# The security buyer ensemble

By [Doug Lane](https://paragraph.com/@axalane) · 2022-03-30

---

Something hasn’t been sitting right with me about the [email I sent about buyer personas](https://mirror.xyz/axalane.eth/yI-GcN2VtArf_g14Z-1No9OoB4AUlkYL-oNScVBBxbk) the other day. I still believe it. But I think it’s a bit of an oversimplification.

So I’m going to take another crack at it over the next couple of days. I still don’t think creating cartoon caricatures of your buyers is a great use of time – especially for startups that need to keep marketing investments tightly focused. But I do think it’s critical to understand the buyer personas involved in the purchase process in detail and have a strategy for each.

For today, let’s start by defining the ensemble. In most enterprise security deals, it looks something like this:

*   **“The Business Decision-Maker”** – Most often, the CISO or related executive-level security or risk title.
    
*   **“The Security Architect”** – The person responsible for turning the desired business objectives into reality on the ground.
    
*   **“The Stress Tester”** – A sharp security brain who is too pedantic to get projects executed but is great for throwing at security vendors to test their mettle.
    
*   **“The Technical Gatekeepers”** – Stakeholders who are not necessarily security-focused but own infrastructure your product touches. For example, network, servers, endpoints, application code, cloud infrastructure, etc.
    
*   **“The Administrative Gatekeepers”** – Folks like purchasing and legal that you need alignment with to get into the end zone.
    

Did I miss anyone?

\-Doug

---

*Originally published on [Doug Lane](https://paragraph.com/@axalane/the-security-buyer-ensemble)*