Brickyard Cyber Exchange
Back to Blog
July 8, 2025

Marketing and Selling Cybersecurity Services

If you’re only talking about preventing breaches, you’re not speaking the language of buyers.

Not Just about Stopping the Bad Guys

I often get the chance to speak with students, and whenever I do I ask them why they think companies would purchase cybersecurity services and invest in compliance certifications. Inevitably, the students shout out answers such as “protecting data” and “preventing hacks.” And sure, these are valid reasons that will come up in business. But I can almost guarantee that no budget request has ever gotten approved with these types of justifications.

The same applies to how cybersecurity services are marketed and sold. The language of loss can be powerful, but on its own it lacks teeth as you move away from the front-line defenders up to management.

Investments in cybersecurity must be translated into the language used at the level of those that control budgets. Namely, how do we grow revenue, increase efficiency, reduce the risk of loss events occurring, and allow the business to make more certain decisions in the midst of uncertainty.

Tie Your Services to Corporate Objectives

If you’re marketing your services or engaged in a sales conversation, surface level benefits of your solution won’t cut it. You must align your services to high-level corporate objectives, as in the examples below.

  • Growing revenue:
    • Alignment to GDPR could allow for expansion into EU markets.
    • For early stage companies, a SOC 2 report quickly becomes table stakes to close deals.
    • HITRUST may allow a company to expand their business into hospitals, health plan administrators, and other healthcare organizations.
  • Reducing spend:
    • Automating evidence collection could save several days’ worth of engineering time spent in walkthroughs and providing screenshots.
    • Consolidating multiple audits into a single audit period can cut audit costs by significant amounts.
    • Using a third party to implement a compliance framework may be cheaper than hiring a full time employee, especially when factoring in training plans, promotion paths, and other employee costs.
  • Minimizing risk:
    • If a company recently experienced a loss event that a penetration test or red team may have prevented, these services could easily curtail a future event.
    • If a company in your client’s industry was recently breached, this could also drive urgency for your client to increase their security posture.

Understanding the Return on Investment

You won't be able to determine the actual dollar figure of the ROI for your services by yourself. Instead, you'll need to work with an individual at the company to understand what your service will actually be worth. Coach this person on how to navigate their own business and gather the relevant information. The best people to help you through this process are those that have something to gain personally from working with you - commonly referred to as a champion in sales parlance.

Look for individuals that are looking to advance in their careers, are looking to make their boss look good, or seem eager to take ownership of a project that will have positive effects on the company. Your champion can prove to be a very valuable resource as you look to understand the ROI of your services.

Specific information that will help you better understand the potential ROI includes:

  • The specific pain they are experiencing due to not having your services, such as contracts that have fallen through or wasted engineering time.
  • The quantifiable metrics associated with the pain, such as the dollar value of lost sales or number of hours of wasted engineering time.
  • How long the pain has existed and how they have previously attempted to mitigate it.
  • The criteria that will be factored into making a final decision. It’s important to note that, unless your buyer is very knowledgeable about the industry, they will likely need help understanding how providers differ. This is your chance to highlight your differentiators and get them added as key decision criteria for the customer.

By understanding the quantifiable pain the company is facing, you will be able to craft a much more compelling business case for your services. Your ultimate goal is to create a win-win-win for you, your champion, and their company by aligning their specific needs and your champion’s personal goals with the services you offer and your unique differentiators.

Not every prospect will be your perfect client, and that's okay. Perhaps they need somebody on-site for long periods at a time in a way that your family situation doesn’t support. Or maybe they need experience with specific frameworks or in a specific industry. It's completely fair to draw parallels between your experience and their specific needs, and it's always important to validate if the criteria they stated are indeed the final criteria. But at the end of the day, trying to fit a square peg in a round hole will just leave everyone wanting.

Speak to the Business

To sell to the people that write checks, you have to speak like them too. No executive wants just another sales person interrupting their day in an attempt to solve a problem. They want a partner that clearly understands their business and the value that your solution could bring. Treat your sales process like a dress rehearsal of your actual engagement. Bring your client some new insight into their business that they hadn’t considered before. Show that you understand and care and you’ll not only have more success in selling, but you’ll end up delivering higher quality work. This is what will separate you from the crowd.