If you’re a regular reader of the Sorenson Security Playbook Series, you know that we like to analyze and share go-to-market techniques that the best security software startups use to grow quickly and efficiently. In this edition, we look at how companies buy enterprise software and its impact on startup sales strategies and tactics.
First, we’ll discuss common roles in the enterprise purchase group. Then, we’ll review various ways you can influence corporate buying dynamics to increase sales velocity and win rates. We also provide real-world examples so you can see the techniques that high-performing startups use to support rapid growth and efficient sales processes.
Why Understanding Your Customer Matters
Having a deep understanding of customer buying behavior and purchase group dynamics is especially important in today’s tight funding environment. Startups are in a race to get market traction. Yet we often see early-stage security companies struggling to educate unqualified customers and navigate through complex customer buying processes without making progress towards closing deals. If you don’t know your sales targets and why they are buying your products, your company jeopardizes its ability to tightly focus on your best-fit customers and its chances for long-term success.
What’s inarguable is that as enterprise software has become more complex, pervasive, and expensive, the number of people involved in software buying decisions has grown dramatically. Today, almost every enterprise software purchase depends on the collective work of a buying group, which can range in size from 5 to 14 members and represent many different roles.
The Three Who’s
In its simplest form, however, and to illustrate the point, an enterprise buying group typically consists of three different roles. At Sorenson Capital, we like to call them The Three Who’s of enterprise security sales.
The first “who” is the “user” or “champion.” In the security space, users are technical experts who understand what’s required to keep company systems safe and functioning properly. They are looking for security software that solves daily problems by automating manual, error-prone processes; improving threat visibility and oversight; and increasing throughput and productivity. Users typically have roles such as security analysts, engineers, developers, and testers.
The second “who” is the “economic buyer.””. Economic buyers are functional executives like CISOs, VPs Engineering, or CFOs—the people who control security software and technology budgets. Generally, economic buyers aren’t day-to-day users and don’t care as much about product features, functionality, and experience. Instead, they prioritize price, payment timing and terms, and vendor consolidation over improved product experience, among other financial aspects of the product.
The final “who” in the company buying group is “procurement.””. Unlike “users” and “economic buyers”, procurement is often incentivized by how much money they don’t spend. Ironically, and despite their title, procurement teams are rewarded for saving money or not buying. That’s why we often see procurement officers step in at the last moment to block purchases or use stall tactics and delays as a way to wring discounts out of startup vendors and improve terms.
Aligning the Who’s
Each of these “who’s,” or key purchase group roles, has their own specific objectives or agenda in the buying process. The startup’s job is to figure out how to use their products and selling processes as mechanisms to facilitate alignment across the group, expedite buying decisions, and, ultimately, ensure customer success with your product.
One of the biggest issues we notice in the enterprise software buying process is users or champions struggling to get agreement and convince colleagues to support a purchase decision. Potential users can see how software improves their own lives, but they can’t always translate a product’s value into benefits that resonate with their buying group colleagues who likely have different objectives. See the sidebar for ways to support your champion.
Importantly, high-performing startups avoid overshadowing their champions. They know the key customer stakeholders are the heroes in every software purchase story. The startup’s job is to provide support in the background; use their expertise and experience to help their champions guide their colleagues and internal processes; and only step into the primary role when necessary or appropriate.
GTM success requires a deep understanding of the companies you’re trying to reach. Customers can’t simply be painted with broad strokes. Organizations, and their enterprise software purchasing teams, are comprised of different people and roles, each with their own incentives, objectives, and ways of communicating.
Early-stage companies that don’t understand who’s involved in the buying process, and what makes those potential customers tick, will struggle to get market momentum, jeopardizing their chances for long-term success.
Real-World Examples
CyCognito’s Proof of Value (POV) Approach
Sorenson Capital portfolio company CyCognito is an AI-powered exposure management startup that identifies and prioritizes customer vulnerabilities from an attacker’s external perspective using agentless technology. When CyCognito talked to early-adopter customers, they realized their agentless approach was not only a selling point for security analyst users. It could also be used to expedite customer purchase decisions.
As a result, the company developed a POV (Proof of Value) playbook that quickly demonstrated benefits that matched each key stakeholder’s objectives: reduced effort for the security analysts (users); improved security posture and operations for the CISO (economic buyer); and lowered total cost of ownership for procurement.
CyCognito set a goal of making their POV effortless for customers. The startup only required two things from their prospects. They insisted that the CISO, or economic buyer, had to:
- Sign off on the scope of work
- Commit to moving forward with a pre-negotiated licensing agreement upon POV success
The company’s GTM approach has been successful in contributing to CyCognito’s consistent growth.
Talon’s Secure Enterprise Browser Had Something for Everyone
Talon, a Sorenson portfolio company that developed a secure enterprise browser, provides another good example for developing an effective go-to-market playbook. They started by identifying a high-demand first use case where their secure browser could replace outdated and increasingly vulnerable Citrix and VMWare virtual desktop technology in the enterprise.
Next, their GTM team spent time with target customers validating pain and urgency with the IT product owners who would serve as their internal champions. The company confirmed benefits–reduced desktop management effort and costs; improved security; and improved end user experience for current and future use cases–with the key stakeholders, including the CFO (economic buyer) and procurement group. After developing a comprehensive understanding for what appealed to each role, they tailored messaging and materials to show how their product could meet the needs of the three who’s.
Similar to CyCognito, Talon’s product and go-to-market approach aligned the purchase group and facilitated customer purchase processes. It was so successful that Palo Alto Networks ultimately acquired Talon for $625 million in November 2023, just two years after the company’s founding.
NetRise Improves Transparency across the Software Supply Chain
Finally, let’s look at NetRise, an Austin-based Sorenson Capital portfolio company that helps both software vendors and customers maintain security by providing a comprehensive ability to catalog and search all components inside their software systems and devices, including firmware.
Prior to NetRise, security teams had to manually contact vendors and search devices for harmful components when reacting to high-risk vulnerabilities. Now companies can use NetRise to automatically track every software component and create a complete and continuously updated SBOM (software bill of materials), including associated vulnerabilities, across their entire organization.
Security engineers (users) love NetRise because it not only gives them visibility into software vulnerabilities and risks, it helps transform security engineers from perceived progress blockers into supporters of more rapid application and device development. CISOs (economic buyers) appreciate reduced system-wide risk and improved transparency. And procurement likes the ability to comply with new federal regulations and customer transparency requirements.
With messaging designed to appeal to each of the three who’s, NetRise has been able to accelerate revenue growth, increase sales efficiency and create repeatability within its beachhead market.