Turning Customers Into Your Best Sales Team: Real-World CS Strategies

[00:00:00] Hey, it's Andrew here. Just quickly before we start the episode, I want to tell you about one of my favorite newsletters. It's called Strategy of Security. If you want to understand the companies, ideas and trends shaping cybersecurity and its submarkets, you should take a look. Cole Gromos runs the newsletter and he has spent the last 20 years in cybersecurity, including stints at PwC and Momentum Cyber, the investment bank dedicated to cybersecurity. Recent articles I'd like include,

[00:00:30] how could platformization work in cybersecurity where he talks about there being lots of single vendor platforms, but not a multi-estate platform. And also one called demystifying cybersecurity's public companies, where he explores the pure play ones and also hybrid companies, which are in cyber. He lists all of them and then breaks down the numbers in all sorts of different ways. Now, this is not a paid promotion. I just simply enjoy what Cole is publishing. Check it out at Strategy of Security.

[00:01:00] Strategy of Security.com. Now, on with this episode.

[00:01:12] Here we are still at the RSA Conference 2025 for a special episode of the Cybersecurity Go-To-Market Podcast, interviewing leaders at cybersecurity companies here at RSA. And we're with Brad Arnold, who is the Chief Customer Officer at Silent Push. Brad, welcome to the podcast. I appreciate it, Andrew. Thanks for having me. Do you have a packed schedule this week? Lots of exciting things going on?

[00:01:37] Yeah, it's really busy, which is great. It's always good to connect with previous colleagues, customers, you know, and partners especially. Now, does Silent Push do a booth or just meetings? How do you do that? We've got a meeting space just around the corner. Okay. It's a little more intimate. It allows us to get to know our customers' needs a little bit better than that, you know, crazy pavilion that everybody's in right now. I was there last night and it was loud and exciting. I went into this year's conference saying, I can't be cynical about things.

[00:02:06] I've got to look at the positive of everyone trying to stand out and get themselves known. So, I'm kind of approaching things a little bit differently this year. Yeah, absolutely. But it's definitely crazy in there, no doubt. Yeah. So, Brad, it's interesting. You're at Silent Push. Silent Push was started in 2020. You're the Chief Customer Officer. So, for a young company to have a senior leader and head of CS is not all that common. I'm kind of curious about what you walked into and what the importance is of making sure that investment's there.

[00:02:35] Yeah. Well, I mean, certainly we have a big focus on what our customers need, you know, and what they want. And having someone, you know, really focused on that and spending the time to kind of tease out the problems that they have, how to translate into the product, you know, is really important to Silent Push. You know, and it's kind of a second part to that. It's also working with the channel and the partners. So, it's really a relationship that we're building, you know, across the ecosystem.

[00:03:01] Yeah. I remember I talked to Tim Eads a couple of years ago. Tim is, he was the main partner, Cyber Mentor Fund. He's a multi-time founder as well. He was saying that if he was building a company, which he is actually right now, he would actually hire, before a salesperson, he'd hire a CS person. Because he wants that delighted customer to then make sales easier. He wants the rabid fan to be on board and working with the company.

[00:03:29] Right. Well, I mean, your best sales team ultimately can be your customers, you know, having them, you know, see what you can do for them, the problems you can solve, and then tell their peers, you know, just screams, you know, expertise, you know, and what we deliver. It's much easier that way than cold calling and coming in, you know, as a salesperson. Nobody really wants to talk to a salesperson. They'd rather talk to their peers and learn how they're solving problems, you know, as well.

[00:03:57] Yeah, for sure. I'm wondering what the biggest challenges are leading CS at a relatively immature company, relatively immature product as well. You mentioned feedback. I'm wondering what the biggest challenges are that you have to deal with day to day. Yeah, I think one of the biggest challenges that I have at Sound of Push is getting people to understand how we do things different. Okay.

[00:04:19] You know, we provide what we call indicators of future attack versus I'm sure everyone's heard of an IOC, you know, but that's a stale indicator. Somebody's already been attacked. And we come at this whole threat intelligence game from a totally different place. I mean, we're really looking to go left of boom. And that's actually the education process, I think, is really the challenge that I see more than anything.

[00:04:46] People are conditioned to the old way of doing business or consuming threat intelligence. And we look at it totally different. Right. So how do you do that then? So we actually map the Internet out on a daily basis, if not hourly. Look at all the DNS entries, all the IPs. And then that allows us to build, you know, a map of the Internet or a fingerprint, you know, of the bad guy's infrastructure.

[00:05:13] So with all of that info that we have, and it's all first party data, it's ours, we don't buy it. It lets us do special things. We can correlate the data in different ways, can create our own attribution. And it really gives us that ability to do the fingerprinting and show you what infrastructure is going to potentially attack you before it does. Thus, indicator of future attack versus a IOC, which inherently means you've already been attacked, you know. What's a good example of that?

[00:05:42] Is there something recently that one of your customers have experienced that you say there's how it really tangibly works for someone? Yeah, sure. Scattered spider is a big one, you know, out there right now, right? People are constantly combating that, you know. And with our algorithms and our data correlation, you know, we're able to see the infrastructure as it's being set up, if not before. Right? And, you know, in its simplest term, if our customers are taking our feeds and just go off, then they're protecting themselves.

[00:06:08] I mean, certainly there's a lot more they can do with the data and they can do hunting and various other things. But if you just were to block on the indicator's future attack, you know, you're much safer than you would be previously. And you said the education is a challenge. So what is it about that message that people don't kind of latch on to or struggle for them to get their head around? Yeah, I think mostly just people don't have time. Okay. You know, I mean, everyone is overwhelmed, especially in cybersecurity. They've got way too many things to look at.

[00:06:38] You know, they want the easy button. You know, everybody wants the easy button. We try to provide the easy button. But I think that's the biggest challenge is people having enough time to either learn a tool or a different method. And they don't actually want to spend the time doing that. They want to solve the problem, which is protect their business or, you know, their infrastructure. Time is the enemy more than anything. I'm thinking of trying to put myself in the shoes of one of your potential prospects, right?

[00:07:05] You know, for a lot of people, it's a case of prioritization. What do we actually work on? We're not short of things to work on. There's lots of problems to solve and things that we can actually go in and work on. And if you're telling me something may attack me, I wonder if that's a high priority as something that is happening to me right now. And maybe that's what they have to kind of think a little bit different. Well, I mean, there's senses of urgency, I suppose. But, you know, I'll give you a little bit of an analogy.

[00:07:29] You know, would you prefer to stop the bad guy two neighborhoods over from you or at the gates to your neighborhood? Or do you want to wait and deal with them after they've busted down your front door and they're sitting in your living room? Right. Right. So, you know, we certainly think being proactive, you know, is a much better way to approach it. And, you know, I get a kick on myself occasionally. I like to call it the crystal ball. You know, obviously it's an indicator of future attack. But, you know, if you could see the future, why would you not?

[00:07:56] You know, and that's what we try to bring, you know, to our customers. And do you advise them what to do with what you give them? Like they should do this, this and this to protect against it? Yeah. I mean, somewhat. Right. So, I mean, our main objective is to provide the data so that they can make sound decisions. We have a threat analyst team as well, you know, that curates some of that data and helps them make decisions, you know, if they would like. But, again, if we just go back to its simplest form, block on these indicators, right?

[00:08:26] Now, not everybody trusts to block on somebody else's, you know, indicators. So, they may do some intermediary work, you know, to make sure that they feel comfortable doing that. Or just use our data to enrich, you know, something that they're looking at. But that's, you know, it sounds so simple, but not everybody thinks about doing it. I mean, just block the bad stuff, right?

[00:08:51] One of the trends we've seen recently in the industry is on the sales side, there's more scrutiny by, let's call it finance. It's about, is this the right thing to invest in? Can we wait six months? Things like that, right? And often it comes down to some sort of value sell that has to go with it to keep the CFO or the CFO's team comfortable. Sure. I think of the CS side, are you involved in helping them realize the value that they're thinking about, helping them measure outcomes that you're getting from Silent Pitch?

[00:09:19] Yeah. It's the job, right? You know, I like to say my job is to make, you know, my customers' lives easier. And the way you do that is provide value. And you probably value by solving their problem. You don't actually provide value by another menu item with three more options and a checkbox, right? You know, you're trying to solve real-world problems. And to do that, we have to understand the business and our customers' problems.

[00:09:47] So we spend a lot of time in my group, you know, learning what problem you want to solve, you know, and then we help you do that. We don't necessarily tell you step by step how to solve the problem, but we give you the tools to get you there, you know, in a quick, efficient way. And I think a lot of people go wrong by providing a great tool or saying they're providing a tool, but that no one understands the value or the problem that's solved.

[00:10:13] So you also get into price discussions if you're all into feature functions. You know, my button's green, yours is blue. I like blue better. You know, that's really not a thing. If you're solving the problem, most people don't even care what the tool is. Yeah. You know, just want to solve that problem. What common metrics then do your customers look for to, you know? Yeah, so, you know, several. I mean, there's the traditional ones like, you know, how many support tickets do you get?

[00:10:38] You know, are things going well, you know, with your customers from a technical nature? But then a lot of our metrics are around the type of data that we have and how much of that data is consumed by the customers. How many indicators are they using? How many are they looking at? How many feeds do they create? How much data do they correlate? You know, it's really, the more they get immersed in the data, the more value we know, you know, we're providing. And how often do you meet with them to talk about?

[00:11:08] Yeah, so it varies, right? It's anywhere from every week, you know, to quarterly. And sometimes it's all of the above, right? So especially when we're doing initial onboarding, you know, it's a weekly cadence, right? They're getting to know us. We're getting to know them. You know, we're putting together project plans to make sure that we meet their objectives so that they see that value. And time to value is really important. Everybody wants instant gratification these days.

[00:11:34] Nobody wants to download a piece of software and wait for even a minute, right? You want it to instantly pop up. And it needs to be intuitive and you can get that value quickly. And that's a salt Middle East piece at the same time, right? Absolutely, right? So we spend a lot of time up front, you know, trying to make things really easy. Then it evolves, right? So sometimes we may still need to do weekly, you know, or biweekly cadence for some of the more advanced features of the product.

[00:12:03] But it shifts into more use cases and integrations. Well, of course, I believe Silent Push should be the hub of the universe, right? We have to work within the ecosystem of our customers. So there's a fairly lengthy integration discussion on how we fit into the workflow and seamlessly, you know, at that. And in the go-to-market team as a whole, does your team own the renewal and the upsell and things like that? Yeah, that's right.

[00:12:30] I mean, I have a, you know, somewhat unique role, I suppose. You know, it's not a pure customer success role, which is typically post-sale all the way through renewal. I also own the solutions engineering team inside of the company, right? So I have a really great view of kind of cradle to grave, you know, first touch of the customer when you're in that selling motion all the way to, you know, renewal and then continued renewal as well.

[00:12:56] You know, another thing that we've also done quite often in the past six, seven months is done multi-year deals up front. So the renewal doesn't come yearly in those cases, right? But we did a lot of work up front to set the stage as to why the value would be there for a multi-year deal.

[00:13:16] So those customers are, you know, very comfortable with us that even though we might be kind of a young company, you know, we bring a lot of value right out right off the bat, you know, they want to stick with us. And how comfortable is your team with being responsible for what they may perceive to be a sales thing? Well, you know, we're also not sales engineers. We're solutions engineers. So even back to our point of, you know, we're solving problems, right? We bring a solution, you know, we're not selling.

[00:13:43] You know, and certainly in that early stage of the sales engagement, you know, I pride myself on our team solving the problem, delivering the solution, you know, from a technical slant, but not selling, right? Yeah. If we can solve the problem and do it well and fast, then that sells itself, right? Then it kind of moves into maintenance or making sure you're happy. You know, I'm a simple guy. If you're happy, I'm happy. You know, you continue to renew.

[00:14:12] You work with me to improve the product. I want the product to work the way you would like it to work. And it's that easy button, you know, I mean, it'll always go back to the easy button. Is there an upsell yet in your model? Yeah, yeah, certainly. So there's a couple of ways. We have additional modules, so there could be additional intelligence that you might want to unlock. And then, you know, consumption of the information. So, you know, it's a consumption model that we have. So you sign on for X amount, you know, of information.

[00:14:42] And then if you get a lot of value, especially if we do integrations into various parts of your workflow, or we're in the SOC and the CTI team, maybe we're helping someone with IR, those are different avenues for additional upsell as well. Okay. What are you most excited about with the role of AI in customer success in your team? Where is it going to have a big impact for you? Yeah, you know, I guess I could ask ChatGPT to give you the appropriate answer,

[00:15:11] but, you know, or Gemini or any of the other tools, right? And it would give me a very lengthy one. Really two parts. There's certainly what we can do with it in the product itself, right? Which, again, just makes life easy and more intuitive. But from a CS standpoint, being able to deliver training, you know, to our customers,

[00:15:36] quick white papers, update some of the metrics on the usage that they're getting from the platform, ability to easily see parts of the platform maybe they're not taking advantage of. You know, AI is just really great at doing analysis and, in fact, finding things you may not have ever seen. So we use it in all of those ways. And I think it'll just continue to be a bigger part of CS.

[00:16:01] And even at some point, a lot of these things that we spend the time preparing and delivering as a part of our CS team, it could be on demand, you know, from the customer as well. You know, they just ask the question, hey, you know, what part of the product am I not taking advantage of? Or I have this problem. What do I do, right? So we're certainly moving in that direction as well. Yeah, it feels like there's a role there to help with the value realization from the prospect, from the customer side, right? To point out ways that this can hit.

[00:16:28] Yeah, I think you see it a lot in the products that, you know, and services that you buy today. It's more in plain English. You know, it does things the way you expect it to do, so to speak. You know, the ability to ask a question in English, you know, solve this problem for me. And then have, you know, something in the middle actually figure out which buttons to click and menus to go to. Nobody really wants to do that anymore.

[00:16:58] We're recording this in April 2025. What are you excited about for the rest of the year for Silent Gush? You know, the groundswell from the customers is awesome. You know, they're really interested and excited about us. We've started to, you know, meet similar or same companies over and over again at different events. You know, our name is out there. And I think the market as a whole, and, you know, I'm a bit flattered.

[00:17:22] It's shifting towards that left of boom, and everybody's really trying to do preemptive and proactive threat intelligence. Of course, they don't actually do it. They just stay on their website. But when I start to see, you know, the threat intelligence industry talk more about things that we do, you know, you're kind of validated and you're there. And I think that'll just really turn into, you know, not only sales for the company, but, you know, even better products for our customers.

[00:17:50] Left of boom is my big takeaway from our conversation today. Definitely left of boom, you know. So, Brad, when I look at the headcount graph for SoundPush, it's pretty impressive, right? You know, three, four years ago, you're along with like 15, 18 type people and it's grown steadily over time. It looks very responsible in terms of the investment you made. And in fact, in the last three or four months or so, it's gone from roughly 40 up to roughly 60. That seems like a really good pattern right there. Yeah. Yeah. Yeah. Absolutely.

[00:18:18] A lot of investment going into the product and into the customers and partners as well. So, you're seeing hiring kind of across the board. We've added quite a few threat analysts, which are, you know, really core to what we do. You know, not only do we have that great set of data, but having someone to interpret that data, you know, is also important. And our threat analysts do a great job staying on top of current threats, you know, and helping our customers understand how to use the SoundPush data, you know, to protect themselves. That's awesome.

[00:18:47] Well, Brad, thanks for joining us. It's been a pleasure chatting to you and I wish you and the team success for the rest of the year. Yeah. Thanks, Andrew. We're really looking forward to the rest of the year. We are back with Visionary or Smoking Crack. Introduce yourself. My name is Dave Howell. I'm the CMO at Legit Security. Dave, I am going to throw out some bold predictions about the future of sales and cybersecurity sales to you. And you tell me, am I a deep thinking, insightful visionary?

[00:19:15] Or did I inhale a little bit too deeply walking through the tenderloin on the way to the show this morning? Are you ready? I'm ready. All right. First one. By 2030, 80% of cybersecurity purchases under $100,000 will happen without a human seller or a human buyer. Just AI agents buying and selling. Am I visionary or am I smoking crack? I think you wander through the tenderloin. Is that a flat? No. Or let's say it's 50K was the limit. Would you go with that?

[00:19:44] I think that's getting close to visionary. I think it's coming down the road. I don't know if a five-year timeframe is where we would see it. It's so hard, right? Someone said five years, two years, 10 years. Who knows, right? All right. In five years, more CISOs will report to CFOs than to CIOs or CEOs. And sales will primarily be finance first, but then security second. Is that visionary or is that smoking crack?

[00:20:13] I hope it's smoking crack. But it sounds as though because you're pushing the CISO further away from the executive leadership team and you're burying them layers under. And I think that is a wrong approach. Yeah, could be. All right. Third one. In 10 years time, both the RSA conference and Black Hat will be dead, completely gone. Visionary or smoking crack? Wow. I'm going to give it visionary with a touch of crack.

[00:20:43] Tell me more. Well, I think that there will still be a hunger for places for professionals to gather. And I think the COVID experience showed us that even though it petered off for several years, it's come back strong. I find it hard to believe the shows will be gone entirely. They may be reimagined. They may look completely different than they do today. But I don't think they'll be gone entirely. I really like that reimagined.

[00:21:10] I feel like the format of conferences in general somehow needs to be a bit more modernized. It's very stale. And, you know, I've been in security and coming to RSA for probably 20 years. It does not feel materially different than it did 20 years ago. I feel that as well. So thank you for the validation. All right. Last one. Recently, Google announced they're acquiring Wiz. And some people in the industry called the combination G-Wiz.

[00:21:36] So within 12 months, the OT security company called Insane Cyber will buy the other OT security company called Century. And the combined company will be renamed to Insane Asylum. Am I visionary or am I smoking crack? You're absolutely a visionary. There's got to be done, right? Surely. I love it. All right, Dave. Thanks for joining us. Yeah. Thank you.

[00:22:12] It will mean a lot to me and to the continued growth of the show if you'd help get the word at. So how do you do that easily? There are two ways. Firstly, just simply send a link to a friend. Send a link to the show, to this episode. You can email it, text it, Slack it, whatever works for you and is easy for you. The second way is to leave a super quick rating. And sometimes that can seem complicated. So I've made it as easy for you as I can.

[00:22:39] You simply have to go to ratethispodcast.com slash cyber. That's ratethispodcast.com slash cyber. And it explains exactly how to do it. Either of these ways will take you less than 30 seconds to do and it will mean the world to me. So thank you.