CyberTheory white logo

How to Conduct an Effective CISO Perception Study

Your team is in the trenches. They’re building content, they’re crafting nurture campaigns, they’re attending events, and talking to every Chief Information Security Officer they can. Everything is humming along except for one thing.

The leads just aren’t converting.

True, your go-to-market strategy has gone through your company’s internal think tank and come out polished to a shine—with roadmaps, battlecards and lead scoring tuned to within a millimeter of theoretical perfection. But unless you know how CISOs perceive your brand, and unless you’re engaging with that perception directly, then it may be so much wasted effort.

You might as well be trying to sell IT to an OT procurement officer.

This is where a CISO Perception Study comes in. The purpose of these studies is not just to learn the opinions of CISOs with respect to your brand and product, but also to quantify those opinions, leverage the data into insights, and hone those insights into a proven, analytical approach to content, engagement, and overall marketing strategy.

CISO perception is often such a key factor for cybersecurity solution providers that strategic planning consultants often guide companies to run formal studies. These studies can reveal the right marketing strategy, targets, messaging, and other Go-To-Market foundations, as well as support increased conversion rates with insightful analysis and actionable recommendations.

Here’s where to start.


Strategic Inventory


Before you even begin a CISO Perception Study, it’s critical to make a frank appraisal of existing efforts and take stock of what’s currently in the market. This Internal Discovery may involve conversations with key stakeholders in leadership, marketing, and any advisory councils. Critically, these insights need to be aggregated, categorized, and standardized against each other, since internal perspectives can vary widely.

ciso engagement pbm 9

Be aware that securing such insights can be complicated by internal politics, competing visions between teams, and vested personal interests in one approach or another. For example, good CISO Perception Studies often include content auditing. It’s likely your company already has a variety of marketing assets and tactics in active deployment, and their creation no doubt was born from personal stakes in each initiative from various team members.

Quantifying the effectiveness of existing assets is difficult enough as it is—and it must be quantified, not just ballparked. And critically, for cybersecurity companies, it must resonate with CISOs. So make sure any content auditing quantitatively measures CISO response to content assets. The resulting statistics can help overcome the currents and politics inherent to any enterprise, and deliver more objective facts about content effectiveness.


Customer Discovery


Similar to your in-house content inventory, a full assessment must be made of how your company or product is perceived by existing customers. This goes deeper than simple surveys or feedback forms because any individual buyer’s journey has inherent personal components that don’t often fit into multiple choice.

Even in cybersecurity, human beings are emotion-based decision makers—even if that emotion is “confidence” or “trust,” won over by reams of data or professional reputation. Therefore, thorough engagement with existing clientele must include capture mechanisms to account for the soft variables and individualized experiences that led not only to conversion but to retention. Your research should examine several factors throughout the entire buyer’s journey for each customer researched.

What are the three stages of the buyer’s journey? How did each individual’s journey map to this ideal? How could the process have been streamlined? This understanding can significantly enhance your approach to engaging potential customers effectively.

Through Customer Discovery processes, it’s possible to assemble a composite narrative of what is currently working. Very often, companies find that this is not so aligned with their current marketing efforts.


Aggregate CISO Perspectives


Once content auditing is performed and existing client research has been added to your growing collection of insights, it’s time to further test your assumptions – and that means more CISO validation.

Getting the unfiltered opinions of CISOs is not something that can be done on social media, since CISOs are a mixed bag. Some are brutally honest and others are social media averse. Nor can it be done in a few phone calls, as you’re looking for a breadth of data that one or two ad-hoc conversations could not uncover.


ciso engagement pbm 10

Perhaps trickiest of all, it’s critical to avoid either priming the pump or poisoning the well by tipping your hand early. When a CISO knows that your company is the one asking the questions, that automatically introduces biases into their responses.

The challenge then becomes to engage authentically with a large number of CISOs who are willing to speak their mind without knowing who you are.  

The best way to go about this is by interfacing directly with a CISO network – or working with a research partner who has this access. Go to where they are instead of asking them to come to you. These CISO networks are often (if not always) closed communities, so gaining access to them is another difficult piece of the jigsaw.


This is not an impossible project even without access to a CISO network, but it will require a fair amount of legwork. CISOs can be found engaging each other in private Slack or WhatsApp channels or among themselves at industry events. Creative thinking and the capacity to engineer opportunities can grant you and your team access to the perspectives you’re seeking.

Whatever approach you take, you must maintain a backbone of standardization so that the details that you’re gathering can be meaningfully incorporated into a data set that can be parsed for interpretation. This is critical.


Data Synthesis


By now you will be sitting on a large pile of quantified data, along with opinions and anecdotes. It’s time to turn these myriad conversations and engagements into something actionable.

If you have not maintained a structured approach throughout, then even after completing a CISO Perception Study, you’ll be left with many required steps of compiling, categorizing and scoring before the data crystalizes into insights. If your data-gathering steps were quantified and standardized from the start, however, you’ll be working with a functional data set immediately that will tell its story as plainly as any webpage traffic chart or pen test result.

From the findings of this study, you’ll get a clear picture of how CISOs regard your brand and your product, and you’ll understand the gaps in your own processes, communications, or content that are causing a disconnect between you and your target audience. Sometimes this isn’t a pretty picture, but acknowledging where you are is the first step to getting to where you want to go.


Next Steps


A CISO Perception Study is diagnostic. In the same way that risk assessments tell a CISO which remediation efforts they should invest in, so too do the results of your Perception Study indicate the changes needed in your outreach efforts.

Depending on your findings, this may involve many things: from new brand messaging (validated by unaffiliated CISO input) to new sales team training materials. You might find that the content you’ve been creating was 90% of the way there, but that last 10% lost CISOs time after time. Maybe your lead scoring methods were skewed or your nurture streams used jargon that was just slightly outdated.

Whatever your findings, an effective CISO Perception Study will empower you to elevate your cybersecurity marketing game. Silence from leads will no longer be a mystery. If you’re looking for a research partner for a CISO Perception Study, contact CyberTheory now for a free consultation. Our experience, professional methodology, access to hundreds of CISOs and to ISMG’s subscriber database of intent data offers layers of cybersecurity insight that can align your marketing efforts on an accelerated path to success, and chart a course for a bedrock-solid, data-driven strategy going forward.

Read more: