I have a hate/love relationship with product vendors.

Throughout my career, I have tried hard to remain vendor-neutral and technology-neutral. Getting anywhere between 5 and 10 unsolicited vendor calls a day on a bad day is not going to make me suddenly jump and buy a product, or even look at it. Instead, it is interrupting what I am doing at the time, breaking my concentration, and probably lower my willingness to listen to you.

Yet, I do realize that many of the controls that we implement as information security professionals rely on technology, or even consist of it.

In the past, I have done work with log collection and analysis devices (primarily Cisco MARS), with network-based intrusion detection/prevention equipment (Juniper), or with host-based intrusion prevention (McAfee). I worked on laptop encryption (PointSec, Safeboot, PGP, etc.) and I play around with firewalls. I played around with encryption solution that protect data at rest (Vormetric CoreGuard), and with security devices that I cannot even remember.
It is simply a matter of reality: I need technology, and I need companies to sell it to me. Those companies need to make enough money to be able to continue product research and development.
I enjoy playing around with new technology.
I'll gladly look at whatever vendors have to offer, assess how it can benefit the organization that I happen to work for, or blog about it.
However, having said that, vendors also need to understand that my goal is not to keep them in business by purchasing products that I do not need.
Vendors: cold-calling does not work. Make a good product, advertise the product in a non-offensive way, provide it for free to people who can look at it, play with it, and write about it.
If your product is indeed as good as you hope it is, I will hear about it and contact you for more information.
However, when I do ask for more information, make sure you keep your customer relationship management up-to-date. Nothing puts me off as much as talking to one person and getting contact by two or three sales persons who are trying to sell the same product, offered by the same company.
Again, I understand that your sales staff probably has to meet their quota, but do not take that out on me. Treat me like a human being.
When I ask for information regarding a product, please put in the effort to answer my questions honestly and do not just send me a PDF and mention that all my questions are answered in it. More importantly, do no lie. I can read fairly well, and if your information is out there, I will have found it.
Sometimes I need to hear an explicit answer from you, even though I know what you are going to say.
Finally, when I ask for a price, please be forthcoming and do not stall (or worse, ignore my request). When I am ready to ask for price information, I will have a budget in place and serious plans to purchase and roll-out. However much you do not like it, price is a discriminating factor in product selection. In an ideal world, it would not be, but as we all know, the world is far from ideal.
The Rules

  1. Do not call me by phone. Send me an email instead and ask for contact. If you do it right, I will always respond to it, even if I may not take you up on your offer at that time.
  2. Do some account management. I want to deal with one person at a company for each product.
  3. Get back to me, just as you expect me to get back to you.
  4. Answer my questions truthfully and to the best of your abilities
  5. I am not good at dealing with sales people. Have a pre-sales engineer contact me and speak geek lingo.

Sorry for ranting, but I guess this last cold call just put me over my rant-threshold.