raleighYesterday I spent the day with business leaders in Raleigh, N.C.  Thanks to The Teneo Group and Check Point for sponsoring this educational event.

There’s a lot going on in the security space – I expect to see more security issues than ever before as we move further into this year….

My keynote focused on coming trends as the workforce transitions from Baby-Boomers to Millennials – the C-Generation.  This generation, according to recent WSJ reports, is not as concerned with security breaches. In fact, the assumption is that everyone has everyone’s data already so it’s not a big deal.  This is dangerous thinking. The other major mistake is trading security for convenience. I just finished an interview with a company in the mid-west, talking about EMR  and the future of healthcare security. The medical world is way behind when it comes to securing data, and the EMR movement is largely focused on accessing records, not restricting access. Expect to be compromised, and watch carefully to make sure people aren’t buying expensive medical equipment under your name – to be sold on the black market.

At the end of the event, The Teneo Group offered to assess the security of any company attending. Every company signed up! This is an important step for every company.  The traditional security assessments being conducted by most companies are not effective, and the pen-tests required by compliance regulations provide the wrong information.

© 2015, David Stelzl

How Should The Government Get Involved?

Compliance & Security Are Not The Same Thing

This week I’ll be speaking to CISOs in Raleigh, NC on this topic (Thanks for The Teneo Group and Check Point for hosting this event.) Security is not a simple thing. And it would seem that companies like Sony are on their own when it comes to defending against cybercrime.  Will Obama’s new proposals bring us greater security?

What is an act of war? What is organized crime? And how can a government defend Sony, Home Depot, JP Morgan, or Target? In some ways it’s like a bomb was dropped on these companies – but in some ways it’s not. Is this a war? Who should respond? Sony can’t really respond. They have no recourse. Will the government? No, they can’t really either. It’s a gray area.

When the government gets involved, it usually means more bureaucracy, not more security.

In N.C. where I live, it’s illegal to plow your field with an elephant. Who made that law and why?  These are the types of laws government responds with when something goes wrong. It appears to be action – a response to a problem that needs attention.  But compliance is not security and it’s not making us more secure. It’s a hard issue because we don’t always know who initiated the attack. The losses are big – so it seems like someone needs to do something. But more laws are not the answer.

From what I can see, these laws are just costing businesses more money. They get hacked and then our government hits them with a bunch of expensive laws to comply with. What should we do?

What If Companies Were Required to Report A Breach In One Day?

Will companies be more secure if they report breaches within 30 days or…what about one day? It doesn’t matter – they won’t be more secure. From a consumer point of view I’d like to know, but faster reporting does not mean better security.

There are several problems that should be addressed. First, most of the security budgets are being spent on keeping hackers out. That doesn’t work. In my book, The House & The Cloud I explain in simple terms why companies are losing the battle. Like all physical security, it is real-time detection that stops breaches. This is true in your house, and it’s true in the cloud. 80% of the security budget is still being spent on the wrong stuff!

There is also a need for better technology. The fact that we use credit cards in the U.S. that can be reproduced in seconds is just wrong. It’s not hard to fix this problem – and it will be fixed, but I’m not sure why we’ve waited until now to get this moving. Then there’s education. The people creating and using the data are often completely unaware of how they expose data.

On Thursday I’ll be walking through some of the biggest threats we face in 2015. Most of them are technology mindsets that have developed with the use of social media, cloud, and the smartphone.  Like handling a gun, some training should be required before an employee gains access to data with their iPhone. I will also be showing Security officers how detection strategies should be applied, and why most assessments are not providing the right data. The average assessment leaves business leaders guessing as to what to do next. Intelligence is needed. These leaders need more than FUD. They need a measure of likelihood – what are the odds they’ll be attacked in their current state, using the types of data associated with their industry.

Like a basic blood test, without the expert analysis, most of us would be clueless.  About the only number I understand on my last test is the cholesterol number. That’s because that’s the number insurance companies are always beating us over the head with. Everything else is a mystery.

What Should Technology Providers Be Doing?

If you’re a security solution provider, you can help. Your clients need education. The problem is, they may not know it. They might think they’ve got it covered…they might think this is just a technical problem, and IT should handle it. But the truth is, we need executive support. The budgets, policies, and strategies must start at the top – with education and support for making a change. The longer we wait, the more bureaucracy we’ll see. While Obama’s plan might sound good – it really just means less freedom, more oversight, and more compliance costs – which don’t equate to more security.

© 2015, David Stelzl

How would your clients respond?

(Watch the Video – it’s worth the two minutes) How would your clients respond to an interview like this one? I don’t mean the people in IT – the exposure is with those who don’t really understand computers but use them all day long, creating and using digital assets. Is this interview for real?  I think it is…I’m tempted to go out and try this.

Blog Subscribe Ad

The point is, no matter how secure the perimeter is, people still talk. It reminds me of the men working on Wall Street who gave their passwords out to the 21 year old Facebook woman last year (Wall Street Journal Reported on this.) I talk about this in my new House & The Cloud book (Second Edition), and what you can be doing to help your clients change this.

One thing is for sure, passwords don’t really work. They’re like your front door at home. They keep out bugs, heat in the summer, cold in the winter, and curious children living next door. But that’s about it.  Is anyone seeing more sales in strong authentication technologies…please comment.

One opportunity is to get into the security policy business – if you’re not helping your customers develop strong policies and enforcement, you should be. Compliance requires it, and for those who don’t seem to fall under any compliance regulations, they still need it. Password policies should specify lengths of at least 8 characters, with numbers and letters, and a special character.  But they still wont really work. At some point we should be moving to something more secure. Some sort of duel authentication. I love my thumbprint iPhone 6 button! Of course, you don’t need a thumb because you can always guess the 4 digit login – or accidentally erase the entire phone by guessing wrong 10 times in a row. Somehow that’s not great either.

© 2015, David Stelzl

targetDo you depend on the Gartner reports to predict this year’s business growth?  Don’t.

A few months ago Gartner projected 3.9% growth in IT spending. More recently this was downgraded to 2.4%. Does it matter? Perhaps. If you’re a major shareholder at Cisco or EMC you might be worried.  But if you’re a rep selling technology, manage a VAR, or spend your time consulting on technology, it really doesn’t matter.


Join Us for an informative session on how to grow your business using security! Sponsored by eGestalt!

The real question is, are you selling the right stuff? Software will grow about 5% according to Gartner, data center will be at about 1.8%.  If you’ve attended my training classes or read my books, I predicted this. VoIP isn’t even mentioned.  No surprise here. It’s a commodity. So is most infrastructure. I wrote back in 2007 that VoIP would die out within 10 years as a strong profit driver for most. If you provide a managed VoIP service you might still have a business, but it’s a commodity like most managed offerings. I also pointed out that Data Center is not a discontinuous innovation on Geoffrey Moore’s model (Insider the Tornado), and so you can’t expect it to act like one in terms of sustained profitability. The 1.8% growth Gartner has given us is pretty low compared the other growth areas.

Computerworld ranks it like this:


If you work on infrastructure, you’ll want to beef up your security offerings. If your income comes from managed services, make sure security is central to your offering – everything else is a $/seat sale – total commodity. If you work on the software side you want to be in the cloud, investing your time in analytics and intelligence or customer experience.  Everything else is destined to decline.  You’ll be competing on price.

How Much Will Gartner’s Number Affect Your Salary?

If you sell things people need – like security and customer experience, you’re selling something everyone will be buying. The question is, “Will they buy it from you?” It’s a value proposition and unique positioning statement question.

Value Proposition: This why people do business with you rather than someone else. If you’ve been in an account for a long time, don’t assume they’ll stay with you. Companies are demanding more and more in terms of customer experience. Recently my daughter, who owns a natural healthcare products business, asked me if she should refund a customer’s shipping charges on a product they didn’t like. “Of course!” I won’t do business with someone who won’t refund my money. A great buying experience is critical to your value prop.  But you also need differentiation of products and services. If all you do is resell a product, its time to wrap some consulting / advisory services around. Again, security is the most important thing you can possibly bring to your client.

Unique Positioning Statement: This is the message that sets you apart from everyone else. There are dozens of choices when it comes to buying infrastructure. Software is even worse – no one really has to come onsite. So what can you say to grab your prospect’s attention? The technology companies out there are spending very little on training when it comes to great messaging…big mistake. This is the first thing a customer experiences. If it’s not great, it won’t go any further.  In my book, The House & The Cloud I provide a number of ways to do this. One concept parallels The Challenger Sale. It’s coming in with a predictable message.  80% of your client’s security budgets are being spent on the wrong security controls – attempts to sure up the perimeter. Very little is being spent on technology that will detect an intrusion. In my book I explain why this is so important…but to get you started, the perimeter is an outdated concept. Mobility and BYOD have taken the data outside the firewall.  There’s much more to it…if you want to stay relevant, focus on what’s really needed, develop offerings that help clients move from their current state to a secure one, and be prepared to offer ongoing support, with security as the central part of that offering.

© 2015, David Stelzl

P.S.  eGestalt, a cloud based security management company is sponsoring a great session (online) in February. I’ll be presenting strategies to grow your business by adding cloud based detection and response offerings – the next step in developing a strong security offering… you can attend by registering here:

Build Your Business On Security  <<< Click to Sign Up For The Event!

HC Image

The House & The Cloud In Print!

Happy New Year!  And yes, The House & The Cloud, Second Edition is now in print!  It’s available on Amazon…here’s what you can expect:

  • First, the message. The House & the Cloud message is more relevant than ever.  I’ve used this same messaging for 15 years and it still works. Sometimes we get tired of our own message before the market does – but last year over 90% of my lunch & learn attendees heard this message and signed up for an assessment at the meeting.
  • This book is longer – however it’s easier to read. There are 275 pages vs. the old 150 page version….however, I’ve shortened the chapters making it easier to look up things after reading it.  I have also added details to clarify how to sell larger security deals as well as managed services.
  • Of course there’s the cloud – when I wrote The House & the Cloud, “Cloud” as we know it today did not exist…neither did big data, or BYOD…this version is up to date and relevant to your business right now…
  • Speaking of managed services, I invited a strong MSSP company to participate in this edition – So you’ll find content directly from someone who has done it – Steve Rutkovitz (President of Choice Technologies) and one of his senior sales reps wrote the chapter on building the MSSP business – you won’t want to miss this.

Free Resources Online…

Personally I like to read books printed on paper – however there is a place for video and audio. So as part of the book, you’ll have access to some great online resources. I’ve posted recordings of live security sales training using this material… as well as a keynote using this same message to convert over 60% at a lunch & learn in Tampa, FL.

You’ll also find several videos on using assessments to drive larger project business as well as managed services.

Finally, there is a place on my House & the Cloud website to ask questions and get input as you apply these concepts.  Buy the book and you’ll get a link (printed in the back of the book) to access this and more.

So as you get started with 2015 – I recommend reading The House & The Cloud. I guarantee it will give you a new perspective on how to access new accounts, discover their most important needs, and solve your client’s biggest problem.

© David Stelzl, 2015

xmas2013The New House & the Cloud – Ready For Christmas!

It’s an exciting time of the year!  I love Christmas – the decorations, music, special times with family and friends…and the annual SVLC anniversary.  LinkedIn thinks our anniversary is earlier in the year, but our official start date was December 17th, 2003.  This year we celebrated 11 years in business!  And, to make it even more special, my first book, The House & The Cloud has been completely updated and revised, and has been sent to Amazon.  It should be on their site in 3 to 5 days!  Be sure to look for the second edition with the new (really cool looking) black cover!

And for anyone who buys the book, there is a free resource website with videos and audios, as well as a place to post comments or ask questions. How often do you get the chance to ask the writer a question about their book? One of the audio programs sells for $25 on my webstore, but it’s free on this site (worth more than the price of the book).

I created this private site after reading Ian Brodie’s book, Email Persuasion. After reading Ian’s book I actually did have some questions. Email seems like a simple tool to use for prospecting, but you and I both know people don’t read marketing email. I thought Ian had some great ideas, but still there were questions in the back of my mind.  So I joined his online group – which was free to anyone with a book.  I posted a few questions and he answered!  His answers were so good I invited him for an Interview with my SVLC Insider’s Circle!  It was a great program. He explained why email is so powerful, how to use it, and how not to use it. He gave us clear examples and answered many of my questions.

There’s great value in this type of interaction. Years ago authors wrote their ideas and we read them. But we were always left with their particular situation that seemed different. A unique obstacle not covered in the book. Well, like Ian, I wrote my book to help my readers – I didn’t have time to write thousands of pages, nor do my readers want all of that. But the main concepts are clearly laid out and expanded in this 2nd edition.  I’ve included many new ideas that have worked for my clients over the past 8 years.  But I am sure there will still be questions. And so I invite you to buy the book, read it, and then join the free online site.  If you have questions, Like Ian did for me, I’ll answer them…

If you’ve never read The House & the Cloud, this is a great time to dive in. The market is changing, security is hot, and 2015 is right around the corner. I’ll show you how to master selling the most important thing your customers will buy this year. You will discover how to access the decision makers, how to talk with C-levels and business owners, and how to create undeniable justification.  And, if you still have questions, you’ll have access to my private membership site to get your questions answered.

© 2014, David Stelzl

P.S. Enjoy Your Christmas Holidays, and Happy New Year…looking forward to working with many of you in 2015!

HC Image

The New House & the Cloud – Completely Revised,

Full of New Strategies, And Updated To Address New Technologies – Cloud, BYOD, Mobility, Collaboration, and Social Business.

It’s been a long time coming – I had hoped to have this out in the late summer.  But it’s finally done, and with the publisher.  Here’s what to expect:

1. First, if you have the real book – The House & the Cloud (vs. the PDF version) you know the old cover was ugly.  It was my first book – published in 2007, and I was so anxious to publish it, I couldn’t wait for a better cover design.  I’ve learned my lesson – the cover does matter.

2. There’s now a website with tools, updates, videos, examples, and more – when you get this book, you get a whole lot more. I even have a forum to ask questions.  Anyone who buys the book will have access to the site. Just turn to the back of the book and follow the links – it’s free, as long as you have the book.

3. It’s longer. That might not be a selling point for sales people who are too busy to read – but if you have the first version, or even worse, my Vendor to Advisor book, you know the print was too small.  That doesn’t mean the content is bad – they are just harder to read than they should be. In this book,  you will find more content, but you will also find larger print and spacing to make it easy to read.

4. More chapters. I’ve shortened the chapters, cutting many of them into multiple chapters, making it easy to read and easier to find things. In this book 12 chapters are now 30.

5. Updated content. There’s a lot of new content here. Security has changed, but so has selling security. In this book you will find great ideas for selling security to companies using cloud, BYOD, social collaboration tools, and more. I also address managed services in detail – and have even included a chapter written by Choice Technologies, a provider of Managed Services and Managed Security.

6. More fun to read. My first book read more like a text book. This one is more conversational and easier to read. Hopefully this makes the book easier to get through so you can start earning more money on bigger security projects, faster.

7. More free stuff. Not only is there a free website, but there are introductory training offers and more in this book. Again, these are at the back of the book to help you take this material to the next step.

What Happens Next?

So what’s next? The publisher is reviewing the content – they should have this done this week.  Once that’s in place they will print a proof copy for me to review. I’ll do that over the Christmas holidays and have it approved before New Years.

Blog Subscribe Ad

Then its time to print! The book will be available on Amazon, initially as a paperback selling for $19.95. If you are interested in Kindle, please comment on this post to let me know. If I have enough requests I’ll send it to Kindle and have it online in Q1.

Another question that comes up often – will I have an Audio book…again, I would need to hear from you.  In the past I have had some requests, but not many.  Creating an audio book with a high quality reading is not cheap – so if the demand isn’t there, I probably won’t do it.  But let me know…my goal is to get this material to you in a way that allows you to benefit from it.

© 2014, David Stelzl

P.S. You can gain access to the Website now by downloading the 2007 Version and following the instructions in the responding email…Just visit us here: security.stelzl.us/ebook