Hello, everybody, and welcome to What's the problem, the show that explores problems that folks in the world of cyber security face today.
Today, we are fortunate to have Graham Smith joining us.
Mike Krass: Grahams, say hello to the listeners.
Graham Smith: Hello, listeners. It’s nice to be here. Thanks for having me, Mike.
Mike Krass: Graham, tell the listeners why you are qualified to talk about security.
Graham Smith: I've been in the security field for about three and a half years now with IBM came straight out of college to IBM and had a bit of a production background. There's a media production, visual media, and graphic design. I also had a minor in computer science. I have always had a passion for technology and wanted to see how it could be a bit more hands-on and client-facing because I like that from my side, working production and interviews with clients. I decided to move with IBM out of college and have been here for about three and a half years in the security portfolio and really enjoyed it. It's been a lot of fun. It's been very fulfilling work, and it's been top of mine in the last ten years. I feel like cybersecurity is everything everyone is talking about in the cross-industry, so it's a good place. It's a place that I think is good for my future and enjoying it.
Mike Krass: Awesome. Well, Graham, we always go from question one to question two. Question two is to name a problem in the world of cyber security, and I'm not sure that we're here to talk about a problem, but just a topic of discussion in cybersecurity. Graham went directly from college to work for IBM within a cybersecurity portfolio of products and services, which feeds nicely. And to give you a good segue of talking about a problem, how do you take somebody straight out of college and turn them into an active proficient knowledgeable cybersecurity practitioner, salesperson, or operator. What's going on?
Graham Smith: Yeah. That's a great question, Mike. I was a more technical computer science communications major in the department. I worked with a computer science coding background and production major doing my internships at production studios in Washington, DC. No real formal business training, objective handling, or client-facing sales presentation outside of my experience with the production side of my professional career. So, going into IBM, I was a little bit nervous. I knew many people are coming into the IBM training program and the professional hire with MBAs with full business backgrounds, five-year programs, six-year programs, etc. It was an intimidating environment coming in.
I think that IBM does a very good job of going through the interview process candidly and straightforwardly. And seeing what your experiences were or your interest in, whether it's more of a sales side or more technical side, that's the first rung where they decide where you will be placed and aligned with your skill set and interests. I was more on the technical side but wanted to go down the sales path because I liked being client-facing, being on the front end of communications, and managing relationships from previous roles. I decided to go down the sales track, and the way that IBM does it is very interesting. It is very ahead of its time and unique. It's a six-month master's and crash course in business and their portfolios. Not just the sales process, how to objection handle, how to be agile within meetings with customers, and how to present solutions. But also a full rundown of everything that IBM sells, including mainframes, hardware security, software automation, AI, software as a service, or hardware. You can think of even some middleware still in their portfolio.
It was very interesting that they put it all on the table right out of the gate. Once they gave us our offers, they grouped us up into classes, and geographical hubs across the country, which was cool for camaraderie and competitiveness. It was really good to see the peers around you who were capable of working on a group project with them when you were in your local hub. I was placed in the Dallas hub, moved straight from the University of Alabama to Dallas, stayed down south, and am a Virginia boy born and raised. It was nice to get some of that outwest feeling. It was nice to be in a different geographical hub, and they do a good job of that as a whole. It sounded like my peers from across the country when we met, whether at an IBM building or a business partner meeting. When I would meet my peers from across the country that I was teamed with, it seemed like they were all placed in geographical hubs that weren't necessarily their hometowns. Everyone's getting a new field for a new city was also very interesting.
Mike Krass: Graham, if I could jump in here, I just want to make sure that I understand this correctly, I say, the way that this training program works is it's a six-month program, and you're not given a book of business during the six months, right? You're not allowed to touch actual clients. Is that correct? Or are you selling the clients during the program?
Graham Smith: That is correct, Mike. You're paired up in your teams and your geographical hubs during the six months. Thank you for stopping me there. I think it would be better to frame this up before diving into specifics. Once you're hired, they split you into different teams across the country. Depending on the hub, you can choose your preferred hub, but there are about ten hubs for each hub: Atlanta, Dallas, Boston, Washington, DC, and Chicago. And when you are in your hub across the country, you're not doing any client-facing worth work. You're just learning the portfolio, working on group projects for standing delivers for management, and getting a feel for IBM.
You have a hub manager in each of the cities, depending on where you're located, and that hub manager helps you figure out what you want to do and where you want to be after you're done with your six-month training program. But every two weeks, you're traveling around the country meeting up with the other 4050 peers from around the country, the different hubs that one of the IBM locations or a business partner location to do in-person training that changed during COVID. They probably had a little more remote work and over-the-air sessions as far as WebEx and zoom. But back when I did it in 2018, we were fully in person, and that was a really fun experience. That was something where it is more of a grad school-type deal. You're meeting people and talking about where you're from, but also working in a collaborative manner with them to make sure you're getting these projects and assignments done by the due dates and presenting them to someone management as well. So I think that IBM did a fantastic job by bringing us together and teaching us their portfolio. But also, like you said, turning 22 to 23 years old, straight out of college into an experienced client-facing seller. Some of the things that they did outside of just portfolio work were putting us into groups with three or four other peers and having us prepare a solution demonstration like a whiteboarding exercise. A computer technology demo was one of them, and putting us in a room with three or four peers that would grade our presentation while we presented to a 45- 50 year sales bet. So that was very intimidating going in, but just getting that experience of getting that stress out and being in an environment and being able to let your peers critique you and how you performed was something that I never experienced. And what prepared me the most out of the entire program was going through and being put in those under-pressure situations. So I think that was one of the biggest things for me.
Mike Krass: Yeah, let's talk about six months. You're not going to sell to any customers. You don't get a book yet. You need to learn our products, software to service, hardware, middleware, and artificial intelligence. So we're going to teach you a whole portfolio of products, and I'm assuming that the way that IBM does a cybersecurity sales training program is that we're not going to let you get out in the market and misrepresent us or our products or services. That's probably the ultimate goal in the security space, and we can hire 22-year-olds who are very sharp, motivated, and driven, and we will teach you what to say. But you don't get to see it until we tell you ready.
Graham Smith: That's exactly right. They put you through the wringer and ensure your stuff before getting slated into a position where you will be client-facing. They also have performance scales throughout. Depending on how well you do in some of those role-playing sales, bets calls, and business partner agile exercises, you get an end scale grade to how well you did throughout the six-month program. And that contributes to where you're slated in your next role. They make sure they do their due diligence in defining who can go in front of a client and making sure that they're ready to, in fact, represent the company in an actual business scenario.
Mike Krass: Once you think you get released in a month, seven, eight, and nine months, we started talking to clients like do you feel ready?
Graham Smith: I did. I think going into the program. I was a little intimidated. I had only come from a media production coding background before and didn't know what to expect. But after six months, I was prepared. I was fired up even to get going. They threw me right into a security annuity role where I managed renewals and looked for expansion and net new opportunities within expansion and renewal. And that was something I enjoyed, getting my feet wet within the portfolio and working directly with clients. I was lucky enough to get put into security across various fields and industries in which IBM plays a role. And that’s where I wanted to go into the program, so I was very excited about that. And from that annuity role, I got my feet wet within the portfolio and figured out this is where I want to be. This is something that I can be successful at and is where I feel fulfilled and able to manage relationships, and I feel much more prepared than I did six months ago because of this program.
I would have to say that, at the end of it, many people also feel that way. There are a lot of people that feel ready to go ready to get after it. I think that was the overall feeling when we had our graduation day in Armonk, New York, everyone was excited to hit the ground running, and that's one of the things they did well. It was building morale for the company throughout the training program, not just a matter of practicality and business etiquette that was the main focus, but building the morale around the company and ensuring everyone was fired up about Big Blue and the mission. At the time, we had just gotten a new CEO, so that was a big message going forward: that we're trying to change a lot of our go-to business and go-to-market strategy. They did a great job ensuring everyone was on board with the company's message and spreading it to our clients. So outside of just the practical business aspect that we've talked about and making sure they're ready to go client-facing, they did a fantastic job of building company appreciation and respect for the program and our leaders bringing the messages down the chain.
Mike Krass: When we talk about this six-month training program, IBM has the ability to execute something like this, just based on the maturity of the business and product portfolio. A 50-person security startup probably will not hire many salespeople and then give them 180 days to learn everything and sell because they're markedly different businesses. Some of our listeners, especially on the leadership side, say, “Well, I'd love to have 180 days for all my new sales hires and for them to learn everything.”Because in growing security or growth-stage business, 5500–7000 employees like salespeople come in. As you mentioned, they're learning and often selling in a renewal role. That's usually less than a dangerous position to put a new salesperson in because they've already purchased. You're not trying to get them to the signature for the first time. You're just trying to display the value of the investment and get the renewal. But when I think about it, many listeners here will say, “Well, man, I'd love 180 days for all my salespeople to get started.” I look at it the other way, and I'll pose a question to you, regardless of whether it's IBM, or Security Corp, A, B, C, and R, a company I just invented. Do you think six months is enough? If you could design the perfect length program, would you go longer? Would you go longer and deeper to prepare salespeople? Was the world your oyster?
Graham Smith: That's a great question. Six months was the perfect time for what I was looking for. By the fifth or sixth month, I was ready to get into my role and start putting what I learned into action. The annuity role is a great entry-level position, and that’s what I was expecting out of this training program. It helped me figure out how to operate within clients' wheelhouse and ensure that I was managing back-end entitlements, things like small-end stuff. But I think six months was probably just the right amount of time. If you go more than that, it may be something where people are starting to lose interest and want to try to apply what they're learning. That's at least how I felt and may have just been the overall morale boost they gave us through the IBM program. But I was fired up to get ready to sell around the beginning of month five. It's always important to have a mentor, regardless of whether you have the resources or the scale company-wide for these training programs. Outside of these programs, or even inside of these training programs, if you have the ability to do them or not, finding somebody who you see as successful in your eyes, and somewhere that you would like to be in somewhere that holds himself with the regard and character that you would like to see yourself interacting with people in the same manner. One of my biggest things was finding those people within IBM throughout my first six months. It’s not just going through the ropes and making sure that I was checking boxes, but forming relationships, reaching out and figuring out who's doing what within this company, who I want to be partnered with, and someone that I respect their opinion and how they maneuver throughout this company. It's different. As you said, at each company, the scale is something that matters a lot. It's definitely within IBM is 650,000 person company somewhere where there are many people to maneuver around. And I think it's really good to have these mentors early on. It was one of the biggest things for me, and I've found those within the first two months of that six-month training program. So that was very helpful to me. But I'm back to your original question. I think six months is plenty for me, and beyond that, people start to figure, “ Oh, well, I'm just in school again.” That was a constant feeling from my peers. Once we got to that six months ago, it started to feel like school, and I wanted to start interacting with clients. So to your question, six months was great.
Mike Krass: Final question about training, cybersecurity sales, and marketing training programs. Did you get feedback from folks in the market, whether they were prospects or existing accounts? I'm curious. Without sharing anything, obviously confidential or sensitive, did you or any of your peers get feedback like, "You've handled my renewal well.” It could be something as simple as that. I'm trying to put myself in the cybersecurity buyers' shoes. I've heard all about IBM. IBM sounds great, and we're ready to get tattoos and do the whole thing.
I want to know what the buyers were thinking and if you or your peers got any feedback. It wouldn't be directly attributed to the programs, and they probably wouldn't tell you, “Graham, I'm so glad you went through six months of training at the IBM corporate headquarters in Dallas.” That's not the feedback I'm talking about, write feedback is more about the experience. It could have been something as simple as that was easy. I don't know how long you've been doing this, but you made it easy for me to renew like you had your stuff together.
Graham Smith: Oh, yeah. I'll tell you a couple of instances, a personal story, and then touch on what you just said about the annuity rolling and facing clients straight out of the program. I was very successful there. I had a very strong renewal rate, hit all my targets, and didn't have any hiccups with clients at all.
My first year was very successful in that role. I felt very prepared. My managers saw that the training we've been put through greatly benefited them as far as having us on their team and going through that program. And also, once we moved out and COVID happened, I was looking for a new role internally, trying to move back home to Washington, DC. I was still down in Dallas, year two in the company, and reaching out and searching for roles within security on the East Coast, whether it was Boston, New York, or DC. I’m just trying to make my way back home. Everyone I talked to and referenced the summit program, the six-month training I went to, was immediately more interested. From an internal perspective, everyone knew what the program was, and it was barely highly touted. It was a very difficult program, and I struggled through it. There were times when I was put up against challenges where I didn't think that I would be able to succeed. And with the collaboration of others and reaching out to mentors, I could get through it and be successful. And many people recognize that not just internally but also when you're throwing your resume around internally, you're also throwing your resume around externally. This was a year and a half ago, a long time ago. But back when I was throwing my resume around, many other IT companies knew about the summit program. So it wasn't just internal regard for the program but externally, with some of the consultants we partnered with, our business partner resellers, and other IT vendors applied across the spectrum. And I would say about 75% of the people I spoke to externally knew what the summit program was, which added a little bolster to my resume. So, through and through, I thought it was a very rigorous program. I thought it helped me, and my client role reflected internally with some prestige as well as externally. It was probably the best thing for me as far as a business career and making that shift between industries. It was exactly what I needed.
Mike Krass: Awesome. We're done talking about training, no more training discussion. Today, we are going to transition to our final question. Each episode wishes. Graham. Tell us about a terrible haircut you've had at some point.
Graham Smith: Oh my god, man. That's a great question. I have a couple of stories here. Once, I was with my brothers and went to our normal haircut spot here in Alexandria. I have two younger brothers, and we've been getting our hair cut at the same place, the family barber, for about 15 years. I went there one day, and the woman who usually cuts our hair was out. She was on vacation with her family in the Outer Banks, and her niece was cutting her hair. And she had been through beauty school and let us know that. She's been training for a long time, and we'd seen her around the parlor several times. We were familiar with her, like, “Why not let you give us some haircuts.” And I was the bold enough brother to go first, and I asked for a simple haircut, shears on the side of a little longer on top. I just got the military chop, like slipping out of there. I never really use gel in my hair to let it go natural unless I'm at a formal event or something. So this was the hair you had to put gel in, or it just looked ridiculous. I wore gel every day, which I was not used to, and all my friends clowned me a little bit for looking like a military guy. But that's the worst haircut I've had, and my brothers seeing that haircut, that I will come back next week when Rob is back from vacation and will pass up on the haircut. I was the test dummy for that one, which did not go well.
Mike Krass: Awesome. Well, Graham, thank you so much for joining us today on What's the Problem. As our listeners roll our conversation around in their brains, they might want to reach out to you. What's the best way to get in touch with you?
Graham Smith: You can feel free to reach out to me on LinkedIn. I believe my actual ad is not just Graham Smith, but Graham Smith72 and you can feel free to send me an email with any security-related questions at firstname.lastname@example.org.
Mike Krass: Awesome Granham. Thank you so much for your time today.
Graham Smith: Thanks so much for having me. I appreciate it.
Graham Smith is a Cyber Security Sales Specialist at IBM focused on the public sector. In his spare time, Graham is a Board Member with Soul’s Harbor Rehabilitation.