Chief Technology Officer demonstrates how to understand buyer behavior to accomplish a product to market fit.

Brad Hibbert - Chief Technology Officer - BeyondTrust CTO

I recently interviewed Brad Hibbert, a product development leader who knows how to enable revenue growth by developing products aligned with buyer behavior. Today’s topic is focused on how to understand buyer behavior to accomplish a product to market fit. Brad and I answered questions from the How to Make Your Number in 2018  WorkbookFlip to the Product Strategy section and access emerging best practices in the Buyer Behavior phase starting on page 120. 


Making the number can be tough at times for sales and marketing leaders. It’s even harder when you don’t have a partner in the product team that’s giving you products that people want to buy. If you’re interested to learn more about how product development and sales can work better together to make your number, this show is for you.


It’s no coincidence that success has followed our featured guest who leads the product development team that has powered the technology success story, BeyondTrust. Furthermore, I’ve seen firsthand how today’s guest interlocks with functional peers and sales, and marketing to achieve the corporate goals.


Today’s topic is a demonstration of how to understand buyer behavior to accomplish a product to market fit. Joining us for this demonstration is Brad Hibbert, the Chief Technology Officer for BeyondTrust.  In the world we live in today, all organizations struggle with protecting their technology environments from external attackers or insiders misusing or abusing the privileges. Brad and his team built a platform that enables companies to have proactive ways to reduce the attack surface across assets through Privileged Account Management and Vulnerability Management.


Brad is uniquely qualified to demonstrate how to understand buyer to accomplish a product-to-market fit. I have seen first-hand how Brad interlocks with sales and marketing to provide products that customers can’t live without. Brad and I dive deep into the process for understanding buyer behavior to establish a strong product-to-market fit. 


Why this topic? Revenue growth will disappoint if your products do not address an urgent problem of a specific buyer that he or she is willing to pay to fix. And your product must do this better than the alternatives. Sometimes product leaders build products that produce customer benefits that don’t address the buyer’s evaluation criteria. This results in poor win rates, wasted resources and poor revenue performance. 


I have included the full transcript of my conversation with Brad, or if you prefer, Watch the full interview through an HD Video.


Let’s jump into my first question here, which is a 30,000-foot question, but I want to make sure that we’re sequentially going through these questions and we’re educating the audience as much as possible. What buyer problems are you trying to solve at BeyondTrust? 


If you look at the products that we have. As you mentioned in the cybersecurity space we have two product families. One is more on the asset risk side. So, the vulnerability management space. The other is more on the privilege management space. Really the problems we’re trying to solve is to help people get ahead of the curve with respect to protecting their environments. 


From a benefits perspective, we help people reduce that attack surface, to improve security. Achieve compliance, which is important. If they’ve got an audit finding or something similar, they must prove to the auditors that they’re doing the right things with respect to management. We need to drive operational efficiency into the environment. A lot of organizations that implement technologies from a security perspective, has a negative impact on operations, so you want to overcome that. Then lastly, we want to provide a viability and control so that they can mitigate these risks on a go-forward basis. 


Very good, very crisp answer. Well-articulated set of problems that you solve for customers, which is really step one when you think about coming to market with products that people want to buy, which is obviously very important if you’re going to try to grow revenue faster than your industry and your competitors. 


All right, let me go to the second question which is, in terms of buyer behaviors, what buyer behaviors are you observing that provide evidence that the problems you just articulated to us exist? 


I’ll answer in a couple of ways. You have a very unique approach to the market. As I mentioned we have these two product families really to provide visibility across that threat spectrum, from outsiders to the insiders. One product family focused on vulnerability management, the other on privileged account management. 


Within each of those product families we have specific modules and those modules are designed to solve specific challenges. We kind of call them use cases that would solve the problem for the customers. In the vulnerability space, that’s traditionally been more around the … sort of in the sweet spot of security teams, right? Typically, we have the security buyer would be buying those products for a broader solution or a broader visibility across their environment. 


The challenges that we see, again, they struggle with just keeping up with the sheer number of vulnerabilities that they need to manage. You get this onslaught of information coming and you must understand a few things. One is that they have visibility over all the risk and two is when they get all that data coming, and have they prioritized, and made sure they’re doing the right things in the right order to mitigate that risk that’s going to have the biggest impact on their business. 


From a behavior perspective, we’re seeing on the vulnerability side a lot of organizations now trying to extend visibility of their solutions beyond the traditional assets. You talk about Cloud, you talk about mobile, you talk about sort of Cloud-deployed investments, and so on. Then I start to infuse the data stream with more context so they can make better decisions quicker. Behavior analytics, strong intelligence, strong reporting, those sorts of things. 


Those are typically the things that we talk to our customers about and that we see. We see that evidence of course with discussions we have with analysts, with the advisory boards that we have. We’re always out talking to customers. We get a lot of feedback mechanisms to kind of drive that product direction. 


From that perspective, what we’ve seen is really organizations taking a step back. Thy started to realize like vulnerability. Privilege account management is a requirement. It’s a critical security layer within their multilayered security program, if you will, but because it’s new to the security teams it’s less mature in a lot of organizations. 


We’re starting to see the demand from security teams to implement these products. While they do have a broad demand, so they must solve a number of use cases, they typically can’t consume or absorb all that technology at once, right? We can’t get in there and talk about, “Hey, we can do these broad things with you with our platform.” What they’re looking for is very specific solutions for their specific challenges at hand. That’s what we need to do when we go in and we talk to customers, is to solve those specific challenges that they have with those specific modules that we have, that snap into that platform. 


Then, once we kind of do that and show them that we can solve those specific pains, and maybe it’s around password management, around third-party vendor access. Maybe it’s around securing their Cloud environment for DevOps, or something like that, so we understand those use cases. Once we prove to them that we can solve those problems, we can earn the right to have those broader discussion with our customers about the platform value and the corporate value, but they’re certainly, I think from a behavior perspective, they’re certainly focused on those problems at hand. We need to listen to our customers and address those before we start to start having these broader conversations. 


You’re clearly listening to the market, which is fantastic. That takes me to my last question in this segment here which is, what benefits of your product or solutions do your customers actually buy on? 


We have these portfolios, multiple products, multiple modules that snap into this architecture, that can feed into this analytics engine. Each module has different benefits, right, because they’re solving different use cases, but at a high level, sort of the 30,000-foot level, I think what they’re really looking for is to tighten security, right? So, shrinking those attack surfaces, shrinking those exposures. It could be reducing privileges, it could be better password management. It’s really shrinking the attack surface and risk that they have in the environment. 


The other thing that they look for is being able to achieve compliance. So, show the auditors that they have the tracking mechanisms, the audit capability, the depth of auditing that they’re looking for with some of these mandates that are coming out. The third thing I think the benefit that they buy is, our design is non-intrusive. You can’t put more burden on the operations teams than they already have today. You must have solutions that are non-intrusive and you have to go through that with their customer and the POC to show them how you can solve those problems, and be an enabler for operations, and not a barrier. 


The other area is, if someone does get in, having the data, the analytics, and the reporting so they can very quickly respond. That is, detecting and containing the breach with dynamic access control. At a high level those are kind of the module-level benefits that our customers buy on and we show those benefits with the feature sets that we have with each of the modules in the markets that they compete. Then, on top of that of course you get the platform story. We have the broadest most, I think, solution set out there.


I want to make sure the audience understood what we were just talking about there. We’ve got a product leader with us this morning and we’re talking about growing revenue. That often requires strategic alignment between the product team, the marketing team, and the sales team. 


I’ve seen a lot of marketing organizations and sales teams who fail to deliver, not because they’re not doing their job, but maybe because their product leader isn’t giving them the thing that they need to be successful. That’s clearly not the case here with Brad. He could tell us the problems that he’s solving for his customers. He could tell us and point to specific evidence that proved that those problems existed. He and his team aren’t just building cool things to build, they’re building things that people want and that are going to be in demand. 


He was clearly able to tell us the evaluation criteria or the benefits, or the features that the clients make purchase decisions against. Those are all woven into his product strategy, which downstream makes the life of marketing leaders and sales leaders much, much easier. I just wanted to summarize all that for everybody. 


Brad, cyber security’s a huge field. People are dealing with threats, there’s all kinds of problems that you could go after and yet you’ve been able to determine which problems you’re going to solve and which ones you’re not, and you’ve been able to prioritize, which is a really hard thing to do. How do you decide which buyer problems are worth solving?  


A lot of that comes down to discipline, as you mentioned, making sure they have alignment with the rest of the business and with your customers. I think that we have all the financial models and stuff in place. We’re over $100 million software company. We have over 4,000 customers globally, so we have lots of ways that we can collect data and get validation. 


I think with all these models and so on, I think from a 30,000-foot level again, I think just three gates that we typically go through. One is to make sure that we have the expertise, right? Is it in our wheelhouse? We know what we do. We know what we do well. If it’s vulnerability management or privilege account management, we’ve been doing it for decades, right? Two healthy markets, two growing markets. We have lots of things that we can do within these markets to continue to drive value for our customer base. 


The second thing that we look at is alignment and it’s not just alignment with in cooperation. It’s synergy on top of the investments you’ve already made in the products, right? That’s one area, but it’s also alignment with our sales teams when sell to the same buyer. It’s not just about having multiple products that we can sell, but can these products be use and can they be integrated, and create synergy, and value for our customers, and kind of mildly stack, if you will. 


We must make sure it also is synergistic with our partners and then of course, we get feedback from our customers to make sure that it makes sense for us to do this as an organization. I think expertise is certainly an area, alignment is the other area and then execution risk is probably the third area. We’re very, I think, verbose with our customers when it comes to our roadmaps and all the stakeholders. We tell people what we’re going to do. We think that strategy, having the idea is one thing, but it’s discipline and execution that kind of puts you ahead of the pack. We share a lot of information with our sales team, with our field team, engineers, with our customers, partners, and so on. 


When we look at doing other things we must take a look at A, can we execute against that and how does it impact the current and existing commitments that we’ve made to all those stakeholders to make sure that we have agreement across the board. Again, we backed it up with all the financial models and tax rates and so on that we have through our programs, and analytics. 


My next line of questioning I need to set up just a little bit and that is, if you think about some of the classic product management, product marketing frameworks, maybe like from the guys at Pragmatic Marketing. They’ve taught us that you want to go after problems that are urgent, right? We want to sell painkillers, not vitamins, right? You want to go after problems that are pervasive. It can’t be one-offs happening with a handful of customers.  This problem must be felt by a large group and, most importantly, the customer must be willing to pay to fix the problem. 


You just described for us your gating process, which I thought was fantastic. I think many of our listeners might not be doing it as well as you are, so that would be good education for them. When you think about the gating process with those three additional elements, you also must ask a question as, are the buyers already investing time, energy, and money to solve this problem? Therefore, what are we going to do to get them to shift what they’re doing today to solving the problem with us? It’s like trying to get them from their comfort zone or their status quo to doing something differently. The question we always must ask ourselves is not only why change, but why change now? How do you think about your product strategy in the competitive context? 


At a high level, you think about these two security layers that organizations need to implement. From a cybersecurity and a risk perspective it’s always do you do nothing? Do you accept the risk? Do you shield the risk or do some level of protection? And so on. There’s different levels of investment that a customer’s willing to make and from a security perspective a lot of the time they will have some things in place, right? They’ll be using manual processes. If it’s spreadsheets and stuff to manage passwords for example, they’ll be using that or some basic patching. They’ll be using native tools in a lot of cases. In some cases, they’re using some point solutions, right? We must be conscious of all those capabilities. 


I think the way that we differentiate and the way that I organize my team is to be very, again, disciplined, and focused when we’re focusing on specific buyers. For example, with my development team what I have, is I have development teams that are targeted towards a specific segment. Maybe that’s password management, that could be privilege management for UNIX/Linux, that could be privilege management for Windows. In that I have a development team, I have a product manager, who’s mandated with having the best degree of product in that market category, as well as an entire development and support team that kind of goes with that. We know we must go head to head against those competitors and we must have the feature sets that address those particular areas. So, that’s one area. 


As those teams are kind of building out the best agreed solutions and I think that again, we do that today. We also must try to push them over the edge. What’s the cost of migrating off those existing products? Tighter security proven through clients and all those things come into play. Also, the customers aren’t looking for point solutions anymore, right? They realize that these are very inefficient, they’re disjointed. What they’re looking for is more security layers that kind of integrate these capabilities together to give them that broader sense of visibility and control. 


With my product teams, not only do I have them working on best of breed [inaudible product modules for that market segment, I also have them looking at ways that they can add value up the chain to the platform, and also across the chain into the other product modules that we provide so that as that buyer goes through his buyer journey, if you will, or through his adoption cycle, and they want to continue to expand their use case coverage to take on more challenges, it’s a natural fit to kind of continue with us. Not only is it to kind of get that product with the value to the platform, but the synergy between the products removes the barriers for our sales teams, it improves the value they get out of the, not only the second investment, but the original investment that they made with us as well. We kind of go up that value chain, if you will, from a benefits perspective. 


Brad, my next question for you is how do you test for product market fit, not only at a macro level, but also in the individual sub markets? 


We have all sorts of processes again and we track a lot of data with our systems that kind of give us the details. In general, I think for me it’s straightforward. We have the gates that we go through. Again, I think the first gate is communication. We must communicate to our customers kind of what we’re doing and to the sales teams what we’re doing. 


When I say communicate, it’s not just broadcasting your message, right? It’s listening. It’s getting the feedback. It’s getting the feedback from all the stakeholders, right? Everybody from the sales team, from the partners that are out there, from the customers themselves. We have an advisory board. We talk to analysts. My product team’s always out in front of customers gathering this feedback. 


We also, interestingly enough, have ways that we gather feedback almost instantaneously from the sales team. As they go onsite and collect data, they inject that into sales force, and then we get alerts on interesting things that they’ve seen in front of customers. It’s getting out there and communicating. We’re very open with the communications and what we’re looking to do with our road maps with our customers. 


The second thing is having flexibility. You must be able to adjust. We have these road maps that we’ve put in place that we want to execute against, but we’re flexible. If we see that the market shift’s changing, or priorities shifting, or demands from customers with a theme that’ll positively impact the broader customers base that we have, then we need to take effect to that. We must refine that, refine the road maps, and then communicate those changes, and validate those changes back out with all those stakeholders again. 


Then lastly, we must execute. Once we have those plans, once we’ve gone out and we’ve talked to customers, we’ve validated that, we’ve got all the feedback from the different constituents, then we need to execute. I think from a BeyondTrust perspective that’s one area that we excel. We have a very strong development and delivery capability. Just like you must earn the right to have those broader conversations with customers, we must earn the right to build that confidence with our sales teams and with our partners, and with our customers, that we deliver what we say we’re going to deliver. I think all those three things at a high level are gates that we go through. Again, we have very detailed checks and balances along the way with our systems to verify a lot of these pieces. 


As a lot of software companies, are moving into the cloud or have moved into the cloud, this allows them to pay attention to usage of certain features in a product, as an example. Sometimes they use that information with the sales team to proactively manage the adoption lifecycle of a customer to make sure that we get the renewal, make sure we hold onto the client. Maybe it’s also this type of information is used to present to the sales and marketing team various cross-sell and upsell opportunities. Do you guys have the ability to track feature usage and if so, what do you do with the information? 


Yes, we do. It’s not just the usage of the product, we really try to take a step back and understand the adoption cycle of the product. For example, if it’s privilege, how does a typical buyer absorb these types of technologies? What do they typically focus on first? What use cases do they focus on first? We do that by vertical and we’ll do that by customer size as well, right? Maybe for customers they start with password management, maybe it’s third party vendor access. Once they kind of mature that piece to their security program, what is it that they go to next? Is it, they go to secure their servers? Is it their cloud environment? Is it their desktop? We track a lot of that information and pull that back into our systems. 


Then what we do is we arm our sales team, right? When they’re out talking to customers, they can talk in a more intelligent way about how we can help them mature and progress their adoption of these security programs, right? Sales and marketing, you hit it right on the head. So, with sales and marketing we can also go back to our base, do campaigns to talk about how we can take them to the next leg of maturity. We do email blasts, webinars, educational webinars tailored towards certain verticals, so we can kind of guide them through that adoption phase, if you will. 


We certainly track a lot of that information and use that not only with developing the products themselves because it allows us to understand where we want to put more of our investment, but also helps us get in alignment with our partners and marketing, and sales teams as well. 




For the audience, this is a great example on how to align marketing, sales, and product. What do I mean by that? Take this concept of the adoption life cycle, okay? Let’s just say that you’re in a business that depends on getting repeat purchases or recurring revenue from your customer base and you’re a sales organization that deploys a land, and expand strategy. You land maybe in a department, maybe with a point solution, and your goal is to expand, and move them along the maturity curve of the adoption life cycle. 


Wouldn’t it be great if the product team was on your hip with you saying, “Okay? Here’s your territory, Mr. Sales Leader, and here’s how your accounts are segmented based on the adoption life cycle? Therefore, for segment X, Y, Z, you should go talk to them about products four and nine because other people like them that were at that point in the adoption life cycle bought these products. Here are the benefits of doing that. It’s the next logical investment along the way.” 


That’s what a great product leader like Brad can do for a sales and marketing organization, and how it makes selling and marketing, i.e. making your number, that much easier. Just a great example of aligning product, marketing, and sales. Brad, unfortunately we’re out of time, but on behalf of my audience, you contributed a lot to our kind of body of knowledge here. I learned a lot of things today. I know you’re super busy. I really appreciate you being generous with your time and giving back to our kind of collective community. Thanks for being on the show. 


Have expectations gone up and left you wondering if you have the right marketing strategy to support the new revenue growth goals? Here is an interactive tool that will help you understand if you have a chance at success. Take the Revenue Growth Diagnostic test and rate your Marketing Strategy against SBI’s emerging best practices to find out if:


  • Your revenue goal is realistic
  • You will earn your bonus
  • You will keep your job


Sales Revenue Growth