Opinion & Maverick · ABM & Demand Gen · ICP & Account Strategy
The CISO is on every cybersecurity startup's ICP slide and almost none of its closed deals. The economic buyer usually sits two layers down, the champion feels a pain the CISO never touches, and the demand gen built to reach the corner office spends real money courting a buyer who cannot say yes. Build for the person who owns the budget line and the pain, not the title everyone recognizes.
Opinion & Maverick | ABM & Demand Gen · ICP & Account Strategy | 8 min read
Part One
Recognizable is not the same as decisive.
Walk into any cybersecurity startup's go-to-market plan and you will find the same persona at the center of it. The CISO. The CISO guide, the CISO dinner, the CISO roundtable, the CISO-themed webinar, and the outbound sequence addressed to the CISO. It is the title everyone in the company recognizes, so it becomes the title everyone builds for.
The problem is that recognizable and decisive are not the same thing. The CISO is the most visible person in the security org and, in most enterprise deals, one of the least involved in choosing your product. The programs aimed at that office spend real money courting a buyer who, more often than not, cannot say yes.
The CISO is rarely the economic buyer, and almost never the champion. When your demand gen is built to reach the corner office, you are investing at the wrong altitude, at the wrong time, against a buyer with no budget line and no daily pain.
Part Two
Approver and risk owner, rarely evaluator, almost never champion.
At a 300-person company, the CISO might own the budget, write the requirements, and sit in the demo. At a global enterprise, those are three different people, and the CISO is none of them. The larger the organization, the wider the gap between the title and the work, and the more that gap defines your deal.
An enterprise CISO governs risk, owns the board narrative, and manages a portfolio of dozens of vendors and competing priorities. They are not in your product on a Tuesday afternoon. They do not run your proof of value. By the time a category reaches their desk, the shortlist is usually set, the requirements were written by people they trust, and their job is to approve it, fund the politics, or kill it on risk grounds.
A CISO can veto your deal in a sentence. They will almost never originate it. Treating the approver as the buyer is how a program generates attention and no pipeline.
Part Three
Second and third line, inside the function that owns the pain.
Follow the budget, not the top of the org chart. For most security categories, the line item sits with a director or senior manager who owns that specific domain: a Director of Detection and Response, a Head of Security Operations, a Manager of Threat Detection, or a Detection Engineering lead. They own the headcount, the tooling decisions inside their function, and the renewal you will eventually depend on.
This is the person who can say, in one conversation, that they have budget and they want what you sell. They do not need to convene a committee to express intent. They feel the pain your product addresses because they manage the team living inside it every shift. When your programs reach this person, interest converts into evaluation. When they reach the office two layers up, interest converts into a polite forward that goes nowhere.
Part Four
Four roles decide your deal. The CISO is one seat, and usually the last one.
Stop targeting a title and start mapping a committee. Enterprise security purchases are decided by a handful of roles long before the CISO signs anything. Name them for your specific category and deal size, then build for the ones who move the deal forward.
| 4 Distinct roles decide an enterprise security purchase before the CISO ever approves it. | 1 Technical champion a deal needs to survive procurement. Zero champions, zero close. | 0 Product evaluations the average enterprise CISO personally runs. |
The second or third line manager who owns the line item and the renewal. This is your economic buyer. Everything about your program should be designed to reach, equip, and convince this person first.
Sometimes the budget owner, sometimes one rung above. The person who chooses among the shortlist. Know whether these two roles are the same in your target accounts, because the answer changes how high you aim and how much air cover your champion needs.
The person who feels the broadest pain and benefits most from solving it: a detection engineer, a SOC lead, or a threat hunter. They run your proof of value, build the internal case, and carry your product through the rooms you will never sit in. No champion, no deal. This is the relationship your content and community should be built to create.
The adjacent leads who shape requirements and hold a quiet veto: red team, detection engineering, cyber threat intelligence, and the SOC. They are not the buyer, but they color every requirement on the evaluation scorecard. Speak to their concerns early, or watch them sink you late.
The CISO is one seat on this committee, and usually the last one to engage. Their role is approval and the risk story, not discovery. Build for the seats that come first.
Part Five
Vanity pipeline, then the wrong conclusion.
Here is what wrong-buyer demand gen actually produces. The CISO programs look healthy on a dashboard. Senior titles register. Webinars fill. Open rates climb. It reads like demand. Then the leads stall in stage two, because nobody who engaged owns a budget line or feels the pain, and a senior title that cannot fund or evaluate your product is not a buyer. It is a flattering data point.
The dangerous part is the conclusion. The team sees pipeline that will not convert, decides demand gen does not work, cuts the budget, and doubles down on outbound to the same CISOs. The channel takes the blame. The targeting was the problem all along.
|
Before — The CISO play
CISO
A gated "CISO's guide." A CISO dinner. A CISO-themed webinar. The list fills with senior titles who will never run a proof of value. Engagement looks strong on the dashboard. Pipeline does not move, because nobody on the list owns the budget or feels the pain. |
After — The budget-owner play
Detection lead
A technical teardown for the detection team. A proof of value that shows hours saved per analyst, per shift. A one-pager the budget owner can forward to procurement. The champion builds the internal case, and the CISO approves a deal that was already won below them. |
Same budget, same channels, different buyer. One program courts a title. The other arms the people who actually run the evaluation and sign the renewal.
Part Six
Then let the CISO approve a deal that is already sold.
Map the committee for your category and deal size before you build a single program. Point the content, the events, the community, and the outbound at the budget owner and the technical champion. Give the champion artifacts they can forward, a proof of value that shows time saved per analyst per shift, and a one-pager that survives the trip to procurement. Speak to the influencers' requirements so you are not vetoed on a technicality. Reserve CISO-level material for the moment it matters: the risk, compliance, and board story that closes an approval, not the discovery that opens a deal.
And build targeting that scales with the motion. The map that works for a 300-person prospect breaks the minute you move upmarket, because the roles spread across more people and more layers. Targeting that does not scale with deal size is targeting that fails exactly when the deals get big enough to matter.
Build for the buyer who can say yes, equip the champion who will fight for you, and let the CISO approve a deal that was already sold two layers below them. That is the difference between a program that generates attention and one that generates revenue.
Aterous builds go-to-market programs for cybersecurity and AI startups that target the buyers who actually move deals, not just the titles that look good on a slide. If your pipeline is full of senior engagement that never converts, the targeting is usually the place to start.
Book a discovery call