How To Sell Complex Cyber Security Solutions and Packages

How To Sell Complex Cyber Security Solutions and Packages

This post was originally posted on Linkedin by our co-founder Eli Migdal here.

The era of simple threats and simple solutions is way gone, its not Virus and Antivirus anymore.


I am going to focus my article on the Microsoft EMS5 (Standalone or packages with 365 E5) package because I think it illustrates best the level of sale process complexity and simultaneously the huge value if you “get it right”.

Firstly – and it’s a big one – don’t approach the sales process from the “which components the solutions have” perspective.

EMS E5 for example has the following components:

  1. Azure Active Directory Premium (Premium 2)
  2. Microsoft Intune
  3. Azure Information Protection (Premium 2)
  4. Microsoft Cloud App Security
  5. Microsoft Advanced Threat Analytics
  6. Azure Advanced threat protection ( Microsoft ATP)
  7. Microsoft Secure Score

As an IT Manager, a CISO , a CIO, or a Consultant you need to know in detail all the components and their exact functionality and inner connectivity, but your clients, your board members or decision makers, (in most cases) won’t know and won’t WANT to know.


You need to approach this from the – “What are the THREATS to the organisation and how does the solution mitigate the threat” perspective


The current cyber security landscape becomes so complex, so quickly, it’s unlikely your clients or board members will be fully focused on “catching up on cyber” or cyber solutions (this is your job! Not theirs.)

A good single, short example of this is looking at what happens in a single process with the EMS E5 package (not going into all details).


  1. An email with an office attachment is sent from an external source
  2. Exchange EOP (ATP) scans the email and checks the attachment in a “sandbox” as well as the email information in their reputation database.
  3. The user is logging in to check his email from home, via his laptop. The Azure Active Directory Premium and Intune makes sure that this specific user has rights to open the email, from that specific computer, from that specific location with that specific email client
  4. The user decides to edit the attached file, the content of the file is being scanned by the Azure Information client on the computer for sensitive information.
  5. The user saves the file on OneDrive and the ATP is scanning the file for sensitive labels and information and makes sure the file status meets the policies
  6. The user is sharing the file with an external colleague, ATP is making sure that the file is allowed to be shared, based also on the content and sensitivity level.
  7. The procedure is being reported to the Advanced Threat Analytics that searches for any problematic patterns and combines all activities from all over

This is one single procedure! I honestly don’t expect my clients to understand the full process. During a sales process its just too complex to dive into, and it even has a negative value in the sales process because you are diving into deep “techy waters” with usually non “techy people”


We need to make it simple and quantifiable instead of trying to make non-experts into experts for the sake of demonstrating value.


You don’t focus on the solution’s components and what they do, you focus on the threat, for example a “Data Breach/Leakage”.


First you need to quantify what is “Cost of threat to the company”


Once you quantified the threat cost, you need to quantify the mitigation level (Solution Contribution in “Boardish Language” )


Your Clients and Board members need to understand the size of the Threat and how much the solution you are proposing is contributing to mitigation.


During a sales process, its all about the finding the best solution or package of solutions to mitigate (reduce the threat size) of your biggest threats.


Each company has different threats , it cant be “generic”, it must be “company specific”


Going back to the Microsoft EMS E5 example, how to sell it, You sell it via the threats it helps to mitigate, for example – What is the Efficiency, TPF ( Threat protection factor in Boardish Language) of EMS E5 against Data Leakage:



If Data Leakage is the biggest threat to your company, and there is a solution that helps to mitigate it by 80%… it becomes a much simpler sales process, a much simpler decision for your client or board


To summarise:


With cyber threats being so vast and complicated and the solutions are even more complicated, its VERY HARD to sell cyber security. We need to change our approach.

  1. Don’t approach it from the “Solution side” or even worst from the “solution components” side.
  2. Approach it from the threat impact on the company and which solutions mitigates it best.
  3. Quantify! – Your clients/board members are not “Cyber Experts” (this is your job), You need to quantify cyber threats and solutions into non cyber language, I invented for EXACTLY this!

Eli Migdal.

Quicker IT & CYBER Budget Approvals

When technology meets 'bottom line'. There's Boardish.

Get the pragmatic guide to cyber risk quantification