention. But at the same time, uh, you have to show up. Um, true leadership and partnership requires actually being there.
lou-rabon_69_10-14-2025_103603: Yeah, great, great points and like gold for anyone out there that's trying to get your attention. So, um, you know, understanding who you're speaking to, not relying on some kind of automated script or ai. Outreach. I mean, the AI outreach is just like so obvious these days. Like, oh, Alexander, I love how your company, it does X, Y, z, you know, is the leading retail or whatever.
It's like, yeah, you, it's so, so immediately. Those are the ones that you get through if it's got a personal message. But what I also heard is like going to events, getting involved in, if they wanna sell security, um, you know, these trusted advisors should probably look at what are the local security events like ISSA or oasp or, or any of the, uh, [00:07:00] organizations that are having security meetups and things like that.
aj_2_10-14-2025_103607: Oh, definitely. And you know, it's, uh, it's critical 'cause that's where the people are and then.
lou-rabon_69_10-14-2025_103603: Yeah.
aj_2_10-14-2025_103607: It's at all levels too of the industry. So you might talk to, for example, at a security conference, an analyst, that analyst might one day be a manager, director, ciso. So it's building, that human supply chain with your, sales to understand that this is a long game.
It's not about short term returns, it's about the overall picture
is your building A community with yourself, your own brand. There's tons of people that can do the same kind of selling, even the same technologies in a lot of cases. So in order to differentiate yourself, you have to really put yourself in that place of I am the expert.
I'm how you get the best value outta your business, and at the same time you can trust me. so it's a, you know, it's definitely a journey, a marathon, not a sprint.
lou-rabon_69_10-14-2025_103603: Yeah, great [00:08:00] advice because I think another recurring theme on, on this podcast is the transactional seller versus the solution seller. Um, and we had one person on here, um, who has a great business and they mentioned that sometimes they're. You know, spending time with people that they don't have an immediate deal with.
They're not trying to close something. They're just, to your point, establishing those relationships, establishing trust, and, um, that's really important. I think we, we see that ourselves as one of the vendors in this channel. Um, there are the trusted advisors that are very much like, Hey, give us a quote, we just want to get a quote.
And it's like, no, that's not the way we do business. We wanna understand what are the problems. Um, and often what we see are companies especially lower in the maturity scale. They're um, coming. They're like, Hey, we want a pen test. And we we're often saying, well, why? Yeah, pen tests are great and they're part of an overall security program, right.
It's just one piece. And if you haven't had an assessment of your entire environment for two [00:09:00] years or more, or, or you know, or you haven't, if you want to pick a project, like have you done a tabletop? Like yeah, it's true. A pen test will show you what really obvious external, uh, ways of getting in are, are going to be out there.
But that's not really necessarily the best, best project for them to lead with. So we tr that's why we wanna have those conversations.
aj_2_10-14-2025_103607: Oh, definitely. And it's, it's a time saver at the end of the day. 'cause you can try to sell something to someone that, that doesn't need it, and you're just wasting your time if you just understand what their problems are and then their challenges. only will you optimize your time, but you'll provide better outcomes for the customer.
lou-rabon_69_10-14-2025_103603: Yeah, a hundred percent. So, um, what, what resonates with you, let's say they've gotten your attention. Um, what resonates, what I heard partially is obviously be relevant to your needs. So if, if they're reaching out, you know, definitely not at three in the morning, um, but you know, they've gotten you on the phone or they've gotten your, you to return a call or return an email, [00:10:00] um, what, what is it that that makes you wanna take the next step with them?
aj_2_10-14-2025_103607: You know, the, the big thing is, um, highlighting value and then also minimizing, um, my effort. Uh, nothing bothers me more than, um, 18 questions in an initial email. very unlikely I'm gonna ever answer those kind of emails 'cause I have very limited time to even read the email, let alone, um, action.
Anything within it. So, uh, getting straight to the point, showing the value proposition. Um, that can be a, a report, a highlighted link of a case study. Um, there really needs to at least be that initial hook of value in the email itself too. So, uh, um, also other, um, communication channels, um, I need, you need to pull me in immediately.
So if you, if you're in like my Slack for example, you know, definitely needs to be in, um, a very thoughtful message, um, at the same time. It doesn't ask me a thousand questions. 'cause at the end of the day, I'm the [00:11:00] customer and, the vendor should be doing the work for me to understand, um, what my, how to, how to solve my challenge. Um, it's enough for me to at least highlight what my challenges are. So I, I would usually recommend in those situations, uh. Ask, you know, do you see the solution fitting with your current needs? If the answer's no, that's okay, because the thing is, is when the need does come up, the first person they're gonna remember is you for at least mentioning the solution. Um, at the same time, follow-ups. Um, this is a critical thing. Uh, vendors do not do enough, um, follow-ups. Um, when it comes to, uh, understanding if problems might have just appeared. Businesses don't operate linearly. Sometimes it's like a zigzag. So you might have moments and quarters and even days where, um, spend can occur and then there's procedure and process the rest of the year. So, um, hit while the iron's hot. But then at the same time, uh, [00:12:00] you need to be okay with rejection.
lou-rabon_69_10-14-2025_103603: Oh yeah. Yeah. I mean, any person that is salesperson that's out there that's not okay with rejection is definitely in the wrong field. But, um, I think what you're also saying, what I'm hearing is be prepared, understand your business, be um, very tight with the message. Don't expect you to start feeding, uh, you know, as the customer, a ton of information to the sales person or trusted advisor.
Um, you know, uh, really understand, okay, hey, here's what I'd like to speak to you about. Here's why it's going to help alleviate some pain. Um, you know, here's some information on other, uh, customers like you that we've helped, et cetera here. You know, let's set up a time to chat.
aj_2_10-14-2025_103607: Exactly.
lou-rabon_69_10-14-2025_103603: Yeah, that makes sense,
aj_2_10-14-2025_103607: opens the door. And then, you know, once you get that initial trust, then you know, sky's the limit where,
lou-rabon_69_10-14-2025_103603: right?
aj_2_10-14-2025_103607: You can start talking about other challenges. So like, if you're a partner that's specializing in IT, or security for example, that might [00:13:00] just be one aspect of the business needs.
You might be able to bring in other partners, other relationships that will enhance the overall, um, system that you're building with this client.
lou-rabon_69_10-14-2025_103603: it's 100% and that's the long term. That's the solution sale. It's not like, oh, okay, you need um, some widgets, here's some, here's a quote for some widgets, and then a year later I'll come back and ask you to renew the widgets. It's like, wait, why do you need them? What are your. You know, pain points.
Okay, well maybe we can't help you here, but we'll help you over here. We know someone that can help. So, um, that's one thing that's nice about the Trusted Advisor, uh, network, is that you can go to them and say, listen, I, I know I need this. These are my requirements. Can you come back to me with two or three vendors that do this?
I, I think that's the value prop. So, um, you know, what's your experience been in working with, uh, the Trust Advisor network?
aj_2_10-14-2025_103607: Oh yeah, it's been a game changer 'cause uh, I only have so many hours in my week and a trusted advisor. They have teams of people where, [00:14:00] um, they can, I can ask them to do research. I can ask for, um, what's the market look like for this solution? Or, um, what are you seeing in other customers that are, isn't, is not working? Um. I do all the research myself, I'm gonna be limited by what the marketing people tell me I can see.
lou-rabon_69_10-14-2025_103603: Mm-hmm.
aj_2_10-14-2025_103607: On the ground experience with other actual customers, um, it provides invaluable insights to me where I can understand, oh, this worked for this company, but not this company. Um, we have these strategies to get the best price, depending on certain tiers or product offerings. those are the things that I just don't have the time to develop and build that a partner does. So I see partners as an extension of my team rather than a, um, client partnership in that way. Um, to me, uh, they, they are on my team. It's just, you know, they use a different email.
lou-rabon_69_10-14-2025_103603: Right. Yeah, that, that's brilliant. And what about your peers? Um, because I feel like this is still really new, uh, for, [00:15:00] especially in cyber, I think, uh, you know, you're probably on the Slack channels, CIS o Slack channels and all that stuff for, um, hey, do you guys know a good vendor that does this? Um. So, so coming over to this trusted advisor, like reaching out to a partner and saying, Hey, can you help me and maybe even run the RFP for you?
Are you seeing your peers starting to adopt this too, or are they still kind of resistant?
aj_2_10-14-2025_103607: Um, they're starting to adopt it rapidly, actually. Uh, so I would say, um, the newer generation too, especially, is very open to this model of delegation. 'cause essentially that's what we're doing is we're delegating work that we would have to do. And at the same time, uh, once we have that trusted partnership, um, making some very critical decisions for the business based on that, um, decisioning. So, um, I would say it's. in trend. Um, all of my peers are slowly getting onto this model. Um, 10 years ago I didn't know anybody on this kind of structure, so it's definitely, um, newer in the space, more efficient and [00:16:00] then more beneficial to both sides. Um, it's not just, you know, like you mentioned, not a transactional relationship. Now it's a journey. And then there's additional benefits too, where I can get, um, networking access, I can get, um. from, um, some of the best people in the industry because they're also using partners as well. Um, before, if we're just sharing the same vendor, like, oh yeah, we'll go to the same conference together, we'll grab the same swag, you'll have a beer maybe. But now I can go to a networking event with other, um, partner members and it, I can get direct insights from some companies that I would, you know, only wish I could, uh, get, um, CISO time with. So it's, uh, been invaluable for me. But then I think, uh, it's gonna be a model that, um, any security leader or IT leader is gonna really wanna focus on is, um, you're limited by how much time you have.
So delegate what you can to the best people you know. And if you don't know, I'm sure there's someone in [00:17:00] your network. Um, I know a few myself. Uh, that would be excellent for any company.
lou-rabon_69_10-14-2025_103603: That's great. Yes, please spread the word because we want more and more people to, to do this. And that's why we've decided as a company to go, uh, as a supplier to this Trusted Advisor network because, you know, um, the budget required to become a brand name. Is, you know, requires a, a huge investment. And so in, in trying to do this in a way that we don't have to go give away the company, uh, you know, to get the sales and marketing capability, the trusted advisor network for suppliers too is just a really great, because then we concentrate on a smaller.
Subset of sellers that get it. They understand, and we've got a, a different model at Cyber Defense Group. We do, you know, flat rate pricing and stuff, which is still pretty new. Um, and people don't, can't wrap their heads around it. But to have a trusted advisor be able to explain that to someone like you, a buyer is, is easier than you saying, oh [00:18:00] yeah, let me take a shot on this weird model that we've never done before.
It's kinda like you'd have to be in some serious pain, like maybe hire two or three. You know, security companies and had a horrible experience of like, okay, I know exactly what I need. And, you know, so we, we, that's a narrow subset. The, the trust advisor network is, is really a good thing for, I think you're right, all parties involved.
Um.
aj_2_10-14-2025_103607: you, you're, you're lining the incentives together and, uh, you know, a flat fee structure like you mentioned. That's perfect. 'cause it doesn't matter how, how cheap you get it, you're still getting what you need as a company. And then I can trust that, oh, our incentives are aligned,
lou-rabon_69_10-14-2025_103603: Exactly. Yeah. I mean, I, I don't want to go too far into, uh, you know what we do, but that's why, you know, I did it, is because the, the time and materials model, who does that benefit? It benefits. The company charging time and materials and retainers and stuff, which is great, but it's a great short, you know, term way to make money.
But in a long term relationship, the worst [00:19:00] thing that you want is someone saying, oh, let's not use the security team too much because they're too expensive. Like, we want, you know, everyone to use this as much as possible so we can do our job and, and protect the environment. So, as you know, so, um. What, what, one thing I, a question I had for you.
I know that I've, I've got buddies that work at, um, you know, the security teams of, uh, you know, like yourself, they're getting gifts, uh, especially the larger, uh, organizations. What's the craziest gift you've gotten to, to, to, you know, ask for a meeting?
aj_2_10-14-2025_103607: Oh, for sure. And, you know, I have to reject, you know, these gifts because, uh, you know,
lou-rabon_69_10-14-2025_103603: Corporate policy.
aj_2_10-14-2025_103607: corporate policy ethics, um, you know, it's, it's, it's one thing to buy me a dinner after we, we've done the deal. Um, a lot of the customers are gonna be similar in that way, but then for the customers that do accept gifts, you know, it's a, I've seen vendors try everything under the sun.
Um, popcorn towers, um. [00:20:00] Pickle parades. Um, they have, as creative as you can imagine. Um, they'll show up at my door a few times. Uh, so it's, uh, um, it, it can get intrusive even.
lou-rabon_69_10-14-2025_103603: Yeah.
aj_2_10-14-2025_103607: And if it becomes too intrusive, it becomes very off-putting. Uh, and also expensive, um, to do those kind of marketing tactics.
lou-rabon_69_10-14-2025_103603: Oh yeah.
aj_2_10-14-2025_103607: And the thing is, is if a company doesn't accept gifts, then it's seen as hostile. It's like, oh, you know, you're trying to, you know, bribe us, essentially.
lou-rabon_69_10-14-2025_103603: Yeah.
aj_2_10-14-2025_103607: The thing is, you as the vendor and the seller, you don't wanna be seen as just trying to bribe off your customers. It's, you wanna see this providing true value and insight and there's other ways.
Um, so, uh, sending gifts. I, I don't advise it actually, because it's gonna be expensive and the results are gonna be minimal. And then also, if, so, if the customer's gonna be accepting a gift from you, they'll accept a gift from your, your competitor too. So it's,
lou-rabon_69_10-14-2025_103603: [00:21:00] Yeah.
aj_2_10-14-2025_103607: It's a, it's a losing game and
lou-rabon_69_10-14-2025_103603: Yeah,
aj_2_10-14-2025_103607: um, your solution and your network should speak for itself.
So, uh. Just my own opinion. But, uh, if, uh, you're going to focus on gifting, um, do it in a way that's, um, networking related, say like,
lou-rabon_69_10-14-2025_103603: yeah, yeah.
aj_2_10-14-2025_103607: Wanna come to this event with me, do you
lou-rabon_69_10-14-2025_103603: Right.
aj_2_10-14-2025_103607: Meet other like-minded peers in your industry? Because that provides immediate value, low pressure sales, and then it gets you building that trust with the client.
lou-rabon_69_10-14-2025_103603: Yeah, that's, I that's great feedback. And anyone that's doing these gifts, I mean, even, I recently got like a $2 bill from, I, I forgot what kind of, I, I don't even remember the company, but I was like. You know, obviously I'm not gonna throw this out. I, I, I think I gave it to one of my kids, like, oh look, $2 bill.
Cool. But it's like, if they're sending this out to 10,000, a hundred thousand people, it's just like, what's the utility of that? I don't, it didn't make me wanna buy their product anymore, you know?[00:22:00]
aj_2_10-14-2025_103607: If you stop sending me $2, will you make it cheaper?
lou-rabon_69_10-14-2025_103603: Yeah, right? Or is this Yeah, it's so strange. Um, so yeah, I know, well, one of my buddies got like an Apple watch they sent to him, and I think he might've had, I, I don't know if he sent it back or not, but it was just shocking when I, when you think, what is an the cost of an Apple watch? And this was like five years ago or something.
So, you know, it wasn't like now where they've got different models, high, low, medium, the whatever it was, it would've been a couple hundred dollars at least, you know.
aj_2_10-14-2025_103607: sure.
lou-rabon_69_10-14-2025_103603: It's crazy.
aj_2_10-14-2025_103607: And then also after the fact where even if you don't go with a vendor, they'll send you an after survey, um, you know, a reward where it's, oh, well, we'll give you a hundred dollars to tell us why you said no. And
lou-rabon_69_10-14-2025_103603: Yeah. Yeah.
aj_2_10-14-2025_103607: You just read the email of why we ended the conversation, you wouldn't have to spend a hundred dollars.
lou-rabon_69_10-14-2025_103603: Yeah. It's such a, it, it's such a waste of money and time. I agree. But what I think for the audience, what's really important to know is that industry events or putting you together, like, Hey, we're gonna have a round [00:23:00] table. We're gonna do a dinner at a nice restaurant, we're gonna have a round table. Or maybe sometimes even a, a dinner is a bit of a commitment 'cause you're like, oh gosh.
You know, depending on how free your evenings are, if people have families or, you know, obviously other things they want to do. Um, maybe a lunch or, or something. Even if it's a Zoom, maybe like, Hey, well I'll send you one time we did a wine event. Um, but, you know, less people are drinking. And also, uh. We, we learned that a lot of people just wanted the wine.
They, they didn't respond after. But, um, long story short, I think those events that are adding value where you're with your peers, something that gets you together with your peers, where you can share ideas, you're getting value. 'cause you're, uh, to your point, sometimes you get a little bit myopic in your own environment.
You want to have the, the feedback from someone else. Yeah. I, I think that's a really good takeaway. Um, one, one other question I have, Alexander, since it's like really important, um, for people that are getting into this channel, it's, it's [00:24:00] new, like your peers are not using it as much. They're starting to though.
That's encouraging, but also for the. Sellers that haven't sold security before. There's a lot of 'em, and they want to because they know it's lucrative. Maybe they've got a curiosity and interest in it, but they haven't sold a lot. What would you say to them? Like if you got a call from someone, they're like, Hey, he, I understand some of your pain points.
Are these relevant? Someone like you, you're gonna be able to dive as deep as you know, like super deep. Technically they're gonna get scared. So what advice would you have for them if, if you start to be like, you know, get into like, all right, well, is that on the oasp top 10? Or, you know, what kind of, does it have a fuzzing capability or something?
You know, where it's gonna go over their head?
aj_2_10-14-2025_103607: Oh yeah. And you, and that's the challenge you face as a seller, is you, you don't want to, um, approach a situation where, um, you don't understand what's being said in the room.
lou-rabon_69_10-14-2025_103603: Right,
aj_2_10-14-2025_103607: you know, in order to get around that, setting those expectations from this, from the [00:25:00] start, I think is really healthy 'cause. In our personal lives, we have all range of people, you know, intelligence, um, interests, hobbies, um, just because you just started in security selling doesn't mean you have to be an expert,
lou-rabon_69_10-14-2025_103603: right.
aj_2_10-14-2025_103607: Some least core foundational principles that you should follow. The biggest, um, in, in my view is, um, understanding the person. first. Make sure they know who you are. You know, uh, if, for example, you see someone at an event shake their hand, um, ask 'em, you know, where you live, uh, you know, what's your, your interests really start off as that foundation. But then if you have more limited access to people, let's say over email, uh, typically the easiest way will be to, um, pre provide immediate value.
So if you're selling, um, PAM Solutions. Tell me why your solution is best, um, value-wise. So I wanna emphasize value, so
lou-rabon_69_10-14-2025_103603: Hmm.
aj_2_10-14-2025_103607: You can have the best solution, but if [00:26:00] it's $10 million, there's very little chance you'll, you'll ever sell it, even if it's a perfect solution. leading with value is typically one of the best ways to get your foot in the door.
You can always upsell, add on, and upgrade, but the idea is, is to get a sale. So if you wanna get that sale, show why your solution can one meet the needs but at the best price. And that's gonna be very hard for a lot of salespeople 'cause you're, the solution you're selling might not be the cheapest. So there's additional things you'll have to add onto it.
Then, for
lou-rabon_69_10-14-2025_103603: Yeah.
aj_2_10-14-2025_103607: Um, what's the additional value or savings that your solution will provide? Um, is there FTE that you don't have to hire now because of your solution? These are things that you wanna highlight in the value proposition because you know, if you are the cheapest, your job's already gonna be easier.
'cause all you have to do is get volume. But then if you're on the more higher end and you still need to really get your foot in the door, explain why that value exists. How your solution will, um, provide, uh, initial benefits [00:27:00] at medium and long term. most customers, they just, they get a budget and they're, okay.
I can spend a half a million dollars on the solution, not a penny more. And a lot of vendors struggle with that. They'll create these artificial barriers in their sales strategies. Like, oh, I can only sell, um, a thousand minimum units or 2000 minimum units, or, um, the minimum package we can have is X, Y, Z. And the thing is, is that's not useful for the customer. And also it puts in the customer's mind that they're too expensive to ever work with. You might permanently lose a customer over the lifetime of that individual because they'll see you as too expensive. Um, I won't name names in our industry, but there's a lot of those where once you're known as the price use solution, people aren't looking at you immediately.
They only look at you as a last case scenario.
lou-rabon_69_10-14-2025_103603: Yeah, that's great advice. I'm thinking of, uh, you might be referring to endpoint, um, because that's, that's one area where we've struggled, especially if it's like, well, yeah, this is the minimum size, but hold on [00:28:00] a second. There's, you've got some customers that are just under that, that might. You know, be growing and expand beyond that.
But yeah, the minute and then that opens a door to a competitor, and then if that competitor is just as good, if not better in many ways, plus they're more flexible with their pricing Yeah. For the lifetime. Um, contract value of that. Yeah. Great points.
aj_2_10-14-2025_103607: and, and
lou-rabon_69_10-14-2025_103603: Yeah.
aj_2_10-14-2025_103607: It's your job to, um, make those magic deals happen where maybe the vendor won't normally sell it if you're just going to them yourself,
lou-rabon_69_10-14-2025_103603: Mm-hmm.
aj_2_10-14-2025_103607: Having that the security vendor and the partner work together to make a custom deal that meets the customer's needs will. One, they'll show the value of the partnership, but then it also gets a sale.
So it helps every single party and then removes the, these, um, barriers, uh, to sales that a lot of salespeople don't even know they're doing.
lou-rabon_69_10-14-2025_103603: Yeah, it's a great point. And, and that's what's, um, really the long term, right? Um, if, if we can [00:29:00] get the salespeople to think long term, short term Yeah. In your wallet, you know, in their wallet. They may not get the biggest commission for a smaller sale, especially if they introduce other solutions and things like that.
But to your point. They're establishing trust and therefore, over the lifetime of that relationship, and yeah, you're going, you've moved around. Especially security. I mean, it's getting longer. Thankfully, the tenure, I remember a couple years ago it was like every year people were jumping. Um, what that means is you're jumping to a new budget, maybe a bigger company, and may you know.
That trust that they've established with you. People buy from people, they don't buy from companies, right? So you're gonna go back to that person and say, oh, I'm at, you know, new company X and you did such a good job. I know it wasn't a big deal, but guess what? Now I'm working at, um, company Y and company Y has a lot bigger budget.
Let's talk, you know?
aj_2_10-14-2025_103607: Exactly.
lou-rabon_69_10-14-2025_103603: Yeah.
aj_2_10-14-2025_103607: you know, it, it's beneficial to everyone to establish those long-term strategies. [00:30:00] And short-term thinking is G going to only provide you short-term gain. And the thing is, if you lose your customers over a two, three year period. It's gonna hurt a lot more to not make money than this, to have a, a lifelong business.
And, and it's a, just a, as a, from the customer's perspective, but I see people fail all the time in this space. It's, you know, it, simple steps can have amazing impacts. Um, so that's why at least mentioned in the beginning, you know, question everything too. 'cause because your sales team told you this is the way that you, that you need to do something, there might be more effective strategies for the individual. Every person's different and your strategy should be tailored to the individual, not a generic population group.
lou-rabon_69_10-14-2025_103603: We, um, that's such great advice. I mean, this is gold. I hope this, uh, you know, is really a lot of the listeners are, are. Taking notes here because you're, you're giving them the script and the, the basically the, the instructions on how to do this. [00:31:00] We spoke to a trusted advisor who said, yeah, they had started in sales by, they went from it to like Cisco, and this is, you know, maybe 10 plus years ago.
It was Cisco ASAs or something. And, and, uh. They started to understand a bit more about security, and that's when they got curious. So ask questions, right? And question everything. So they were like, wait a second, what, how does this protect and blah, blah, blah. So all of a sudden now they're, that's all they do is security, sales, um, you know, 10 years later.
And they're very successful at it. And it's because of exactly what you're talking about, to ask the questions, question everything.
aj_2_10-14-2025_103607: Exactly.
lou-rabon_69_10-14-2025_103603: Yeah. So, so what is like a challenge that you're dealing with? Um, you know, at a high level, obviously like that you're, um, and I'm not saying I don't want to do anything that's gonna get you like a million inbound calls now because like we need endpoint and then you're, yeah.
But I mean, like a big challenge maybe that you've solved recently, um, with, uh, you know, an external provider that that's helped you get through it.
aj_2_10-14-2025_103607: [00:32:00] Oh yeah, definitely. Um, so, uh, um, this was through the partnership actually. I had, uh, but then. We're able to at least get a cloud security posture management suite. Uh, I won't name names, uh, outta respect, but then the um. This challenges we were facing were, we had, um, disparate environments, um, various ownership. Every cloud you can imagine from A-W-S-G-C-P Azure, even some, uh, smaller players, um, that you might not even know of. Uh, we, we were using, so, uh. Being able to find the solution, um, to actually get end-to-end coverage, visibility, and then most importantly, from a CA perspective. So just because you have visibility over your cloud environment, you need to be able to protect those assets. So some of the most ill protected things on the internet is cloud right now, it's, uh, people see it as either too complicated, requires specialized knowledge, or, um, requires expensive solutions. The thing is, is there are, um, inexpensive and [00:33:00] also open source solutions to a lot of problems that a partner can highlight for you. a, um, I would say in for my challenges, it's always about scale. Um, how do I do things over, you know, 30 plus countries, how do I, um, get many different peoples and teams and understandings to all understand why they need to be secure. But then, uh, uh, with my lease partnership, uh, they made it simple.
Um, they provided me a plethora of, um, options in the marketplace that meant that were meeting my budget, but then at the same time, gave me a, um, roadmap on how we could grow with that solution. So it's a, you know, crawl, walk, run approach. Um, if the solu, if the provider were to sell me a full solution initially, I don't know if it would've actually, uh, uh, been approved. The thing is, is because we're able to get the minimum viable product into the business, we're able to show that value. That value is now highlighted and now it's becoming a [00:34:00] part of our business. So, um, getting a, a solution as part of a business is the ultimate goal of the security vendor.
lou-rabon_69_10-14-2025_103603: Oh yeah.
aj_2_10-14-2025_103607: That's how you, that's how they function and a survive long term.
lou-rabon_69_10-14-2025_103603: Mm-hmm.
aj_2_10-14-2025_103607: But then if you're just trying to sell me a dashboard that lights up for a quarter of a million dollars, then it's not going to be effective. 'cause even if I do buy it today, there's a good chance I won't renew it.
lou-rabon_69_10-14-2025_103603: Right, right. And that's wasted time on everyone's part. But again, it really depends on the short term versus the long term view, because short term, a salesperson may be, Hey, I made the sale, I met my quota, you know, profit. But that's it. That's also not someone that you're gonna go back to. So when, when you get a, an inbound from them, maybe two years later, and they're at the next vendor and they're like, Hey, uh, do you remember me?
I sold you so-and-so, you're gonna be like, you know, avoid that person like the plague because they sold you something that you didn't need, or it, it wasn't the right fit.
aj_2_10-14-2025_103607: [00:35:00] Exactly, and you know, it's, I'm always looking at it long term. remember the security vendors' names. Like, and that's the thing is, is when you talk to a customer, they know you as that person. So if you're selling me, you know, cloud security, I'm gonna know you as the the cloud security person, and that's not going away.
So even if you change your jobs, your fields, I'm gonna always see you in that old light. So your reputation and your impact and your interactions gonna be felt for the rest of your career. So if you wanna make a short term sale and profit, even at the customer's expense, just know you're hurting your own, own career in the end.
lou-rabon_69_10-14-2025_103603: Yeah, huge advice. That's, that's brilliant. So, um, what, what's exciting you about the future of, uh, you know, 'cause there's a lot of people doom and gloom, but I think there's probably, there's definitely some great things around the bend too.
aj_2_10-14-2025_103607: Oh yeah, definitely. You know what? At least in the technology space, um, I'm really excited about robotics, brain computer interfaces, um, from a security perspective, [00:36:00] uh, huge implications. Um, if you have a little chip in your brain, uh, you need to be able to protect that. Uh, host intrusion prevention system and host as in human.
So a hip system in the future might actually literally be in the human, and that's is, it's trending that way. Um, same with robotics. Uh, we're gonna see, you know, robotics become exponentially cheaper over time. Uh, with that is, um, inherent physical and cyber risks with both. Um, you as a securities, uh, vendor or partner need to understand that solutions that solve, um, these emerging technologies are gonna be very, um, abnormal.
'cause a lot of these, this field is new. Um, robotic automatons has been the concept for over a hundred years, but they're still trying to, you know, get it to scale, um, in a way that is economically viable. But then, you know, brain computer interfaces. We've only had the technology for about 40 years, and then, um, commercially it's only been really real for the last, like three years. Um, there's a lot of, you know, [00:37:00] players in this space that are going to, uh, rapidly innovate. It's gonna change how we do business, how we function with society. As a seller, there's gonna be security and IT solutions to manage all of those things. And, um, that's not going away. If anything, it's gonna get exponentially more complicated. So, um, choosing who you work for as a, um, seller is gonna be critical. 'cause if you wanted to work for the next, um, big player in this industry, you have to have a open mind and also a fresh perspective. Um, how we use to secure this business is not gonna be how we do it in the future. So I understand that, that if you question how you're approaching sales today, it might make you a stronger salesperson later on in your career and you, and that ultimate end goal is to retire.
So if you wanna retire, stay on top of the industry and then also continue learning and continue innovating.
lou-rabon_69_10-14-2025_103603: Great, great answer and, and great advice because it goes back to the original. You know, the answer to [00:38:00] the original question is question everything. Be curious, constantly learn. Um, there is one thing you said though, and I I, we don't have time to d dive deep into it. As a matter of fact, it's. Almost painful for me not to go technical on this one, but, well, I'm next, we'll, we'll do that offline, but, um, I did want to double click into the, um, where you said what the, how we secure today is not how we're gonna secure tomorrow.
Because what I've noticed, um, is that we are actually, the things that we were talking about 30 years ago are still relevant. Some of the. Basic concepts and you're talking about hips and, you know, host intrusion prevention. I mean, that's a concept that's been around for 25 plus years. Um, people will recognize it from their VPN if they don't know exactly what that, you know, when it's like, ah, you don't have updated definitions or whatever.
So, um, and that's really relevant for the, you know, brain, uh, human computer interface, which is, we're not gonna even touch, 'cause I, we could go down [00:39:00] such a rabbit hole on that one. Not on this episode, at least. But I did wanna ask you, do you really believe that the, uh, you know, fundamental concepts of security have, are changing or do they remain kind of constant?
aj_2_10-14-2025_103607: I think they're changing in the a way that I wouldn't have said the same thing 10 years ago. So everything from how we do reasoning is dramatically different than even two years ago. How we pull and process information is becoming exponentially cheaper over time. becoming to the point where we may might not even need seams in the future.
'cause um, reasoning agents or reasoning systems can directly look at data stores bypassing entire, um, um, security archite. So same thing with, um, uh, firewalls. It might be completely useless to even have, um, a, uh, layer three firewall if you can do it at layer seven on host at a much more granular level. Uh, [00:40:00] there's at least older concepts that are, um, I think being rebranded. But then the thing that's really gonna be different is I think systems are gonna get simpler over time for security practitioners because what you have to secure becomes more of a black box over time.
lou-rabon_69_10-14-2025_103603: Right.
aj_2_10-14-2025_103607: Your supply chain risk is gonna go up dramatically. But then, um, you're needing a WAF at every single, um, publicly exposed endpoint. It's more of why doesn't the technology have that built in by default? So of these classical ways of approaching security is just gonna be because we're trying to fill in gaps with core technology, with compensating controls. But then the future is the, the technology itself has that built into it. So the types of risks are gonna be different. So, um, there is signature, like you mentioned, but systems in the future are gonna be using heuristics more. They're gonna be using behavior and also learning. So being able to change, adapt, and then also adjust based on what's actually happening in the real [00:41:00] world.
lou-rabon_69_10-14-2025_103603: Yeah, so the concepts are still the same though. You know, like you're talking about the OSI layer, you're, you know, layer three, layer seven. And for those that aren't technical, ask chat GPT. But I mean, you know, we're talking about applications versus essentially network, but also, um, you know, the, what you're saying is the way we interact with those systems is going to be vastly different.
I totally agree with you. And it's interesting because it comes back to what the whole point of, of, you know, this advisor network, trusted advisor network we're talking about is. It's trust. So the hack will not necessarily be okay, we're gonna try to get one past the goalie. 'cause the sim doesn't recognize the signature or didn't realize, you know, we're hiding in plain sight.
It's going to be, we're going to hack the system that, you know, that the, or the, the advisory or, or their hypervisor or you know, what, what's watching over to give you those answers. Like, Hey, any weird alerts [00:42:00] today? And it's going to be, you know. No. How I did not, or not how, no, Dave, I, I did not, um, you know, kill your crew mate or something, making a, you know, a Stanley Kubrick reference.
So, um, yeah, that's, I think that's, it's really interesting. The future is definitely very bright. We didn't talk about ai. We didn't talk about quantum, but um, these things are out there too. But I think, you know, we're the people listening are probably dealing with much more fundamental stuff. And, and that's a scary thing for, for me when I, and practitioners, when we hear, okay, all these things are gonna happen in the future.
It's true, but companies can't even secure. The most basic stuff, you know, without reusing passwords and exposing things that they shouldn't. You know, I, we've seen even in very big companies like sql, uh, database, um, you know, op databases, open to the internet and, and stuff like that. So then you think about robotics and.
[00:43:00] Where, you know, like hacks, like stuck net were specific to, uh, you know, um, uh, a controller in a centrifuge, which was an, you know, obviously the, the hack to end all hacks at that time, amazing how they even did all of it. But that was one specialized piece of equipment. Now imagine hacking a robot that has the capability to do basically anything.
It's like. Not just, Hey, turn a, turn a motor. It's like you can go in and murder people and do all sorts of things. And then who without attribution, which is how the internet works, right? Like how are you gonna know who actually pulled the trigger on that one? So crazy strange. We hopefully we don't go to the dystopian, we go to the utopian vision, but.
aj_2_10-14-2025_103607: Oh, for sure. You know, it's, uh, we'll. Uh, the Robocop and the um, uh,
Terminator future. Yeah. And, uh, it makes find that work for us as humans
lou-rabon_69_10-14-2025_103603: exactly.
aj_2_10-14-2025_103607: Propagate throughout the universe. So.
lou-rabon_69_10-14-2025_103603: [00:44:00] Not, not sure, you know? Yeah. That's the, um, who's the author? The sci-fi author that, um, Elon Musk named all of the, uh, SpaceX, um, uh, uh, ships After. Anyway, that's a, um, uh, an author that talks about how AI can really help humanity jumping around planets and stuff. We really hope that that's where we get it.
aj_2_10-14-2025_103607: Oh,
lou-rabon_69_10-14-2025_103603: Um,
aj_2_10-14-2025_103607: And securing it all's still gonna be relevant, you know? Uh.
lou-rabon_69_10-14-2025_103603: big time. Big time. Yeah. So, uh, you know, uh, Alexander, I want to go also to a little bit of the personal stuff. Um, you know, uh, we're, we're kind of running outta time, but we're having such a conver good conversation. I didn't wanna, um, you know, stop where our path there. But, you know, you have had a really, uh, amazing career and you're still kind of, you know, you got a, a long career ahead of you.
What got you into security? Um, you know, how'd you, how'd you. Find this field or how did it find you?
aj_2_10-14-2025_103607: Oh yeah, definitely. You. Uh, so I started in this field, um, for fun. So, uh, uh, used to [00:45:00] love, you know, video games growing up, trying to understand how they would work. Um, my, uh, some of my first, um, interactions with security was trying to hack video games, so seeing what I could make the systems do, um, whether that's, you know, skipping to different, um, checkpoints going, modifying memory on hardware. Uh, it was fascinating to me as a kid, um, all the way back to the old Game Boy games. I would, uh, look at my, my Pokemon games, seeing how I could interface with various hardware. Um, game Shark was one of the first ones I would work with back in the day.
lou-rabon_69_10-14-2025_103603: I remember them.
aj_2_10-14-2025_103607: and then, you know, fast forward, um, uh, systems have all gone from client side.
The server side hardware has become from open source to proprietary. It's a lot harder to crack into this industry, um, when it comes to hacking. So I felt very fortunate growing up that, um, it was more of a wild west and at the same time it gave me some really, um, invaluable experience and exposure to how, um, a hacker thinks. 'cause fast forward now, I work for the good guys. [00:46:00] And, um, in order to effectively defend, you need to think like, um, all actors, um, good and bad, and. um, you know, my career, like you mentioned, uh, I'm fascinated by security. So, uh, I'm happy to do this until I die. I don't plan on retiring. Um, you know, it's, uh, just something I actually enjoy doing. then at the same time, uh, I wanna be able to help people in this industry too. So, um, I'm always, you know, trying to understand how I can make a further impact, um, build people up as a leader. 'cause to me true leadership is showing up and then building people, not just, you know, taking credit for things. It's one thing to, you know, accomplish a hard goal for a business. It's another to make a whole team look good. And I find real joy in that.
lou-rabon_69_10-14-2025_103603: That's awesome. Well, listen. Um, where, uh, where can people find you? Where can they connect with you?
aj_2_10-14-2025_103607: Oh yeah, definitely. Um, you can check me out on LinkedIn, um, uh, also on, uh, various social platforms like X um, uh. [00:47:00] So if you, uh, wanna check out my content, please do. Uh, happy to have a, uh, individual discussions with anybody and, uh, you know, whether that's from the sales side all the way to the technical side.
Um, I'm an open book for everyone.
lou-rabon_69_10-14-2025_103603: Careful, you're,
aj_2_10-14-2025_103607: Go
lou-rabon_69_10-14-2025_103603: you're gonna get some calls, but yeah. Listen, Alexander, thank you so much. This has been so, such a. You know, kind of eye-opening, uh, experience in chat because I think what you've brought here is not, we could have gone obviously geeked out for, for 60 minutes, which probably would've, only a certain few would've listened, but you've given some real insights and, and a treasure here to anyone that's trying to sell to people like you.
So really a great pleasure to have you on the show.
aj_2_10-14-2025_103607: It's great to be on the show and, you know, it's, uh, uh, really enjoyed, uh, you know, watching, uh, prior ones and, you know, it's, uh, I think, uh, anyone that's listening, um, you know, listen to this, um, content, um, this will help your career. And this is coming from the customer perspective. Uh, [00:48:00] uh, they have some really good insights that, um, will make you a better salesperson.
lou-rabon_69_10-14-2025_103603: Thanks so much and really thank you for listening too, uh, to the other ones and, and thanks to everyone else that's watching and or listening. Uh, if you learned something today, uh, laughed or got kind of nervous about the future, uh, please tell someone about the podcast. Uh, thanks again Alexander, and this has been another exciting episode of Channel Security Secrets.
See you next time.