Yes, the world of sales is changing. Yes, AI is reshaping how buyers think, research, and decide. But should we throw out proven frameworks like MEDDICC?
From my early career start at Accenture, I lived through a couple of waves of "everything is about to change" — the cloud was going to change how we sell, digital transformation was going to change how we sell. And now at AWS I heard AI is going to change how we sell.
Yes, buyer behaviour evolved. The sales cycle got more complex, new stakeholders appeared. But the fundamentals of how you win a complex deal — how you qualify, how you build urgency, how you navigate an organisation, how you quantify value — those never moved.
Security is one of the hardest things to sell because the buyer's relationship with the problem is complicated. They know the risk is real. They've probably lived through an incident, or watched a competitor get hit, or sat through a board meeting where someone asked uncomfortable questions about their posture. But they also have fifteen other priorities, a constrained budget, and a team that's already stretched thin.
The goal is to help the buyer identify their concerns, quantify them, and align your solution with those numbers to pass finance review. That is not a conversation AI can have for you. That takes presence, trust, patience, and a framework that keeps you honest about what you know.
What AI Has Actually Changed
Here's what AI has changed: the buyer's research phase. They arrive at the first call having already mapped the vendor landscape, read analyst reports, benchmarked pricing, and generated their own evaluation criteria.
That makes your job harder — and more important. Not to pitch, but to ask the right questions. To help them think through what actually matters for their organisation, their maturity level, their threat profile. That's where MEDDICC earns its keep.
The Framework, Applied
Security buyers struggle to quantify risk in financial terms. Most can tell you how many incidents they had. Few can tell you what each one cost. Your job is to build that number with them — cost of downtime, regulatory exposure, remediation effort, reputational impact. The moment you put a credible number on the problem, the conversation changes entirely.
In Security, the economic buyer has shifted. CISOs have more budget authority than ever, but they're also operating under more board scrutiny. Sometimes the CFO is in the room. Sometimes it's the CEO after a near-miss. Knowing who really controls this decision, and what they personally lose if something goes wrong, is non-negotiable.
Buyers now arrive with AI-generated scorecards. They've already weighted the criteria before you got there. The window to influence what they value — and what they're willing to trade off — is in the first conversation.
Security deals die in process, not in value. Procurement, legal, InfoSec review of the vendor, sometimes a separate board sign-off. Map it early and map it honestly. Ask who else needs to be comfortable with this decision. The answer will tell you more about your deal than any discovery question.
This is everything in Security. The surface pain is always "we need better protection." The real pain is usually a near-miss they haven't told the board about yet, a compliance deadline three months away, or a CISO who knows their current stack won't survive an audit. You have to earn that conversation. It doesn't come in the first meeting.
Your champion in a Security deal is usually technical — a Security architect, a SOC lead, a VP of Engineering. They believe in the solution. But they often struggle to make the business case upstairs. Build it for them. Give them the language, the numbers, the risk narrative that lands with a CFO or a board. Make them look like the smartest person in the room.
In Security, the most dangerous competitor is not another vendor. It's the decision to do nothing. Or to build it internally. Or to push it to next year's budget. Name these alternatives directly. Understand why inaction feels safer than it is.
Adapt the Approach, Not the Foundation
I use AI in my own workflow every day — for account research, call prep, study my competitor, mapping an org before I meet with a customer. It makes me more prepared and more efficient.
MEDDICC is a discipline that forces you to find the real pain, reach the real decision maker, and build a real business case. The tools change. The conversations get more complex. The fundamentals don't.