Do BDRs (gasp!) have better data than CISOs?!

I am a career BDR (Business Development Representative) and I know there can be a love/hate relationship between business development folks and security professionals, but the hate part can usually be traced to poor automated email, phone, and LinkedIn habits more than anything else. In at least one way, we may be more alike than you’d care to admit …

CISOs & BDRs HAVE THE SAME CHALLENGE - tons of data and insights from a thick toolset, living in silos, often without context.

Security operations have become incredibly data intensive (so_much_data) The estimate from Microsoft & Palo Alto Networks (slide 103) is that large enterprises have an average of 75 tools that generate security insights - YIKES! Even at half or a third of that number we are talking a firehose of security data! Skeptical? Here is an alphabet soup reminder: EDR, SCA, SAST, DAST, IAST, ASPM, CSMP, vulnerability scanners, CWP, container scanner, IaC, WAF, API Security…. 

But guess who else was drowning in data? BDRs! 

Just like you - in recent years our landscape, our real estate, exploded, driven by trends such as online shopping/research, social media, mobile marketing, digital events, web chats and the like. If you are a visual person: our world; your world. (I know, I know, security folks aren’t link clickers (!) so here are snapshots - we truly had it worse.

We were suddenly drowning in data from sources like: 

• Web and web chat visitors with valuable metadata
• Web forms - people who filled out “Schedule a Demo/Contact Me”
• Cookie data - visitors who clicked “I Accept” 
• Reverse IP lookup data
• Event/tradeshow data - those booth scans you all regret after the show
• Gated content - people who registered for downloadable content/reports
• Webinars - run in-house or hosted 3rd party
• Blog impressions and subscribers
• Email engagement - bounces, clicks, opens, unsubscribes
• SEM (Search Engine Marketing) and programmatic - aka the ads that follow you
• Marketing intent data - services that monitor popular sights to collect intent signal
• Content syndication data
• Lists of target companies with data about employee size, industry, location & technographics 
• List of target PEOPLE - CISOs, VP of Security, Security Architects, Security Analysts, Application Security
• Granular 3P data (like you may get from your scanner) - SEM, bot data, etc.

Tons of information, insights, alerts and ‘signal’ about marketing activities should make our job easier right? 

Nope, not if it is stuck in a silo and you can’t make sense of it! For example, someone who fills out a “Schedule a Demo'' request form on the website is considered a ‘high value action’ and is automatically tagged as a ‘hot’ lead. Well maybe not, when you discover this ‘hot lead’ listed their email as ‘gus@chickenking.com, and their title as El Jefe & company name as “Los Pollos Hermanos” (!) In security terms this would be a big, fat, FALSE POSITIVE where the BDR stopped other activities to investigate. (Le sigh!) 

BDRs totally understand the security team's tool fatigue & 'context switching’ pain! Flipping from dashboard to dashboard to gather context about an alert. There is No Way in H3LL that I am logging into 5-6 different dashboards or worse, multiple dashboards PLUS 3-4 spreadsheets! 

We all want less noise & more context, correlation, clarity and prioritization.

The way that BDR/Marketing teams have solved for the data deluge is to have a ‘system of record, a source of truth’. It is the foundation of our operation: the CRM. (there are many CRMs..but, Salesforce , I ♥️ you) You may be thinking of a SIEM right now… but our system cannot be endless metadata or log data that requires a special query language or skill. It has to be context rich and correlated from all the data sources in your stack so that you can actually influence business outcomes. I cannot get an alert from my CRM and then have to log back into 3 other tools to get more info. This takes precious time away from doing what actually matters – finding the right prospects that will derive the most value out of our solutions.  

If I am hoping to catch your attention Ms./Mr. CISO - I SINGLE CLICK one record in my CRM and all of the contextualized, consented data about you is on one screen. In one view I can immediately see if you have: Opened or clicked any emails? Been to a sponsored or channel partner event? Downloaded anything from our website? Use a certain type of tech? Part of an industry consortium? Use one of my competitors' platforms? One more click and I see the same data from your entire organization - it is powerful. 

I imagine your rapid fire questions are: Deduplication? Hell yes! Custom weighting? You bet! RBAC? Duh! Data normalization? Yepper! Custom reporting? Dashboards? Trending? Yes, yes, and yes. Board_level_reporting? Si, Oui, Ja!

Democratize your data: Security teams should treat their security tools/platforms as data FEEDS to one unified source-of-truth platform, rather than using so.many.dashboards. 

Harness the power of your beautiful security stack to improve every program or workflow.

I am lucky, my entire career has been spent at AMAZING startups (a post for another day), this is why joining Avalor Security, a Zscaler Company earlier this year was literally THRILLING. Avalor’s Data Fabric for Security™ solves the same data overload pain for security teams that a CRM does for BDRs. Our platform makes sense of the deluge of insights generated by siloed tools – resulting in a single source of truth for all of your security data that is organized and enriched. This is a game changer for vulnerability management, security reporting, and threat visibility. It’s incredible to see how much more effectively our customers can manage risk with a prioritized view of all weaknesses (vulnerabilities/misconfigs/bugs/user risk/logic flaws, etc.) enriched with asset data, business context, and threat intelligence.

If I couldn’t aggregate and slice/dice data the way my CRM allows me to, my job would be a lot more toiling and a lot less rewarding (security analysts I feel you!)  Most of my past companies were contributors to the security data problem. At Avalor I get to SOLVE the security data problem!

P.S. You may also be thinking of building a security data lake... My advice here is to go back in time to see how many companies TRIED to build their own CRM first. It was a lot and it was painful because A. they weren’t in the business of building CRMs, B. maintaining that $h1t is a bear and C. connectors… you also have to maintain the critical pieces of software or API connections or build your own - ouch.

Curious to learn more about Avalor as a security data source of truth? Ping me at wendy.wallman@avalor.io  Avalor Security, a Zscaler Company