Customer Visit Report Template

I have mentioned in my previous post that one of the most enjoyable activities of Product Managers is doing customer visits. I have created a short Customer Visit Report Template that I used presenting the visit to my colleagues and to the management team. May be useful for other product managers so I’m sharing it here at

Customer Visit Report Template

  • Customer Company Name
  • Customer Visit Participants
  • Date and Place of Customer Visit
  • Customer Background/Profile/Situation
  • Main Report (Customer challenges and other customer visit details)
  • Extra Q&A
  • Customer Visit Insights
  • Action items


Customer Company Name

To start the Customer Visit Report document, you need to state the name of the company that you have visited and add a one or two-liner describing the customer’s nature of business, their industry and other interesting info about the customer. Your Sales Team or Support Team will be a good information source. In the event that Sales or Support folks are not available, the internet will be a good resource too. I learned this via my infosec and social media exposure: “Google/Bing/Search the internet”. Use the company name as search keywords and look for the about the company section. Focus on the department or group that you will be visiting (this should be part of every customer visit prep work that PM’s should do beforehand) to know more detailed info about the customer.


Customer Visit Participants
Who are the people you have visited or met? Which group are they from?
You should list down the people you have visited and met (and their designation to the company). If other people from your company joined you in the customer visit, it will be helpful to list them here too. It is customary to exchange business cards at the start (or end) of the customer meeting and this will be good source of info to recall the names of the customers you have interacted with.


Date and Place of Customer Visit
Was the customer visit done on customer’s onsite location? Or was this part of a customer event that your company arranged? Or maybe done via meet-up as part of industry conference (maybe like RSA Conference). May be a minor detail but it will be helpful in the long run. Should you run into an email by the customer in the future, you can just look at the first page of your customer visit report and say that “Hey I visited you guys on this date…”. Make good impression!


Customer Background/Profile/Situation
In this section, you should share the purpose of the customer visit. Are you here to support your sales guy in closing the deal? Are you putting out fires? Are you here to calm an irate customer? Or is this a confidence visit with a key customer?
Share the background situation (again PMs should know this before the actual customer visit). If you have a product portfolio (like the company I’m working with now) list which products the customers are using, what version of the products, how many seats, other pertinent business details. During the visit, do some competitive intel gathering too (e.g. what competitor products are they using, what versions, are they satisfied, can we complement these solutions? or maybe displace them).


Main Report (Customer challenges and other customer visit details)
This will be the most detailed part for the customer visit report. You can connect the details of the customer background/profile and describe the details on how customer visit went thru. You can put the customer challenges (if they have any) and other customer detailed discussions in this part.
This part can be very free-flow, free-format as each customer visit may have unique scenario and details. This main part will be helping you in providing details of the customer problem and/or solutions back to your team.

Extra Q&A Tips
This part is my personal touch to the main report. I usually ask a template question (describe in this post), especially during my first visit to the customer. I usually ask about the good and the bad about my company or my product.

For the good stuff I usually ask “What they (customers) like best about our company or our products?”. With this question you can discover many revealing answers. And if you are lucky enough you can validate your company’s or groups core competence and strategies directly with the customer. Ask customer to elaborate more to understand your products more.

For the improvement part (the negative ones), you should not ask it as bluntly as what’s bad with our company or product (you may be attracting negative energies if you do it this way). Be gentle and do it politely. Call it euphemism but I usually ask “What they (customer) think will make our company or our product better?”. It is good to know what else you can improve from the customers directly (and not from other intermediate channels within the company). Hopefully with this question, you can also extract interesting answers from the customer and that you can bring it back to your team back home. Just be careful as this part of Q&A may turn into ranting or whining session by the customer. If you are not confident on asking about this “improvement”, skip it and focus on the positive feedback from the customer.


Customer Visit Insights
From the details you gathered above, create some insights about the customer visit. You can share what you learned about the customer, your product and how they interact, etc. You can validate your ideas, projects, strategies, concepts that you have in mind based from the feedback from the customer as well as the visit itself. This customer visit insights part should help you as PM as well as the management team in their respective activities.


Action items
Lastly, list down the action items. Does customer need something (documents/tools/whitepapers) that you have mentioned in the visit but have not delivered to them yet? Do you have to follow up on some items or request made by the customer?
Put action item owners and target dates so that you can properly track it.

I hope you find this Customer Visit Report Template helpful.

I will try my best to come up with other helpful things about customer visits in the near future.


Repost: RSA Conference 2013: On Security Awareness, Hacking Back and Going Offensive Legally

Some re-post from my recent trip to SF for the #RSAC 2013:

RSA Conference 2013: On Security Awareness, Hacking Back and Going Offensive Legally
by Menard Osena (Solutions Product Manager)

Two weeks ago, I attended RSA 2013 Conference in San Francisco and was impressed by the number of participating security vendors. The addition of the Human Element and Breaking Research in the technical track sessions also provided a refreshing stroke to this year’s presentations.

Below are some of my experiences and insights on some noteworthy discussions involving security awareness, hacking back, and going offensive legally.

The 7 Highly Effective Habits of a Security Awareness Program

Samantha Manke and Ira Winkler of Secure Mentem discussed their views on the difference between security training and security awareness. They highlighted the importance of a security culture in companies in enabling employees to apply best computing practices on a daily basis, resulting to long-term security awareness within the organization.

They presented the results of their recent study conducted among Fortune 500 companies in the Health, Manufacturing, Food, Financial and Retail sectors. This study focuses on security awareness campaigns that companies implemented and how effective these were. They came up with key findings that lead them to create their 7 Highly Effective Habits of a Security Awareness Program, which are:

  1. Create a Strong Foundation
  2. (Have) Organizational Buy-in
  3. (Encourage) Participative Learning
  4. (Have) More Creative Endeavors
  5. Gather Metrics
  6. Partner with Key Departments
  7. Be the Department of HOW

My key takeaway for this session is of course the last part.  We, the information security professionals, should be the “Department of HOW” and not the “Department of NO”. We must focus on how to allow users to do what they want safely, not simply saying no to our own customers and further locking down systems.

While I understand the need to establish dos and don’ts in company security policies, we should raise the bar and let security be a key part of solving business challenges, not an obstacle to it.

On Hacking Back and Going Offensive Legally

During the conference, I attended several sessions discussing intriguing concepts like hacking back and going offensive legally. One of the sessions was Highway to the Danger Zone…Going Offensive…Legally presented by George Kurtz and Steven Chabinsky of  CrowdStrike. The discussion focused on the idea of active defense as a form of offense against targeted attacks affecting companies. They clearly differentiated this concept from hacktivism and online vigilantism. However, Steven Chabinsky, being a lawyer, also expounded on its complexities like the differences of laws and legislation in different countries, making the concept difficult to define as of the moment.

Another session that covered very similar ground was Is it Whack to Hack Back a Persistent Attack?. Trend Micro’s Dave Asprey moderated this session. He was joined by Davi Ottenheimer of EMC Corporation, David Willson of Titan Info Security Group and again  George Kurtz from CrowdStrike. The panelists discussed the active defense/ hacking back phenomenon and its legal, ethical and business liabilities and complexities when practiced over the Internet.


My personal key takeaway from these sessions is the active defense concept entails risks and complications that may spur more problems instead of solving the situation. Instead, organizations, in particular security administrators, should have the correct mindset when it comes to targeted attacks and deploying an inside-out protection.

For now, I would stick with law enforcement agencies and private sector partnership as the best (and safest) path to combat targeted attack, exemplified by the Rove Digital Takedown last year.

Original article: RSA Conference 2013: On Security Awareness, Hacking Back and Going Offensive Legally first posted at Trendlabs Security Intelligence Blog

I will share more insights (mostly from infosec and product management perspective) about Security Awareness, Going Offensive Legally and other technical sessions here at AVSecurityProductManager soon.

I am also thinking about posting some wonky PM topics (booth babes, circus tricks, nearly clueless marketing folks) too so watch out for it 🙂

Tags: ,

Blog Reboot for 2013

The Version Two Dot Oh attempt for last year was a flop!

So let me do a reboot for 2013, remove the 2.0 reference and just write something here. Yup, this blog will still be related to product management. I plan to populate this blog with my PM ideas and insights and set limitations (on content/topic/etc) later.

For starters, I did a repost of my previous blog post for Malware Blog, and I will do another one soon to discuss the idea and reason behind that blog post and let us see where this post will lead us next 🙂

Wish me and AV Security Product Manager blog luck and success for 2013!!!

Happy New Year 2013!!!


Repost: How Big will the Android Malware Threat Be in 2012?

To celebrate the 1-year anniversary of my post at Malware Blog, I am reposting this article here at

How Big will the Android Malware Threat Be in 2012?
by Menard Osena (Solutions Product Manager)

In August 2011, we released our Snapshot of Android Threats, which stated that there was a significant increase in the number of Trojanized Android apps and actual malware targeting the Android platform.

In our 12 Security Predictions For 2012, we mentioned that smartphone and tablet platforms, especially Android, will suffer from more cybercriminal attacks.

In our continuous monitoring of this threat, we soon noticed that the problem was growing at an alarming rate. From a mere handful of malicious apps at the start of the year, it skyrocketed to more than a thousand malicious Android apps by the middle of December 2011. The average month-on-month growth rate for the second half of 2011 was more than 60%.

If this growth rate is sustained this year, then 2012 will definitely be an “exciting” year forAndroid. Why is this so? If current trends hold, we may be able to see more than 120,000 malicious Android apps by December.


There are several factors that are causing this explosive growth:

  • The increasing popularity of Android, as highlighted both by the number of total downloaded apps (more than 10 billion via the official Android Market) and the number of users and activations, as stated by Gartner and Google Senior Vice President of Mobile Andy Rubin.
  • The openness of the Android app distribution model. Unlike other mobile OSes, users are free to install applications without passing through any filtering process. This lowers the barriers to installing malicious apps considerably.
  • The cybercriminal mindset: Bad guys attack where the money is.

2011 already saw a wide variety of threats emerge for Android, as we discussed in our year in reviewAndroid malware is definitely here to stay for 2012.

Original Post: TrendLabs Security Intelligence Blog: How Big will the Android Malware Threat Be in 2012?

Image Credit:

Additional personal insights to follow here at


Reviving the Blog

Welcome to 2.0!!!

Yes! I am reviving this blog. I got tons of ideas for this blog from my numerous customer visits, regular customer and stakeholders interaction and other product management tasks for 2011 as well as from attending RSA Conference 2012 this quarter.

I will do my best to post more and will be consistent in updating this blog 🙂

Version Two Dot Oh will still be focused on product management, antivirus, anti-malware and other information security topics.

Watch out for more posts soon…


My First Customer Visit

One of the cool activities of a product manager is doing customer visits. And first time is always a memorable one so I am sharing it here in my new blog.

My first customer visit was with an e-commerce company in San Jose, California. I went with a fellow Product Manager and the Premium Support Manager and we were all in business suits of course. The support manager and my fellow PM handled most of the talking while I listened attentively and took down notes.

The group that we have visited was a pilot group for their company, and whatever solutions they deploy gets deployed to the whole company’s branch offices worldwide.

We tackled two questions that will be part of my future customer visits’ “must ask” questions. “What do you like about our product/ our company?” was the first one and the customer answered that our products have small footprint and is not a resource hog for their systems. The next question was “What do you think we can improve moving forward?” and the customer answered about an endpoint product feature request (related to scanning) that my colleague needs to follow-up with the respective Product Manager back in the office. It’s a good thing that the customer does not have any recent malware issue (outbreak and infection) related.

My diligent taking down of note paid off as I have delivered a good customer visit report that will be started as a template for the team.

We visited another customer in the Bay Area that day but that experience will be worth another post in the future.



“A rose by any other name would smell as sweet, but a blog by any other name would not grow into a l33t.”

I’m really not into Shakespeare and poetry so forgive the lame attempt above. But hey I find the rhyme cool, and I have great aspirations for this blog (hence the l33t reference) so I am posting that statement here.

Seriously why I will give you some top of the mind answers:

AV stands for Antivirus. AV (and Antimalware) is my roots and I guess my background will influence my posts here so as a tribute to the industry that I belong to it is added to the name of the blog.

I chose Security next as it’s main point interest (as it is where my work-life revolves nowadays). No, its not just antivirus and anti-malware kind of security. I have a good grasp of the concept that security has so many facets and I really like exploring those aspects of security. I love to write and discuss about security so it should be fine that I add it to the namestring of the blog.

Product Manager is kind of obvious as Product Management will be my focus and theme for this blog. I have tried blogging the freestyle way and with this new blog I want to be focused on PM stuff.

Doing some honest self-assessment now, I have to admit that I am not an expert on Product Management and stuff, but I would like to grow into a matured and expert Product Manager and I hope this blog will accompany me when I reach that goal.

That’s all for now. Wish me and my new blog good luck in our product management journey.


Hello World! Welcome to!

It is true that every wordpress blog installation comes with the Hello World post.

Welcome to, my product management blog! I plan to write about product management here with some touch of tech, security and antivirus stuff of course.

Wish me and my new blog good luck!