Understanding Cyber Vendor Dynamics

Introduction

My goal with this post isn't to analyze every vendor in the market – I would need a lot more time to achieve that! The goal is to provide a high level view of vendor realities to try and make some sense of it all. Entering a cyber vendor is a fun adventure but it does have its ups and downs, so I hope my experiences can help shed light on the vendor universe.

I've had the opportunity (and challenge) to work for seven vendors as a PMM practitioner for the past 11 years. This roller coaster ride includes twists and turns at Splunk (current gig), Cisco (acquiring Splunk so I'm heading back), VMware (now Broadcom), Siemplify (now Google), Secureworks (Dell), Optiv and Comodo. And with over 3,700 vendors in the industry, the seven vendors I worked for are obviously not representative of every product or service in the market.

I also won't be describing life inside any particular vendor I've worked for; I'll just share the key themes I've discovered from competing in various market segments. This experience gave me exposure to many of the key vendors in the industry in terms of market share and brand recognition. The day-in and day-out battle with many vendors to gain customer mind-share helped me learn the commonalities and differences between vendors.

It's really not that secretive

A good starting point for this vendor analysis is acknowledging that the cybersecurity industry doesn't really have too many secrets. You probably don't need me to analyze any specific vendor. It's actually very easy to figure out vendors in some ways. The first reason for this is that it is a very incestuous industry. For those of us "on the inside", we don't have to look far to find someone in the company that worked for a competitor. Likewise, we won't have to look far to find someone that is jumping ship to join a competitor. It's a revolving door scenario. As a result, most vendors are acutely aware of the SWOT analysis across their key competitors. The irony here is that there aren't many information secrets between information security vendors.

The other reality is that the same set of market analysts from the big analyst firms are speaking to each vendor regularly, collecting data and publishing reports that shine light on each vendor's SWOT analysis. While these don't share every little detail about every single vendor, they give good overviews of where the leading vendors stand. The information is available if your company has a license to the firms and reports covering your market, and you should consume these analyst reports. This to me is a foundational part of being a solid PMM – know your market.

The last reason for this openness is that firms are pretty loud about anything remotely close to a strength or differentiator. Just visit the vendor's website and you can pick up a ton of data and information about that vendor if desired. Or just follow their pages on LinkedIn, and you'll see key updates or launches or announcements. You can also take advantage of all the open source vendor information such as product demo videos, webinars, conference booths, financial disclosures, and other content that exists on vendor websites. There's a gold mine of information on vendors out there if you have the time to look for it – of course, if you're a Cyber PMM, you won't, but just know it's there :).

Vendor Commonalities

So what do vendors have in common? First, vendors in cybersecurity are driven by similar market forces and trends. The main driver across vendors is revenue and profitability, as expected, and everything else is built around that objective. All vendors are subject to similar budgets available for security buyers for certain product areas. Are you marketing an EDR product? Well, you will be up against an existing vendor that has already gained that wallet share, or competing with the leading EDR vendors for it. So all vendors have to face the same buyer realities.