Why Discovery Wins
Demos win attention. Discovery wins deals. If I can't describe the problem in the customer's words, I'm just touring features. Week 2 is about building a repeatable discovery system that surfaces risk, friction, and compliance pressure; then maps them to outcomes.
The 6-Layer Discovery System
Use these in order. Don't skip ahead.
1. Catalyst & Context
- What changed? Why now? Who's accountable?
- What happens if nothing changes in 90 days?
2. Environment Map
- Where do identities live (IdP/AD/AAD)? Which protocols (RDP/SSH/HTTPS)?
- Where is access brokering today (VPN, jump boxes, ZTNA, browser-based)?
- Cloud/OT footprint? Critical apps and data paths?
3. Access Reality (Privileged & Third-Party)
- Who has standing privilege? Any shared or service accounts?
- How are credentials issued/rotated/revoked? Break-glass?
- Vendor access path and approvals? Session recording?
4. Risk & Compliance
- Which frameworks (NIST, HIPAA, PCI, SOX)? Findings from last audit?
- What evidence is hard to produce today?
- Breach scenarios that keep you up at night?
5. Workflow & Integration Fit
- Required integrations (IdP/MFA, ITSM, SIEM/SOAR, CMDB).
- Who approves? Who monitors? Who reports?
- Constraints: SSO mandates, agentless-only, air-gapped OT, etc.
6. Success Criteria & Impact
- Measurables: time-to-access, approvals, audit evidence, MTTR.
- Non-negotiables vs. nice-to-haves. Decision timeline and stakeholders.
10-Minute Pre-Call Checklist
- Review stack (IdP, MFA, VPN/ZTNA, SIEM, ticketing).
- Pull 1–2 breaches or regulatory actions in their sector.
- Draft three hypotheses (pain → impact → likely capability).
- Identify one workflow you must see.
During the Call (simple timebox)
- 5 min: Catalysts & goals.
- 10 min: Access reality (standing privilege, vendors, break-glass).
- 10 min: Evidence & audit pressure.
- 5 min: Success metrics and next steps.
Take notes in HubSpot/Salesforce with the same headings. Future you will thank you.