There are many parallels to a salesperson and a hacker when looking at interactions with organizations and computers. First, let’s start with some terms to make sure conceptually we are on the same page. A “Hacker” can be defined in several ways:
- Hacker (computer security) someone who seeks and exploits weaknesses in a computer system or computer network
- Hacker (hobbyist), who makes innovative customizations or combinations of retail electronic and computer equipment
- Hacker (programmer subculture), who combines excellence, playfulness, cleverness and exploration in performed activities
We are seeing the term used in more casual ways over time, so for this discussion let’s use the first definition with a dash of the third definition for easy comparison.
A salesperson acts in much the same way as a computer hacker. They exploit a weakness in a company or individual in order to gain opportunities and money. Now this may sound rather harsh, especially coming from me; however, the reality isn’t that far off and it isn’t always a bad thing.
Layers of security
Phone trees and receptionists are the Firewalls of companies and first line of defense. These are designed to let known traffic into the company and keep out everything else. Receptionist are highly effective at vetting inbound calls or visits. If you are not a known entity or do not have a specific name (pronounced correctly) they will either reject you outright or put you in a DMZ (perpetual voicemail). Methods to hack this initial security is to use social media networks to gain the right contact’s information (password), or engage with the receptionist directly. Get their name and understand their personality. If they will not direct you to your ultimate contact call back and address them by name as if they should know you. Spoofing familiarity will often drop their defenses and pass you on to the right person.
Once you do reach the right contact, the more subtle layers of security present themselves. These are often used in a machine-gun-fashion similar to antivirus software.
- I don’t have a need right now.
- I don’t have time right now.
- I already have a vendor.
- We aren’t that big.
- No budget.
Addressing each of these with Matrix-like agility becomes second nature but require patience and some more social hacking to get through. The first step is to convince the person you aren’t a threat. Empathize with them, get the alarm bells to stop blaring so you both have an opportunity to talk. If in fact this is a bad time, work with their schedule, find a time when other problems aren’t triggering their defenses. Understand what they are specifically reacting to and offer solutions, even no-cost solutions. This will help ensure they understand you are there for no malicious reasons. Once you have established that you are safe, you can move on to the last layer of security.
The final level of protection is often the most powerful and complex intrusion prevention solution (IPS). Even if you have breached the other defenses and proven you aren’t a threat, this last defense can often trip up the most prepared. This is the CFO. They are an isolated system with their own objectives. Oftentimes, above everything else, they eliminate all threats to their bottom line without regard to the wants of other departments. There is an alphabet soup of key terms they respond to, such as
Understanding their motivations and long-term goals are often the only ways to communicate with this subsystem. It is essentially programmed in a different language to ensure the protection of the company. However, if you can communicate with the CFO in their own language, you can often demonstrate the most value to the company. This helps show long-term vision and an understanding of their long-term goals. Not only will your solutions solve immediate problems or needs, but will have an overall benefit to the company’s bottom line.
It shouldn’t be surprising that we built our organizations and systems with a similar model. Companies have been referred to a “Machine” for years, so being able to draw a parallel to a salesperson and a hacker isn’t much of a surprise. In complex organizations and systems, we use layered security to protect our assets and both hackers and sales people must exploit weaknesses in the system to gain entry. Whether it is for good or evil is subjective, but the net strategy remains the same.