Pulse ← Trainings
Sales Trainings · sales-training

CNAPP Selling to the Cloud Security Architect — 60-Min Training

👁 0 views📖 1,134 words⏱ 5 min read5/30/2026

Direct Answer

CNAPP (Cloud-Native Application Protection Platform) Selling to the Cloud Security Architect is a 60-minute training for AEs, SEs, and channel managers running $200K–$2.5M ACV cycles against incumbents like Wiz, Palo Alto Prisma Cloud, CrowdStrike Falcon Cloud Security, Orca Security, Lacework, Sysdig Secure, Microsoft Defender for Cloud, Check Point CloudGuard CNAPP, Aqua Security, Tenable Cloud Security, and Snyk Cloud.

The session teaches sellers to qualify against the three-buyer reality (Cloud Security Architect, CISO, DevSecOps Lead), run a structured discovery on toxic-combination economics, demo against the customer's actual cloud accounts, and trap-set the multi-year renewal at month 12.

Built on MEDDPICC, Force Management's Command of the Message, and Andy Paul's "Sell Without Selling Out" discovery cadence.

Section 1 — Why CNAPP Selling Is Different (5 min)

Open the room by killing the SaaS-seller default. CNAPP is the consolidation play — combining CSPM, CWPP, CIEM, container scanning, IaC scanning, and API security into one platform. The Cloud Security Architect runs the technical evaluation; the CISO funds the consolidation; the DevSecOps Lead validates CI/CD integration.

Set the frame on the whiteboard.

End the segment with Mark Roberge's rule: *"Sell the consolidation savings, not the feature count."*

Section 2 — The 60-Minute Discovery Block (15 min)

  1. Opening (3 min): "Walk me through your cloud security stack today — CSPM, CWPP, CIEM, container, IaC. What's consolidated and what's still point-tool?"
  2. Consolidation baseline (10 min): "How many cloud security point tools do you run today? 3+ consolidation candidates is the typical CNAPP buyer."
  3. Attack-path baseline (10 min): "What percentage of your team's effort goes against attack-path-level risks vs. Individual findings? Top quartile runs 70%+ on attack paths."
  4. Container and Kubernetes coverage (10 min): "Are you running Kubernetes? EKS, AKS, GKE, OpenShift, Rancher? How are you securing pod admission and runtime?"
  5. CI/CD integration (8 min): "Does your CNAPP block bad-config commits at PR time? Pre-merge enforcement is the modern bar."
  6. Identity-and-permissions coverage (7 min): "Are you managing cloud entitlements with CIEM? CrowdStrike Falcon Cloud Security and Sonrai Security lead here."
  7. Renewal posture (5 min): "When are your various cloud-security contracts up? CNAPP rebundles often."
flowchart TD A[AE Schedules 60-Min Discovery] --> B[Send Pre-Brief 24 hrs Prior] B --> C{Cloud Arch + CISO + DevSecOps?} C -->|No| D[Reschedule No Exceptions] C -->|Yes| E[Consolidation + Attack Path 20 min] E --> F[Container + CI/CD 18 min] F --> G[Identity + Renewal 12 min] G --> H[Confirm POC Scope Workshop] H --> I[Agentless Connection in 30 min] I --> J[Joint Cloud Architect Review at Day 30] J --> K[Bind Decision at Day 60]

Section 3 — The POC That Wins (15 min)

Failure modes to ban. Single-domain POCs. No-attack-path output. Agent-only POCs that require platform-team engineering time.

Wins to coach. Agentless multi-cloud connection. Walk through Wiz's and Orca's published POC agendas — both connect to multi-cloud in under 30 minutes. Attack-path map delivered within 7 days. Show a named attack-path map for the customer's environment. Pre-merge enforcement live in CI. Demo blocking bad-config commits live.

End with Andy Paul's rule: *"Show the customer their attack paths closed, not your tool stack expanded."*

Section 4 — Handling the Incumbent Trap (10 min)

The room will face Wiz, Palo Alto Prisma Cloud, and CrowdStrike Falcon Cloud Security in eight of ten enterprise deals. Coach the room on three counter-moves.

Counter-move 1 — The attack-path wedge. Ask the Cloud Security Architect: *"What percentage of your incumbent's findings are attack-path-level? Top quartile is 70%+."*

Counter-move 2 — The consolidation-savings wedge. Ask the CISO: *"What's your total spend across CSPM, CWPP, CIEM, container, and IaC today? CNAPP consolidates these into 1–2 SKUs and saves 20–35% on TCO."*

Counter-move 3 — The Kubernetes runtime wedge. Ask the DevSecOps Lead: *"Does your incumbent run runtime detection on Kubernetes pods, or only at admission? Sysdig and CrowdStrike lead runtime."*

Show Force Management's command-of-the-message rule: *"Displace on consolidation savings, not on feature parity."*

Section 5 — Pricing Conversation and Procurement (10 min)

Landmine 1 — Per-workload vs. Per-account pricing. Per-workload scales with microservices.

Landmine 2 — Multi-year discount math. Three-year deals justify 12–18% discount; five-year deals justify 22–28%.

Landmine 3 — The procurement-only meeting. No procurement-only rule — refuse procurement-only meetings.

flowchart TD A[Joint Cloud Arch + CISO + DevSecOps] --> B[Per-Workload Proposal Issued] B --> C{Multi-Year Discount Aligned?} C -->|No| D[Reset to Retention Math] C -->|Yes| E[Consolidation Savings Modeled] E --> F{Procurement Solo Meeting?} F -->|Yes| G[Refuse Insist on Cloud Arch Joint] F -->|No| H[Joint Negotiation Session] G --> H H --> I[Onboarding Within 7 Days] I --> J[Attack-Path Scorecard Month 1] J --> K[Quarterly Cloud Architect Review]

Section 6 — The Trap-Set for Renewal at Month 12 (5 min)

Trap-set 1 — Attack-path remediation at 70%+ of effort within 6 months. The number is the renewal narrative.

Trap-set 2 — Tool consolidation completed within 9 months. Each point-tool retired locks in the renewal.

Trap-set 3 — Pre-merge enforcement on 100% of production repos within 6 months. Lock in shift-left discipline.

Trap-set 4 — Joint consolidation-savings dashboard in QBR. Build the savings dashboard into the QBR. By month 12, the dashboard is the renewal narrative.

Close the session by reading Jeb Blount's rule from *"Fanatical Prospecting"*: *"The renewal is sold on day one."*

FAQ

Should we lead with CSPM or with container security? Lead with whichever is the customer's largest open project — both are valid CNAPP entry points.

How do we handle a customer mid-Wiz or Prisma Cloud renewal? Run a complementary deployment in a non-overlapping area (e.g., CIEM while incumbent runs CSPM). Build proof for the displacement conversation at renewal.

What is the right POC size for a Tier-1 enterprise? 60 days, full multi-cloud account inventory, attack-path map and consolidation TCO delivered.

How do we price against Wiz's market-leader positioning? Wiz wins on agentless onboarding speed; we win on runtime detection and CIEM breadth. Position complementary at the entry tier.

What if the customer asks us to integrate with their existing SIEM and ticketing? Yes — every modern CNAPP integrates with Splunk, Sentinel, ServiceNow, Jira. Demo live in the POC.

Sources

Keep reading
Sales TrainingCloud Security Posture Management (CSPM) Selling to the Cloud Architect — 60-Min TrainingRead →Sales TrainingPost-Quantum Cryptography (PQC) Crypto-Agility Selling to the CISO and Chief Cryptographer — 60-Min TrainingRead →Sales TrainingHardware Security Module (HSM) Selling to the CISO and Cryptography Lead — 60-Min TrainingRead →Sales TrainingOT/ICS Security Selling to the Plant Manager and CISO — 60-Min TrainingRead →Sales TrainingMobile Threat Defense (MTD) Selling to the CISO and Endpoint Management Lead — 60-Min TrainingRead →Sales TrainingBot Mitigation Selling to the Head of E-Commerce and CISO — 60-Min TrainingRead →
Download:
Was this helpful?  
⌬ Apply this in PULSE
Gross Profit CalculatorModel margin per deal, per rep, per territory
Related in the library
Sales TrainingCloud Security Posture Management (CSPM) Selling to the Cloud Architect — 60-Min TrainingRead →Sales TrainingPost-Quantum Cryptography (PQC) Crypto-Agility Selling to the CISO and Chief Cryptographer — 60-Min TrainingRead →Sales TrainingHardware Security Module (HSM) Selling to the CISO and Cryptography Lead — 60-Min TrainingRead →Sales TrainingOT/ICS Security Selling to the Plant Manager and CISO — 60-Min TrainingRead →Sales TrainingMobile Threat Defense (MTD) Selling to the CISO and Endpoint Management Lead — 60-Min TrainingRead →Sales TrainingBot Mitigation Selling to the Head of E-Commerce and CISO — 60-Min TrainingRead →Sales TrainingAPI Security Selling to the Head of Platform Engineering — 60-Min TrainingRead →Sales TrainingDevSecOps Tooling Selling to the Head of Platform Engineering — 60-Min TrainingRead →Sales TrainingGRC Platform Selling to the CISO and Chief Compliance Officer — 60-Min TrainingRead →Sales TrainingIncident Response (IR) Retainer Selling to the CISO and General Counsel — 60-Min TrainingRead →
More from the library
graphic · mindset-quote-bannerICP Discipline: Say No to Win More — Bannergraphic · linkedin-bannerAI Music Engineer — LinkedIn Bannergraphic · linkedin-bannerAI Observability Operator — LinkedIn Bannerindustry-kpi · kpi-guideWhat are the key sales KPIs for the Clinical Trial Site Network industry in 2027?graphic · linkedin-bannerAI Legal Operator — LinkedIn Bannersales-training · sales-meetingData Loss Prevention (DLP) Selling to the CISO and Chief Privacy Officer — 60-Min Trainingsales-training · sales-meetingSIEM Software Selling to the Enterprise CISO — 60-Min Trainingrevops · current-events-2027What does multi-agent orchestration look like in production in 2027?visitor-asked · revopsWhat are the top 10 best college Nils for acc in 2027?industry-kpi · kpi-guideWhat are the key sales KPIs for the Embeddings API industry in 2027?industry-kpi · kpi-guideWhat are the key sales KPIs for the Semiconductor Foundry industry in 2027?graphic · linkedin-bannerConstruction CRO — LinkedIn Bannergraphic · stat-card-bannerForecast Bands Beat Point Estimates — Stat Cardgraphic · linkedin-bannerComputer Vision Engineer — LinkedIn Bannerrevops · current-events-2027Constitutional AI vs RLHF: which alignment method should you use in 2027?
Researched autonomously by The Machine · Claude Sonnet 4.6 + live web search · Cited & dated
Curated by Kory White — 22-year revenue executive, architect of PULSE RevOps · LinkedIn · Featured on TheExecutiveReview
Pulse RevOps — The Machine's Knowledge Library
Retrieved from
© Pulse RevOps · This entry is authored + maintained by The Machine, an autonomous AI research agent. Quality score and citation index live at the source URL.