Overview
You manage a portfolio of value-added resellers (VARs) in the Great Lakes region who sell Bugcrowd's crowdsourced security platform. Your job is to enable these partners to sell effectively, build joint pipeline, and help close deals they source. You're measured on partner-sourced revenue, not what you close directly.
Role Snapshot
| Aspect | Details |
|---|---|
| Role Type | Channel Account Manager (through-partner selling) |
| Sales Motion | Partner channel (enabling VARs to sell) |
| Deal Complexity | Enterprise/Strategic (through partner) |
| Sales Cycle | 3-9 months (partner-driven) |
| Deal Size | $100K-500K+ ACV (enterprise security) |
| Quota (est.) | $2-4M/year in partner-sourced revenue |
Company Context
Stage: Late-stage/Mature (3,576 employees)
Size: 3,576 employees
Growth: Established player in crowdsourced security, now scaling channel motion
Market Position: Leader in bug bounty/crowdsourced security space, competing against traditional pentesting firms and emerging platforms
GTM Reality
Pipeline Sources:
- 70% Partner-sourced - VARs bring deals from their existing enterprise customer base
- 20% Co-marketing - Joint campaigns and events that partners register
- 10% Channel-led - You identify whitespace in partner accounts and push deals to them
Partner Structure: You work with established VARs who have existing security practices and enterprise relationships. These aren't small resellers - they're selling competing security tools and you need to win mindshare.
SE Support: Shared pre-sales engineering team that you coordinate for partner demos and POCs. You schedule them, they don't report to you.
Competitive Landscape
Main Competitors: HackerOne (direct competitor in bug bounty), Synack (crowdsourced security), traditional pentesting firms (Big 4 consulting, boutique firms)
How They Differentiate: Continuous crowdsourced testing vs point-in-time pentests, larger hacker community, platform approach vs one-off engagements
Common Objections: "We already do annual pentests," "How do we trust random hackers with our systems," "This seems expensive compared to traditional pentesting"
Win Themes: Find more critical vulnerabilities, continuous testing not annual, better ROI than traditional pentesting, compliance requirements (financial services, healthcare)
What You'll Actually Do
Time Breakdown
Partner Enablement (35%) | Deal Support (30%) | Pipeline Building (20%) | Internal (15%)
Key Activities
- Partner QBRs and Pipeline Reviews: Monthly or quarterly calls with each VAR's sales leadership to review pipeline, forecast, and identify blockers. You're pushing them to prioritize Bugcrowd over the 50 other security vendors they carry.
- Deal Registration and Discount Approvals: Partners submit deal registrations for protection and discounts. You review them, verify they're real opportunities, and coordinate pricing with your sales ops team. Lots of back-and-forth on what discount level is justified.
- Joint Sales Calls: You join partner reps on customer calls when deals are strategic or stuck. You're there to provide product expertise and credibility, but the partner owns the customer relationship. Sometimes you're helping them sell, sometimes you're coaching them afterward.
- Training and Enablement: You organize partner training sessions (live and recorded) on Bugcrowd's platform, competitive positioning, and demo best practices. Attendance is always lower than you'd like. You create sales collateral that partners mostly don't use.
- Recruiting New Partners: Some of your time goes to onboarding new VARs in your territory. Due diligence on whether they have the right customer base and technical capability, getting them contracted, initial training.
The Honest Reality
What's Hard
- You don't control the sales process. Partners move at their own pace, prioritize other vendors, and sometimes ghost you for weeks. You're trying to influence people who don't report to you.
- Deal visibility is murky. Partners don't always update you on what's happening. You find out a deal closed (or died) after the fact. Your forecast is only as good as what partners tell you.
- Partners compete with your direct sales team. There's territory conflict - who owns what account? Partners complain when direct reps touch "their" customers. You spend time refereeing.
- Most VARs carry 30+ vendor relationships. You're fighting for mindshare against better-known brands with bigger channel programs. Getting them to actually push Bugcrowd takes constant attention.
- Training is repetitive. Partner sales reps turn over frequently. You're doing the same product training every quarter for new people at the same VAR.
What Success Looks Like
- You hit your partner-sourced revenue number ($2-4M depending on territory and seniority)
- 3-5 VARs in your territory are actively selling and closing deals quarterly
- You maintain a 4x partner pipeline coverage ratio (partners have $8M+ in Bugcrowd pipeline against your $2M quota)
- Partner satisfaction scores are high - they renew their partnership agreements and add more sales reps to the program
Who You're Selling To
Primary Buyers (through partners):
- CISOs and security directors at enterprise companies (financial services, healthcare, retail, technology)
- Application security managers who own vulnerability management programs
What They Care About:
- Continuous security testing vs annual pentests that go stale immediately
- Finding critical vulnerabilities before attackers do (measured by mean time to remediation)
- Compliance requirements (PCI-DSS, HIPAA, SOC 2 all mention regular security testing)
- Cost compared to hiring internal security teams or traditional pentesting firms
- Trust and vetting of the hacker community (background checks, NDA enforcement)
Requirements
- 5+ years in channel sales or partner management, ideally in cybersecurity or enterprise software
- Existing relationships with VARs in the Great Lakes region (Chicago, Detroit, Cleveland, Minneapolis markets)
- Experience managing complex partner-sourced deals with 6-9 month sales cycles
- Comfortable with the indirect sales model - you succeed by enabling others, not by closing deals yourself
- Willingness to travel 30-40% for partner QBRs, joint customer meetings, and regional events
- Technical enough to understand Bugcrowd's platform and speak credibly about crowdsourced security (you don't need to be a pentester, but you need to understand vulnerability types and security testing methodologies)