Discovery Questions for Each Persona

In this module

Why multi-persona discovery wins
The CEO / CFO questions — surface strategic pain
The CTO / VP Engineering questions — surface execution pain
The CPO / VP Product questions — surface attribution + planning pain
The CISO questions — surface audit + compliance pain
The head of compliance questions — surface procurement pain
The research foundation — Gartner's 74% / 2.5x consensus finding
Sequencing the personas
Anti-patterns
Discussion prompts

Why multi-persona discovery wins

PM33 is a multi-stakeholder sale. The CEO cares about strategic attribution. The CTO cares about agent governance. The CPO cares about PM productivity. The CISO cares about audit. The head of compliance cares about procurement readiness. Each persona has different pain, different success metrics, different objection shape.

The mistake most early-stage AEs make is running discovery with one persona, building the pitch around that one persona's pain, and then losing the deal at the buying-committee stage when other personas surface objections the pitch never addressed.

The research is unambiguous. Gartner's 2025 sales survey of 632 buyers found:

6-10 decision-makers participate in complex B2B purchases (15+ for enterprise) — Gartner B2B Buying Journey
74% of B2B buying teams demonstrate "unhealthy conflict" during the decision process — Gartner May 2025
Groups that reach consensus are 2.5x more likely to report the deal as high-quality (same survey)

The implication: multi-persona discovery isn't a tactic, it's a structural requirement. The 2.5x consensus-quality stat is the single most important number in this curriculum — it converts "talk to multiple stakeholders" from a sales nice-to-have into a measurable win-rate driver.

The CEO / CFO questions

The CEO/CFO cares about strategic outcomes, not execution mechanics. Discovery questions:

"How do you know if your engineering org is shipping the right things?"

Listen for vague answers. Most CEOs answer with "we have OKRs" or "we have a roadmap" — neither of which answers the question. The actual answer requires attribution data. If they don't have it, the closed-loop pitch lands.

"What percentage of your strategic objectives last quarter can you attribute to specific shipped work, with quantified evidence?"

The honest answer is almost always "we can't measure that." That's the McKinsey 5.5% gap (~5.5% of orgs report >5% EBIT attributable to AI, per McKinsey QuantumBlack 2025). Use the gap as a wedge.

"When AI coding tools made you faster, did you also get smarter? Or just faster at shipping the same wrong things?"

This question is intentionally provocative. The CEO who's adopted Copilot/Cursor without operating-model rewiring will recognize the framing. The DORA 2024 7.2% delivery stability reduction is the empirical backup.

"If you started measuring outcome attribution today, what's the one strategic objective you'd want answered first?"

This question converts the conceptual conversation into a concrete pilot scope. The answer becomes your land-and-expand wedge.

The CTO / VP Engineering questions

The CTO cares about agent governance, execution quality, and not breaking what works. Discovery questions:

"Are AI agents writing code in your org today? If so, who has audit visibility into what they're doing?"

Most orgs will say "yes, devs use Copilot" and then can't answer the audit question. That's the gap PM33 fills — the harness + audit log + lifecycle events architecture.

"What's your current spec-ambiguity rework rate? What percentage of sprints involve significant scope rewrite mid-cycle?"

If they don't measure it, they're probably at 25-40% (industry norm). PM33's structured Brief schema reduces this by moving ambiguity resolution to spec time.

"How do you handle multi-agent coordination? Have you hit ABSORPTION-style bugs yet — agents accidentally absorbing each other's commits, broad-stage patterns sweeping up unrelated work?"

If they're running concurrent AI agents, they've hit this and they're embarrassed about it. Naming it explicitly establishes credibility. (Reference PM33's own per-agent worktree solution.)

"What's your current test-to-production confidence ratio? When CI passes, how confident are you that the change is actually correct?"

This question opens the path to talking about the gauntlet-review pattern (3-reviewer parallel review for security/auth/contract surfaces). Reference PR #160 as the canonical example — a PR specifically to fix the missing-audit gap that shipped Round 1 with the same gap for 3 different tools.

The CPO / VP Product questions

The CPO cares about PM productivity, attribution discipline, and sprint planning friction. Discovery questions:

"What percentage of your PMs' week goes to status meetings, dependency hunting, and Jira grooming?"

The honest answer is usually 35-50%. The case-study reference: PM33's own team shrunk this to 5-10% by adopting the closed-loop pattern. (PM track Module 6 day-in-the-life is the visual.)

"How do you do outcome attribution today? Spreadsheets? Quarterly memory? Honest answer?"

Most CPOs cringe at this question because the honest answer is "we don't." Listen for the cringe. That's your wedge.

"What's your sprint planning friction look like? How long does it take to plan a sprint, and how often does the plan survive contact with reality?"

Industry norm: 8-16 hours per cycle for sprint planning at a 5-engineer team. PM33's capacity-aware scheduler reduces this to ~30 minutes of review-and-adjust.

"What happens in your team when a Brief or Story ships but the predicted metric doesn't move? Who diagnoses it? What's the cultural response?"

The cultural-response answer is more telling than the diagnostic-process answer. If the culture punishes misses, the closed-loop pattern won't work for them — and you need to know that early. (Reference Executive Module 2 on "predictions calibrated, not pessimistic.")

The CISO questions

The CISO cares about audit completeness, agent oversight, and procurement readiness. Discovery questions:

"How do you audit what AI agents have done in your codebase? What's the trail?"

Most orgs don't have a complete trail. The Anthropic harness blog and GitHub Spec Kit both call this out. PM33's audit log is the answer.

"How do you handle policy bypasses? Block them, track them, or neither?"

PM33's design philosophy is "observe, don't block" — covered in detail in security-compliance track Module 4. Most orgs are at "neither" today.

"What's your current data isolation guarantee for multi-tenant tools? RLS? Application-layer? Trust-the-vendor?"

PM33 implements row-level security (PostgreSQL RLS) on every tenant-scoped table. This is the architectural answer to "trust us" — it's enforced at the database layer.

"What does your typical AI-vendor procurement review take, in weeks?"

Industry norm: 12-26 weeks. PM33 ships security-compliance Module 1 as a 20-minute procurement-decision read specifically to compress this. Most enterprise customers complete review in 6-8 weeks.

The head of compliance questions

Often overlooked but increasingly important as AI procurement gates tighten. Discovery questions:

"How prepared are you to answer a SOC2 auditor's question about who-did-what in your AI-touching systems?"

Most heads of compliance haven't been asked this yet — but they will be in the next audit cycle. The audit-log-as-compliance-gift framing lands here.

"How long does your typical compliance review take? Could you cut it in half with read-only audit log access?"

This is a numeric-anchor question. They'll have a specific number (e.g., "our last review was 14 weeks"). Use it to compute the savings.

"What's your AI-governance posture? Do you have a published policy? Is it operationalized or shelfware?"

Gartner's 2025 AI Governance Market Guide emphasizes "inventory, lineage, and audit trails across models and data as essential for regulator/board assurance." PM33 implements all three structurally.

"What percentage of your AI projects in the last 12 months were abandoned due to data-readiness or governance issues?"

Gartner's published number: through 2026, 60% of AI projects will be abandoned due to lack of AI-ready data — Gartner Feb 2025. 63% of orgs don't have (or don't know if they have) the right data management practices for AI. Use this as the macro context for why governance-first AI products are the survivors.

Sequencing the personas

Real enterprise sales don't run all five persona conversations in parallel. They run them in a sequence that builds consensus. A typical sequence:

Order	Persona	Goal	Outcome
1	Champion (often CTO or CPO)	Establish technical credibility	Champion agrees to introduce you
2	Other technical persona (CTO ↔ CPO)	Build cross-functional alignment	Both technical personas agree to bring exec sponsor
3	CEO or CFO	Get strategic buy-in	Exec sponsor commits to procurement path
4	CISO	Clear security gate	Security questionnaire issued
5	Head of compliance	Clear compliance gate	DPA / SOC2 / contracts review proceeds

The order varies by org. The principle stays the same: build consensus before procurement, not during. Gartner's 2.5x consensus-quality finding says deals where consensus is achieved before the formal process are dramatically more likely to close at quality.

The Mobilizer pattern (from Challenger Customer)

The Challenger Customer (Adamson, Dixon, Toman 2015) introduced the "Mobilizer" archetype — buyers who actively drive consensus within their org. Three Mobilizer types matter for PM33 sales:

Go-Getters — focused on improving the company; willing to challenge status quo
Teachers — naturally explain ideas to colleagues; force-multiply your pitch
Skeptics — careful but willing to advocate once convinced; their endorsement is hard-won credibility

The Mobilizer (often a Director or VP, not a C-level) is who you want as your champion. Two indicators a contact is a Mobilizer: (1) they ask "who else should we include?" unprompted, and (2) they bring data to follow-up conversations that you didn't send them. Both behaviors signal active consensus-building.

Anti-patterns

Feature demos before discovery. Buyers need to feel heard before they're willing to be persuaded. A demo without discovery is a generic feature dump that doesn't speak to their pain.
Single-persona discovery. You'll find pain, you'll build a pitch around it, you'll lose the deal at the buying-committee stage because other personas surface objections you never heard.
Leading with "we use AI." Table stakes. Every PM tool says this in 2026. Lead with closed-loop attribution; mention AI as the executor.
Skipping the CISO until procurement. By then it's too late — security questionnaires take weeks and the deal slips. Loop the CISO into discovery, not just procurement.
Assuming the CEO is your champion. CEOs delegate technology choices. Your champion is more often a VP-level Mobilizer who builds consensus up to the CEO.

PM33's website + curriculum is intentionally structured by persona:

Executive track → CEO/CTO/CPO/CFO/board materials
PM track → CPO/VP Product/practitioner materials
Security & Compliance track → CISO/compliance head materials
Engineer track → CTO/VP Engineering technical depth

You can send each persona the right track BEFORE the discovery call. They arrive better-informed; discovery time is spent on their specific pain, not on first-time explanation. This is the structural mechanism that lets PM33's sales process compress to 6-8 week procurement reviews.

Discussion prompts

For team practice:

The Beat-2-by-persona test: write the differentiation beat tuned for each persona (CEO vs. CTO vs. CISO). They're different sentences. Practice each.
The consensus-build test: simulate a 5-person buying committee call. Each peer plays a different persona. Run discovery for 20 minutes. Score the conversation on whether all 5 personas felt heard.
The Mobilizer-identification test: review your active pipeline. Identify the Mobilizer in each deal. If you can't, that's a deal at risk.
The objection-by-persona test: pick objection #4 from Module 4 ("we tried AI dev tools before; it was a fad"). Practice the counter delivered to a CEO vs. a CTO vs. a CISO. Different framing, same substance.