💼SalesJobsBoard
Cameron Youngblood

Account Executive (AE)

360 Advanced

Account ExecutiveBalancedConsultative
Deal Size: $25K-150K+ ACV
Sales Cycle: 2-4 months
Posted by Cameron Youngblood
View Original PostMessage Cameron

Overview

You're selling compliance and cybersecurity services to companies that need certifications (SOC 2, ISO 27001, HIPAA, PCI DSS) or security assessments (pen tests, risk assessments). You take meetings from BDRs or self-source, conduct discovery, scope projects, build proposals, and close deals. This is consultative B2B services sales where you're selling expertise and outcomes, not software.

Role Snapshot

AspectDetails
Role TypeFull-cycle AE (discovery through close)
Sales MotionBalanced - meetings from BDRs plus self-sourced opportunities
Deal ComplexityConsultative to Enterprise - multi-stakeholder, technical scoping
Sales Cycle2-4 months average (can stretch to 6+ for enterprise)
Deal Size$25K-150K+ per project (SOC 2 audits $20-60K, pen tests $15-40K, multi-year engagements $100K+)
Quota (est.)$750K-1.2M annually ($60-100K/month)

Company Context

Stage: Bootstrapped/Private (20+ years in business, 135 employees)

Size: 135 employees

Growth: New CRO building GTM infrastructure - expect process changes, new tools, potentially comp plan adjustments

Market Position: Established player (900+ clients) but not top-tier brand - you'll compete on experience and service quality, not name recognition

GTM Reality

Pipeline Sources:

  • 40-50% BDR-generated meetings (ramping up as new BDRs get trained)
  • 30-40% Self-sourced (warm intros, LinkedIn, account-based prospecting into target companies)
  • 10-20% Inbound (website leads, referrals, existing client expansions)

SDR/AE Structure: BDRs set meetings, you take it from there. Early days means you'll need to self-source heavily while BDR engine spins up.

SE Support: No dedicated SEs - you'll bring in technical delivery team (pen testers, compliance consultants) for complex scoping calls or technical deep dives.

Competitive Landscape

Main Competitors: Coalfire, Schellman, A-LIGN, Prescient Assurance, regional compliance boutiques, Big 4 consulting (Deloitte, PwC for enterprise deals)

How They Differentiate: 20 years in business, 900+ clients, focus on integrated security + compliance (not just check-the-box audits)

Common Objections: Price (compliance is expensive), "we'll use our existing vendor", timeline concerns, "we'll handle internally", scope creep fears

Win Themes: Proven track record, experienced auditors, comprehensive approach beyond just compliance, industry-specific expertise

What You'll Actually Do

Time Breakdown

Active Deals (40%) | Discovery/Demos (30%) | Prospecting (15%) | Internal/Admin (15%)

Key Activities

  • Discovery calls and scoping: Understanding client's current security posture, compliance requirements, timeline, and constraints. You're asking detailed questions about their systems, controls, existing documentation, and readiness. Then scoping the level of effort (how many systems, how much gap remediation, audit timeline).
  • Building proposals and statements of work: Translating scope into detailed proposals with pricing. This involves coordinating with delivery team on hours/effort, understanding margin requirements, and positioning value. Proposals are custom per deal, not plug-and-play.
  • Multi-stakeholder navigation: You'll talk to IT/security (your champion), compliance teams (if they exist), finance (approval), legal (contract review), and sometimes C-suite. Getting everyone aligned takes time and follow-up.
  • Managing deal progression: Chasing stakeholders for follow-ups, answering technical questions, negotiating scope and pricing, handling procurement processes. Deals stall frequently - companies deprioritize compliance or get overwhelmed by the work involved.
  • Some self-prospecting: Especially early on while BDR team ramps. You'll do warm outreach to target accounts, leverage your network, and work inbound leads.

The Honest Reality

What's Hard

  • Long, unpredictable cycles: Compliance is often a "must-do" but not urgent until deadline looms. Deals sit in pipeline for months. Budget approvals drag. Committees meet slowly. You'll have 15-20 active opportunities but only 3-4 will close this quarter.
  • Complex scoping = pricing risk: If you underestimate effort, the company loses money on delivery. If you overestimate, you lose the deal. Getting scoping right requires technical understanding you'll build over time.
  • Commoditization pressure: Many buyers see compliance audits as commodities and shop on price. You're selling against smaller firms willing to undercut, and you need to justify your premium.
  • Deal slippage: "We need SOC 2 by Q3" becomes "we're not ready, let's push to Q4" becomes "budget got cut." Your forecast accuracy will be poor for the first 6-9 months.
  • Post-sale delivery impacts renewal: If delivery team has issues (slow, missed deadlines, poor communication), you'll hear about it and it affects future deals.

What Success Looks Like

  • Close $750K-1.2M annually with 25-35% win rate on qualified opportunities
  • Build pipeline of 3-4x quota (you need $3-4M in pipeline to hit $1M closed)
  • Average deal size of $40-60K (you'll need 15-20 closed deals per year)
  • Maintain relationships for repeat business - many clients need ongoing compliance or additional frameworks

Who You're Selling To

Primary Buyers:

  • CISOs / VP of Security (technical champion, understands need, drives internally)
  • Compliance Managers/Officers (at larger orgs, they project-manage compliance efforts)
  • CFOs / COOs (budget approval, especially for larger deals or smaller companies)
  • IT Directors (at mid-market companies without dedicated security leaders)

What They Care About:

  • Audit pass on first try: They cannot afford to fail an audit - customer contracts or business ops depend on certification
  • Minimizing internal disruption: Their teams are already busy; they want a vendor who guides them efficiently and doesn't create extra work
  • Transparent pricing and scope: They've been burned by scope creep and surprise costs before
  • Auditor credibility and experience: They need a firm that auditors respect and that understands their industry nuances (healthcare, fintech, SaaS, etc.)
  • Timeline certainty: They have hard deadlines (contract renewals, customer requirements) and need confidence you can deliver on time

Requirements

  • 3-5 years selling B2B services, consulting, or complex solutions (cybersecurity/compliance experience a plus but not required)
  • Ability to understand and discuss technical concepts (you don't need to be a security engineer, but you need to learn SOC 2 controls, pen testing methodologies, risk frameworks)
  • Consultative selling skills - discovery, needs analysis, building custom solutions
  • Comfortable with long sales cycles and deal ambiguity
  • Strong proposal writing and presentation skills
  • Experience navigating multi-stakeholder buying committees
  • Self-starter mentality - new GTM build means less structure, more figuring things out
← Back to all jobs