How I Sell

CISO

healthcare

Pain Points

• —Constant compliance audit pressure
• —Legacy identity systems are expensive to maintain
• —Security incidents and breaches

Buying Triggers

• →HIPAA compliance audit
• →Security incident

How I Message

Focus on compliance and risk reduction. Position as strategic partner for security and compliance, not just vendor. Use case studies from similar healthcare organizations. Emphasize cost savings through consolidation and reduced security incidents. Speak their language: compliance, risk, security posture.

CISO / VP of Security

healthcare

Pain Points

• —Legacy MFA friction drives shadow IT and workarounds
• —Board pressure intensifies after every high-profile healthcare breach
• —Compliance deadlines arrive without corresponding budget increases

Buying Triggers

• →Failed security audit or audit finding requiring immediate remediation
• →Active breach attempt or credential stuffing incident

How I Message

Lead with compliance outcomes, not product features. Show HIPAA and FedRAMP audit results from peer healthcare organizations. Quantify the cost of a credential-based breach ($9.8M average in healthcare) versus the cost of phishing-resistant MFA deployment. Reference FIDO2 as the CISA-recommended standard — positions the solution as the "safe choice" for a risk-averse buyer. Avoid technical jargon; present in board-reportable language.

VP of IT

Pain Points

• —Legacy systems are difficult to maintain
• —User complaints about login complexity
• —IT support tickets for password resets

Buying Triggers

• →Digital transformation initiative
• →New application integration needs

How I Message

Focus on user experience and operational efficiency. Position as enabler for digital transformation. Emphasize ease of integration and reduced IT support burden. Use technical demonstrations and proof-of-concepts.

IT Director / IAM Architect

Pain Points

• —Too many identity tools that don't talk to each other cleanly
• —Password reset volume consumes 20–30% of helpdesk capacity
• —Legacy Active Directory and on-prem SSO slowing cloud migration

Buying Triggers

• →M&A requiring rapid identity consolidation across two orgs
• →Cloud migration surfacing authentication gaps that on-prem masked

How I Message

Lead with operational outcomes: fewer tickets, faster onboarding, simpler architecture. Show a before/after of identity stack complexity. Reference integrations with the tools they already run (Okta, Azure AD, CrowdStrike). Quantify helpdesk hours saved. For M&A scenarios, emphasize speed of identity consolidation as a deal-close blocker — every week of fragmented identity is a week of productivity loss and risk.

Compliance Officer / Procurement Lead

government

Pain Points

• —Long procurement cycles (12–18 months) that outlast the urgency that triggered them
• —ATO documentation burden falls on an understaffed team
• —Vendors promise FedRAMP authorization but the actual ATO hasn't landed

Buying Triggers

• →Contract renewal opening a window to evaluate the incumbent
• →New CMMC or FedRAMP mandate from agency leadership

How I Message

Speak in controls language — map product capabilities directly to framework requirements (NIST 800-63, FedRAMP controls, CMMC practices). Provide audit-ready documentation: SSP excerpts, control mapping matrices, ATO letters from comparable agencies. Make procurement easy: GSA Schedule availability, pre-negotiated BAAs, STIG documentation. The goal is to make this buyer's job easier, not to sell them something — they'll close themselves once the compliance boxes are checked.

VP of Sales / Revenue Operations

technology

Pain Points

• —Enterprise prospects requiring SOC 2 evidence before signing
• —Sales team sharing credentials to work around MFA friction on mobile
• —Security incidents tied to compromised sales rep accounts (Salesforce, Outreach)

Buying Triggers

• →Enterprise prospect requires SOC 2 Type II or security questionnaire response
• →Sales account compromised — rep credentials stolen or used in SIM swap

How I Message

Frame security as a revenue enabler, not a cost center. Show how SOC 2 Type II removes security from the objections list on enterprise deals. Reference peer companies in their segment that closed larger deals after achieving the certification. For mobile-first sales teams, emphasize passkeys on iPhone and Android — no hardware required. Make the business case in terms of ARR at risk versus cost of prevention.