Building Customer Success Programs With Security Transformation Exercises

Netskope Director of Customer Experience Amit Kandpal can usually take a look at internal systems of records for customer success and make a fairly accurate prediction about the health of the program by looking at attendance in the last few cadence calls and Quarterly Business Reviews. One single predictive factor for success would be an enthusiastic sponsor attending QBRs regularly, asking the right questions (value realized, reasons and accountability for any delta, resources required going forward, product roadmap, etc.), and providing the required level of sponsorship to get around any blockers.

We spoke with Amit to discuss key recommendations for any organization venturing into a security transformation exercise and how to address the major hurdles for value realization across customers.


As a Customer Success Leader, what is the number one question you receive from professionals, executives or other stakeholders when they begin building their first customer success programs with security transformation exercises?



"An organization is always looking to find value creation and realization the fastest. When executives start a security transformation exercise, they want to know exactly what they should be focused on in order to build their roster of long-time customers, establish themselves as an insightful/valuable vendor, and identify obstacles that may stand in their way to achieve such success. My response usually includes some of the following recommendations:

  • Articulate key short-term and long-term security strategies and priorities to all internal customer and vendor teams.

  • Make sure the vendor and customer agree on the success metrics along with target timelines.

  • Leverage cadence calls, Quarterly Business Reviews, and customer advisory boards to help determine potential roadblocks on this security transformation journey.

While some may sound fairly obvious, these continue to be major hurdles for value realization across the customers we work with."


When identifying short-term and long-term security strategy and priorities, what additional resources are needed internally and externally to ensure a smooth security exercise?


"A surprising number of transformation initiatives lack the due diligence to understand and implement the right level of resources required at all stages of the program. For example, I have found that the effort and time required to build an effective Data Loss Prevention program is something that most customers tend to underestimate by a large margin. This means it is beneficial for a customer to immediately ask the vendor they are working with for best practices and case studies from similar industries and complexity. If this question isn’t asked, a vendor should provide that information upfront. A good case study will provide a framework based on rigorous data which can be customized based on complexity, required velocity, and any other considerations.


As a result, the right short-term and long-term security strategy and priorities for all internal customer and vendor teams can be established, ensuring the customer is on the path to quick time-to-value from Day One. Once these goals are set, we have also used this information to assign the right resources with the relevant skills. We have also influenced our product roadmap to accommodate longer-term priorities if it makes sense for the larger customer base."


What success metrics are important to both the customer and vendor? Are there specific obstacles that customers must overcome in order to determine the most effective goals?


"Most mature vendors have a framework based on their experience with other customers to capture the key target business outcomes of the program (e.g. reduced total cost of ownership, saving from breach avoidance, business agility, etc.) and translate those into specific metrics based on customer context. These types of metrics, when available, are extremely helpful for teams on the vendor side that work directly with customers on a daily basis, as well as leaders like me behind the scenes. In this way, I am able to detect any deviation from the optimal path early by tracking the agreed metrics and making the right interventions when required. These methods best benefit the customer as well, in order to prevent any delays or setbacks within the program.


With that said, it is also very important for customers to focus on outcomes rather than replicating the existing way of doing things with a new solution. I have seen this distinction among customers who have refused to deviate from one set of practices. It is important for them to remember that new technologies enable transformation precisely because they have a different and better take on the same problems. The vendor’s customer success team works with hundreds of organizations trying to solve different flavors of the same challenges, and it always makes sense to check with them for evolving best practices."


Can you provide any specific examples of obstacles that have delayed, paused or even prematurely ended a security transformation? How can they be prevented?


"One thing on a customer call that always makes my heart sink is the news of someone critical, either from the operational or executive team, moving on to a different opportunity. It goes without saying, this happens a lot in the current red-hot market for security talent we are in. The worst-case scenario for the whole engagement is not having a sponsor or an operational team for an unknown period of time. Momentum is everything for transformation programs, and once stalled, it can lead to a vicious cycle of no value, hence no focus, and the need of additional resources from an already stretched team. This sometimes can lead to the eventual demise of the entire program. With that said, the most successful customers I work with have redundancy built into these resources and schedule planning/track any resourcing risk on an ongoing basis. They also nominate a replacement early, when required, and give us enough time to make sure there are no disruptions to the program.


I can also usually review our internal systems of records for customer success and make a fairly accurate prediction about the health of the program by looking at attendance in the last few cadence calls and Quarterly Business Reviews (QBRs). If I have to pick one single predictive factor, it would be an enthusiastic sponsor regularly attending QBRs, asking the right questions, and providing the required level of sponsorship to get around any blockers. Regular QBRs where all internal and vendor teams walk away with a shared and clear understanding of target business outcomes, a high-level tactical plan, respective roles and responsibilities, and the path forward to address any dependencies and risks are the hallmarks for the most successful transformations."


###