This is Part 2 of my interview with Angela Rizzo. Angela was the CMO of eSentire, a leading company in the cyber-security space. Since the recording of this episode she has left eSentire and is looking for her next opportunity. If you would like to get in contact with her, please just reply to this email. (For all interviews you can click on the link next to the audio player to add the stream to a podcast player).
I expect to be back with an essay or briefing next week. I will also be going back to dropping a second post per week with interviews shortly. Enjoy!
Edward: This is Marketing BS. This is Part 2 of my interview with Angela Rizzo. Today, we're going to dive into her experience as CMO of eSentire.
Angela, can you start by explaining what eSentire does?
Angela: Yes, I'd be happy to. At eSentire, we provide an affordable, premium cybersecurity service with end-to-end proactive protection. eSentire invented a new category of cybersecurity. We call it Managed Detection and Response and I'll refer to that as MDR. MDR was invented to do two things—detect the fact that bad actors are attacking a customer environment, and then take action to contain the attack before the bad actors can do any harm.
We think of these attacks in three categories—vulnerabilities, threats, and breaches. Vulnerability is defined as a weakness in a customer environment like a bad patch management practice. A threat is an exploit of the weakness by the bad actor. That's where they're trying to get into the environment. A breach is the successful exploitation of a threat. That means they're successfully able to get in. We monitor and manage for vulnerabilities, threats, and breaches. Time is critical to detect these things. Once we detect something, we then isolate and contain the attack.
Edward: There are thousands of cybersecurity companies out there now. What are you doing? What is eSentire doing that's different? Or is it a matter of you're doing the same as everybody else? You're just doing it better?
Angela: Managed Detection and Response is its own unique category. We have to think back to the fact that cybersecurity is a massive data analysis problem. In order to effectively provide cybersecurity protection, you have to be able to find the needle in the haystack. This is the simplest understanding of what we do.
We do this in combination with three key things. First, we have our Atlas platform. There is a term that is going around right now in the analyst community and in the market called extended detection and response or XDR. This is the platform that is needed to ingest, normalize, and analyze all of this data. The second thing we do is called multi-signal ingestion. There are some cybersecurity companies out there that just ingest one signal. They'll do endpoints, or they'll do logs. We ingest multi-signals. We monitor customers' networks. We work with best-of-breed third-party companies, and we ingest their endpoint signals.
We just announced our alliance with Microsoft to ingest the Microsoft Defender endpoint signal. Customers who have Microsoft licenses can work with eSentire and eSentire can manage the MDR associated with the endpoint.
Edward: If a company isn't using you then, are they not analyzing these endpoints? What are the other cyber companies doing?
Angela: I mentioned there were three things. You've got the platform, the multi-signal, and then the people within the SOC, within our Security Operation Center, and within our threat response units. You have to have the combination of these three things to be considered MDR, Managed Detection and Response. Many cybersecurity companies are either selling a point solution, or they're selling software, or they're claiming that they're selling MDR, when in fact they don't have all three of these things working in unison.
Edward: Does a company need to use you in addition to someone else? Are there other elements in cybersecurity that you guys don't handle that they need to supplement?
Angela: Yeah. Companies need to have basic security controls in place. They need to have firewalls. They need to have next-generation antivirus software. They need to have multi-factor authentication. They need to train their employees to understand phishing and not click on emails, if they don't know who these emails are from, and not click on any links. If they have these four things, these are like table stakes from a security perspective. You add an eSentire to provide this overall MDR service. That allows us to fully understand what's going on in the customer's environment so that we can hunt and contain those threats on our customer’s behalf on a 24/7 basis.
Edward: If I were to use the metaphor of a house, which people would understand. Someone needs to train the people in the house to lock the door when they leave, and that's not you. Someone needs to build the walls to make sure they're super secure and strong locks on the doors and plexiglass windows, and so on, guard dogs. All of that stuff is protecting the house. Your job is, hey, someone is going to actually breach the house. They come in and they try to open the door. You know when that happens and you set off the alarm so you can react.
Angela: You can think of it as a house or you can even think of it instead of a house, as a small business. You've got all of this traditional security—the locks on the doors, the guards sitting at the desk, the dogs barking. Sometimes employees will open the door, like my example on phishing, employees will open the door, and let these guys in without knowing who they are. Now, the bad actor is in the building, and we can detect when they're in the building. But now they're searching. Is there personal identifiable information of the employees that I can gather? Is there a bank statement and information on customers that I can gather? Is there an intellectual property that I can gather?
You think about this. We’re in the digital world, and we're able to see who is actually doing these types of things in the customer's environment and have the ability to determine this isn't an employee looking at this stuff. This is somebody who got in via a backdoor. We have the ability through eSentire Managed Detection and Response to isolate that person, and to contain the threat so that this bad actor doesn't start moving laterally through the company to continue to gather more data and more information.
Edward: Your company gets better as you get more clients, as you get more signals.
Angela: Exactly. If you’re customer number 1025, you have all the learnings from customers 1 through 1024. All of the learnings that we have had up to date are now applied to your environment.
Edward: But more than that, that new customer now, because just the fact that they're on your platform, if anybody attacks them, that information gets shared to all the customers that came before them. There are positive externalities in both directions.
Edward: What do customers do that don't use you? It sounds like your product is pretty essential for protecting against these threats. Presumably, you don't have 100% market share, what is everybody else doing?
Angela: There's some confusion in the market because there are a lot of people, a lot of companies that claim they do Managed Detection and Response. They're slapping the MDR label on their service, when in fact they don't. We invented MDR as I mentioned earlier. We have a very strict description and definition of what MDR is. We believe that, again, they don't necessarily have the combination of all three things and do the three things the way in which we do it—the platform, the multi-signals, and the people.
There is some thought out there, and I think about that, too, as the CMO, as to why are they not banging our doors down, knocking our doors down to get our service because it is something that is very unique in the market and our customers are pretty happy.
Edward: That brings me to my next question. When companies are seeking you, I know they are, is your product sold or bought?
Angela: It's a service. Typical customers are small and midsize enterprises, SMBs, and small enterprises. We target companies from 250-5000 plus employees. Typically, the CISO, CIO, or head of IT are the people that are looking to buy this service.
Edward: Are they out there looking for your solution? Or is it a matter of your sales calling them up and making sure they're aware that the solution exists and they should buy it?
Angela: I see what you mean. Yes, absolutely. Sorry. It really gets sold. We have to sell it. We're a private company in Canada and one of the things we're working on right now is improving, and increasing our brand awareness. We do that via a variety of methods. But yes, some customers will come to us via customer references. A customer works with someone in the same industry and they've had a very positive experience. They'll refer them.
We also have roughly 100 channel partners that are out there, selling eSentire to their customer base. Roughly 40% of our new bookings come from our channel. We're constantly educating the market. Part of the problem, Ed, is that a lot of people don't think that they have a problem, and a lot of these SMBs don't think that they're going to be a target. These bad actors aren’t going to come after me. They’re after the Marriotts and the bigger companies, and we're saying no. These bad actors are going after all companies of all sizes, and SMBs are targeted because they aren't putting these types of protections in place.
Edward: I would imagine, again, you're an SMB. You have a lot going on, a lot of decisions to make, and your cash is very valuable to you because you have a high cost of capital. Going in putting money into security is downside protection rather than upside growth.
Angela: The other thing is we have to convince people that they have a problem because they don't think that they really have a problem. Quite frankly, the industry has confused a lot of buyers. You go to a trade show like RSA. There's 3000 plus security packages software you could purchase. But what they don't tell you is you have to have people behind whatever you buy.
Let me give you a great example, I'm sure you've heard of SIEM, Security Information and Event Management software. You put this SIEM software on your environment and it basically logs, then sends you alerts. If you're an SMB, you can be flooded with up to 10,000 alerts a day. What is a small business going to do? When I talk about finding that needle in the haystack, there's no way they're going to find that needle in the haystack if they're getting 10,000 alerts a day. You cannot hire enough people to actually do that work. That's why having a platform, being able to ingest all the signals, and then having the right people focus on those things that are truly the red flags, that's really what companies need.
My job is to convince them that they have this problem, and once they understand it, the sale is actually pretty easy. But we really have to get people to understand what we do, and how we do it, and how it sets us apart.
Edward: I imagine many companies treat security as a checkbox of the CEOs sees to the CTO, or the CIO, do we have security in place? The CIO goes out and finds one of these packages and buys the package, and slaps it on, and tells the CEO that they're good. Unless something goes disastrously wrong, nobody asks the right questions.
Angela: That's a good point. I also think that you've got a couple of other things that are occurring. You have people that say, in order to be compliant, I have to put A, B, and C in. You go ahead and put in A, B, and C, but just because you're compliant, doesn’t mean you're 100% protected.
Edward: That's right. People are jumping through hoops rather than actually solving them for the problems. Frankly, most of the time, when they don't solve the problem, they’ll be okay. But in some percentage of the time, they won't be. If that happens, the CIO probably points to the attackers and says, this was unavoidable. There's nothing I could have done and nobody knows any different.
Angela: It's interesting because people know that they need to have basics. They need to have the next-gen firewalls. They need to have antivirus software. They need to have multi-factor authentication. They need to train their employees around phishing. Don't open an email, and don't click on a link if you don't know who it's from.
You have all those things, then, you also need eSentire on top of that to provide the MDR service so that you have a service that understands fully what is going on in your environment. Again, when the red flags pop up, you have the resources at eSentire that hunt and contain those threats on behalf of our customers.
Edward: You mentioned before that once you get the conversation started, your conversion rate is pretty high. How long does that take you to convince somebody that this is a real problem that they need you to solve?
Angela: It depends. If a customer has already been breached, we can probably get in there and up and running in a matter of a few days. If this is a new lead that has come in through one of our webinars, or they've engaged with the website or content, it could take anywhere from two to three months to get them on board.
Edward: If the first thing happens, if they've just started being breached, they feel a sense of urgency where like, we need to fix this so that it doesn't happen again, whereas if a breach has never actually happened, it feels like this is something that can always be put off to tomorrow. It might be important, but it's not urgent.
Edward: Do you need internal champions? Do you need multiple people in the organization to buy in before sales happen or if the CIO says, hey, let's do this. Does this just happen automatically or do you need to provide the CIO with materials to help convince the CEO and other people in the organization that it's worth investing in?
Angela: It's interesting because typically, we work with the CISO or the CIO. From a technical perspective, they get it and they understand the value. Now, they have to go get the CFO or whoever has to approve the purchasing decision to sign off on it. I don't know if the CFO is really going to care that much about the technology. What they need to understand is, what is the risk that we are avoiding by having eSentire? What is the return on investment by making this investment in eSentire? How many people do we not need to hire? How do we ensure it again? This is basically a risk in our ROI.
We provide that information to our prospects in the selling cycle so that they can go back and articulate that back to the buyer—the person who has to make the buying decision, and approve the final buying decision.
Edward: How do you divide your marketing budget? How much of your budget is spent on the direct acquisition of trying to get those people that just had a breach, and they're searching for a solution to come to you, versus brand-building and content, and creating a perception in the marketplace that you're out there?
Angela: It's probably 50/50 right now, in terms of building the brand because even though we have been working with MDR, even eSentire's been around since 2001, the term MDR was coined five or six years ago by Gartner. Internally, we think that we know MDR, but we still have a lot of education to do in the market especially, when you have other companies like MSSPs or other companies that are adopting the MDR term, but they're not really doing MDR. We have to educate people that, no, when we say MDR, it really means this. The people that you're talking to, our competitors, are not really doing what we define as MDR.
There's still quite a bit of education that we need to do. We're spending a lot of time, quite frankly, in PR—driving more earned media, getting our experts in our threat response unit, in our operations teams, in marketing—to go out and talk about what we do and how we do it. We’re getting those stories published in tier 1 and tier 2 publications to get the word out in terms of what we do and how we do it.
Edward: How do you know if that's a good ROI, good-spent ROI in your spend? On the direct acquisition stuff, you can measure it. You can measure whether your click on paid search led to a lead, which led to a SQL, which led to an opportunity or a sale. But when you do that PR and the top-of-the-funnel stuff, how do you know you're not wasting your money?
Angela: We watch our share of voice, which as you know, identifies how many times we get the mentions and our share of voice. We're about 20 points ahead of any other competitor in the MDR space. We measure that.
Edward: Angela, a lot of companies that sell products like yours—these SaaS bit products to these SMB businesses—swear by account-based marketing, but you guys generally have not had a lot of success there. Why do you think so?
Angela: For account-based marketing, I'm not simply seeing the ROI at this point. I suspect that one reason is that we rolled it out to the entire sales force and then we declared victory.
Edward: You basically did what you're telling your clients not to do, which is don't just buy a software solution and check the box, and say you're done. That's what you guys did for ABM.
Angela: Exactly. Guilty as charged. ABM requires focused attention and alignment for marketing and sales. You've got to have the right targeted personas, you have to have the right content. We went too big, too fast. We rolled the program out to all of the sales without a real clear focus plan on, are these the right segments? Are these the right personas? Do we have the right content?
Sales reps get busy, especially, you get to the last month of the quarter, they're going to focus on closing those deals. They're not going to be focused on the ABM. They need marketing to help bring them along. What we've done is we've scaled back our efforts on ABM. We're now focused on one rep in one specific segment and she's totally bought into the ABM program.
What I believe we need is we've got to build a successful program. Let's start small. Let's build this program. Let's understand what we need to do to make it work, and then let's figure out how we roll it out more widely.
Edward: That makes a ton of sense. Figure out how to work at a small scale, and once you have it working, then scale it up, rather than trying to scale it up, and then figure it out after big.
Edward: Forty percent of your leads or your revenue come from these partner relationships. As a marketer, do you spend much time trying to help the partners sell more, like providing the partners themselves with tools?
Angela: Oh, absolutely. I have a field marketing team that is tightly aligned with our regional vice presidents in the field. Then also, we're aligned with our vice president of channels. We are working very closely to not only enable the channel partners. We think of our channel partners as an extension of our sales team. If we're going to go out and build content for the field sales reps, we think about, how is the channel going to use this? How do we create this in such a way that if we modify it at 2%, then any channel partner can use it? They can slap their logo on it and they can leverage it.
We also work with our channel leader to look at how we recruit more partners. How do we ensure that we're getting the right partners to continue to drive because the goal this year is to drive 50% of our bookings through the channel? We need to grow it by another 10%—really super tight alignment with the sales teams in the field, and with the channel sales team.
Edward: Angela, thank you so much for being on the show today. Before you go, tell me about your quake book and how it changed the way you think about the world.
Angela: Oh yeah, my quake book. I read this book a while back. It’s called A New Earth by Eckhart Tolle.
It was very eye-opening for me. His perspective is that we're so caught up with our ego and we allow ourselves to get caught up in our own thoughts. Our thoughts really are not reality. They're just our thoughts. He encourages you to focus on the present moment. The present moment is all we have. The past is gone, the future is not here yet. It's all about the present.
The other thing is to help me realize that we really have no idea what other people are really going through, especially now. We just need to be kind. Be kind to each other because we just don't know what people are actually dealing with in their own lives.
Edward: That's a great note to end on. Thank you so much, Angela.
Angela: Thank you, Ed.
Get on the email list at marketingbs.substack.com