HC Image

The New House & the Cloud – Completely Revised,

Full of New Strategies, And Updated To Address New Technologies – Cloud, BYOD, Mobility, Collaboration, and Social Business.

It’s been a long time coming – I had hoped to have this out in the late summer.  But it’s finally done, and with the publisher.  Here’s what to expect:

1. First, if you have the real book – The House & the Cloud (vs. the PDF version) you know the old cover was ugly.  It was my first book – published in 2007, and I was so anxious to publish it, I couldn’t wait for a better cover design.  I’ve learned my lesson – the cover does matter.

2. There’s now a website with tools, updates, videos, examples, and more – when you get this book, you get a whole lot more. I even have a forum to ask questions.  Anyone who buys the book will have access to the site. Just turn to the back of the book and follow the links – it’s free, as long as you have the book.

3. It’s longer. That might not be a selling point for sales people who are too busy to read – but if you have the first version, or even worse, my Vendor to Advisor book, you know the print was too small.  That doesn’t mean the content is bad – they are just harder to read than they should be. In this book,  you will find more content, but you will also find larger print and spacing to make it easy to read.

4. More chapters. I’ve shortened the chapters, cutting many of them into multiple chapters, making it easy to read and easier to find things. In this book 12 chapters are now 30.

5. Updated content. There’s a lot of new content here. Security has changed, but so has selling security. In this book you will find great ideas for selling security to companies using cloud, BYOD, social collaboration tools, and more. I also address managed services in detail – and have even included a chapter written by Choice Technologies, a provider of Managed Services and Managed Security.

6. More fun to read. My first book read more like a text book. This one is more conversational and easier to read. Hopefully this makes the book easier to get through so you can start earning more money on bigger security projects, faster.

7. More free stuff. Not only is there a free website, but there are introductory training offers and more in this book. Again, these are at the back of the book to help you take this material to the next step.

What Happens Next?

So what’s next? The publisher is reviewing the content – they should have this done this week.  Once that’s in place they will print a proof copy for me to review. I’ll do that over the Christmas holidays and have it approved before New Years.

Blog Subscribe Ad

Then its time to print! The book will be available on Amazon, initially as a paperback selling for $19.95. If you are interested in Kindle, please comment on this post to let me know. If I have enough requests I’ll send it to Kindle and have it online in Q1.

Another question that comes up often – will I have an Audio book…again, I would need to hear from you.  In the past I have had some requests, but not many.  Creating an audio book with a high quality reading is not cheap – so if the demand isn’t there, I probably won’t do it.  But let me know…my goal is to get this material to you in a way that allows you to benefit from it.

© 2014, David Stelzl

P.S. You can gain access to the Website now by downloading the 2007 Version and following the instructions in the responding email…Just visit us here: security.stelzl.us/ebook


We’re in the height of Cyber Monday – How Secure Is Your Data?

There’s One Big Mistake Almost Every Company Is Making – Do your clients know what it is?

If you’ve read my book, The House & the Cloud, you know what it is. This one concept alone has earned me more assessments than I can count. In fact, I just heard that my last lunch & learn meeting had nearly a 100% sign up – the average over the past 12 months is over 95%! How is this possible?

This Thursday I’ll be speaking on these things out in the Bay area – an educational session on what to expect over the next 12 months as people move more into cloud technology, BYOD, and other transformational technologies. Thanks to Solid Networks and Cisco Systems for sponsoring this event!

Have you ever considered how security actually works?

I mean, what makes something secure or not? Since data is so intangible, let’s look at a physical security example. Consider your house. You probably feel pretty safe in your house. If you didn’t you would be up all night keeping watch. Hopefully you’re not doing that.Blog Subscribe Ad

How is your house protected? All houses have doors. You probably lock yours at night and when you’re away, to keep neighbors and squatters out. You also have windows with locks, and might even have a safe inside to store valuables. Perhaps you have a dog, personal firearm, or an alarm just in case someone breaks in. If you were to make a list it might look like this:

Doors Alarm Firearm
Windows Motion Detection Dog
Lock Monitoring Police
Fence Neighbor Watch Insurance

It’s a simple list of 12 things that most of us look to for safety. But the fact is, these things are not what protects us. If I’m right, then what is it that actually makes your home safe? It’s actually a system at work behind the scenes. A system that sits behind every valid security model. It uses these components, but without the system, these components actually do very little to protect you.

Take your door for instance. Is there any doubt that a determined perpetrator could break through your front door? Your door probably has glass windows on the sides, and surely you’ve seen on TV how easy it is to kick in a door. So what is this system I am talking about?

It’s a system with three distinct stages: Protect, Detection, and Response. These headings sit on top of the three columns in the diagram above. The first column provides some level of proactive PROTECTION to keep people out. As I’ve pointed out, it will fail under the pressure of a determined attacker. At that point DETECTION takes over. An alarm sounds or you hear someone breaking in. If your system is built correctly, the DETECTION stage will kick off some form of response plan. That could be a dog trained to protect it’s owner, a home owner equipped to defend his castle, or law enforcement agents responding to a break-in. The key here is timed stages that predictably trigger the next, before it’s too late. If your alarm sounds and it takes the police 20 minutes to arrive, your plan might not be very effective.

Looking back at the three-stage model, all three columns are essential. Each stage must work with timed precision. However, one of these columns is more important than the other two. Can you guess which one it is?

In live training sessions I do for business owners I often take a pole. Is it column three, two, or one. As I go though them I ask for a raise of hands. Maybe 20% of my attendees will choose column three. 10% might choose column two. The rest will go with column one. But the answer is column two – DETECTION. Why?

Consider the physical security around you. Look at your bank. Is the vault open in the daytime? It is! All day. Anyone can walk into a bank. So what keeps your money safe? It’s the bank’s ability to detect a perpetrator before they can get to the money and get away. At night the bank is locked up, but most physical bank robberies take place during the day. Why are they avoiding nighttime? It’s because they know, and the bank knows, that the safe can be compromised with tools and a torch. But they also know how long it takes to crack a safe and how long it will take the police to respond once the alarm sounds. It’s all timed and it works most of the time. The day is less predictable, and so if everything goes well for the crook, chances are better that they’ll get away.

So what is the one big mistake just about every company has made with their data security strategy? It’s the system above. Most information security programs are built on proactive PROTECTION. They rely on firewalls, passwords, and encryption. That’s what we’ve been taught to do by security product manufacturers. Only in the past few years has the story changed.

If you want your data to be safe, your security model has to change. You will have to move from a proactive protection model to one like I have pictured above. One where DETECTION is the primary focus and a well timed response plan follows. Once in place, the question will no longer be, “Can they get in?” They can. The new question is, “How long will it take for us to detect and respond? And is that fast enough?”

© 2014, David Stelzl

P.S. For those waiting for the House & the Cloud Second Edition, we are done editing and just getting ready to send this off to the publisher!

Happy Thanksgiving!

November 26, 2014 — Leave a comment

family 2014Happy Thanksgiving! I am grateful for the opportunity to work with all of you who have benefited from reading my blog, attending my workshops and live sessions, and those who continue to work with my through the SVLC Insider’s Circle and Coaching/Mastery Programs…

DemandGenLogoIf You Want to be Relevant In Your Technology Sales Role

There are 7 Things You should be Focused On

Security is more a people problem than it is a technical one. Many of the losses you read about could be prevented if people better understood how security works, and how data is compromised. In each of these concerns you will see a technical issue. But underlying most are mindset problems. Mindsets that could be changed with some education. Stop talking product, and start talking like this when meeting with prospects.

  1. Malware Advancements. The bot, or robotic malware, is the most common tool used to compromise computers today. Most people are thinking about viruses, but bots are not viruses. They install on your computers when you download infected emails or files, or visit an infected website. Just about every company has bots. Most don’t realize how dangerous they are or how to detect and remove them. The problem is, because they are so common, even technical people treat them as “normal”. Brian Krebs just put a great book called SPAM NATION, The Insider Story of Organized Crime – From Global Epidemic to Your Front Door. I’m just into the second chapter, but I can already tell this is going to be spot on. If you want up to date, relevant stuff to talk about with your clients, get this book and study it.

Spam Nation, Brian Krebs << Get it on Amazon.

  1. Trends in Mobility and BYOD (Bring Your Own Device). BYOD initiatives are going on in companies all over the world right now. Since almost every aspect of life involves technology, drawing a hard line between work and personal is becoming impossible. And no one is going to carry two laptops or two phones for long. This will become more and more pervasive over the next few years as generation C evolves. The destructive mindset here is thinking that computing on one device or in one location is just as safe as any location. And so your employees are likely to store and transmit your company’s secrets just about anywhere and on any device. They’re assumption is, security technology has me covered. They’re wrong.

Blog Subscribe Ad

  1. Misuse of Social Media. The use of social media at work has been an Achilles heal for office managers for several years now. It’s a time waster. But wasting time is of little concern when compared to the mindset social media has created. Remember when people were afraid to purchase something online? Or when it was scary to write something about yourself or post a family photo? That’s gone. People send naked pictures of themselves across the Internet everyday. If they’re willing to do that, what will they do with your data? In a recent WSJ article, one financial firm reported that 75% of the men in their company gave up highly sensitive information to a woman on Facebook. But get this, 13% of them gave away company passwords. You might have guessed, but this was a 40-year-old male, white hat hacker, posing as a woman to test the integrity of the office workers in that firm. How can companies like yours protect against this type of irresponsible behavior? 
  1. Misunderstanding Compliance. Compliance is not security. Lawmakers would like to think that HIPAA or GLBA compliance are going to keep healthcare and financial data safe. But the truth is, compliant companies get hacked all the time. Compliance rules are set up to move a company toward security, but in no way are they actually addressing the problem. The problem with compliance, according to McConnell is, “Once a company passes the compliance audit, they stop working on security.” Compliance is the law, but in my opinion it’s too often just a distraction from true security.
  1. Internal Threats. Cybercriminals, spies, and hacktivists are real. But in just about every major data breach, there’s an internal component. In some cases it’s operator error. In other cases it’s a bribe to cooperate with an outsider. The perimeter security mindset assumes that the threat is always outside, yet a recent WSJ report tells us that 75% of employees admit they steal data. When employees don’t get promoted, do get laid off, or move on to a better opportunity, you can assume they’ll be taking data with them. But it’s also true that a hacker can easily pay off one of your employees, giving them 3 to 5 times what they make in salary to cooperate in a data heist.
  1. Nation-State & Advanced Persistent Threats. You’ve probably seen the term, “Advanced Persistent Threat,” or APT. What is this? The APT are groups of people that want in – they are a “who”, not a “what”. Google “Stuxnet” (a highly sophisticated attack targeting the Iranian nuclear uranium enrichment program,) and you’ll start to get a glimpse of the control the hacker has over us. Or consider cyberwarfare attacks that have taken down power grids – they’re seemingly unstoppable. The APT is bigger than malware. These groups are sophisticated, well sponsored, and determined to get something they specifically want. In other words, they are “Persistent.” If they can’t get what they want one way, they’ll simply find another entry point—likely through an unsuspecting employee or third party supplier. If they have to, they’ll pay off an internal employee to get the access they need. 
  1. Cyberterrorism. Finally there is the threat of war or cyberterrorism. While many of these things may not directly impact the small business owner or entrepreneur, they are real. In a worst-case scenario, hacker groups are capable of taking down power grids and other critical infrastructure you rely on to carry on business. There’s not much you can do here to protect yourself. The best thing is to just be aware of it and at some level be prepared for disaster.

In a recent interview with Matt Keane of RiskIQ, we discussed the relevance of security going forward. Over the next 5 years expect your hardware sales to drop off. If you want to grow your business you either need to move into AppDev – with a focus on customer acquisition, customer experience, and customer retention, or you need to focus on security. If you sell infrastructure today, security will be the easiest direction to head. This is what everyone out there needs – the opportunity is big. The challenge is learning how to get to the right people, and how to deliver the right message. When you get there, budget will be available.

Learn more about selling security – check out my newly released Security Sales Mastery Program…

Master the Security Sale  <<< Click to Learn More!


© 2014, David Stelzl

Big Fork Ridge TrackRemember when phones were phones?

Nobody thought phones would anything more – just a handset tied to a box with a rotary dial.

Wireless was neat. Remember when it first came out? You could walk around the house, go outside, and continue working on projects while talking…it was amazing.

This weekend was revolutionary for me. Equipped with my iPhone 6 and a $2 app called MotionX, I was able to pin point my elevation and location trekking through the Smoky Mountains over the weekend.  I also had weather and a way for emergency rescue to track me down if the need arose…

Being a late adopter, I could have spent over $300 easily, just a few years ago, and had a 1 x 1 screen with digital readouts of my latitude and longitude. I would have had to turn off my GPS while hiking to conserve my battery.  And when I powered up, it would have been painful to reconnect to a satellite.

This weekend was much different. The iPhone 6  with it’s larger screen had my topo loaded up before we left Charlotte. That was easy. I just searched with the app, found the location online, downloaded it in just a few seconds, and turned off my phone. When I arrived, I had already reviewed the terrain on Google Earth – printed out trailhead directions from AllTrails.Com, and had my starting position marked on the MotionX map. I also had back-country campsites reserved online – a requirement in the Smoky Mountains.  I opened the app at the trailhead – of course we didn’t have service, it’s the Smoky Mountains. But we did have satellite – and I was connected in seconds.

Yes, we really saw Elk on Our Trip!

Yes, we really saw Elk on Our Trip!

The app runs in background, so I shut off the screen, put it in my shirt map pocket, and headed out with my kids. Every 10 minutes Siri updates us on our position – she tells us how fast we walking, what our altitude is, and how far we’ve walked so far.  To check how much further… I can either have preloaded waypoints or just check the map on the screen.  I chose the latter since I was not able to download the waypoints and didn’t want to enter them by hand.

My phone was on the entire time. The next morning, in 15 degree weather, my battery was looking a little weak. So I plugged into my Anker portable recharger!  In minutes my phone was back up and running – which lasted me through Saturday and Sunday.

It’s a little off topic, but not really.  The point here is technology is getting faster, smaller, and cheaper. How much longer will the $300 GPS be a viable solution? I can’t imagine the average hiker buying one – the $2 app does it. What about PCs? How long do we have? Servers? Storage?  I agree, we will continue to need some of this hardware. But the cloud is changing the value of infrastructure. The iPhone is one example of a computer most of us can’t make a living selling. It and the tablet are changing the way we compute.

How long will it take you to retool? Can you continue to live on basic managed support services and infrastructure resale? As we move into 2015, we should all be thinking about the future of technology sales. What will still be worth paying for? Security will. Security Managed Services will. Consulting will – when it relates to the business. Virtual CIOs and CISOs will be in demand. Custom software will…. Networks, storage, computers….not so much.  What are you selling in 2015? What about the year after that?

© 2014, David Stelzl

P.S. I also took all of my pictures with my iPhone – leaving my $350 outdoor point and shoot, and my Canon SLR in my home office collecting dust.  Back in the car I made calls, checked in by phone with those back home, and more…

AtlantaHow Does Data and IP Security Suddenly Change In This New Paradigm?

The Security equation has changed. This week I’ll be speaking to business execs in Atlanta on some of the changes they need to be aware of over the next 12 months…Thanks for Milestone Systems for hosting the event. This is much needed in every city!  Here’s a quick overview of what’s happening – companies have to change to compete – and this changes everything they’ve ever known about securing data.

Twenty years ago we thought math would solve this problem. Encryption algorithms and authentication keys were the answer. We all realize now that keeping thieves out is more difficult than we originally thought. And with digitization, expect the problem to get worse.

Who Is Behind The Latest Cybercrime Disasters?

Experts tell me there are three primary “actors” in the hacker world; Traditional Cybercriminals, Hacktivists, and Spies (Think – Espionage.) In addition, significant threats may exist internally among full time employees as well as with contractors and partners (a major topic of conversation these days among business leaders.)

Over the past decade the emphasis has been on credit card theft and skimming money. But more recent attacks focus on IP (Intellectual Property.) This is what Mike McConnell, former director of national intelligence, secretary of homeland security, and deputy secretary of defense, means when he writes, The Chinese government has a national policy of economic espionage…in fact, the Chinese are the world’s most active and persistent practitioners of cyber espionage today,” He is accusing China of carrying out Nation-State Sponsored Attacks. In reality, these are well-funded acts of war.

Recent U.S. security advisor reports add Russian hacker groups to this problem. Russian groups are thought to be far more sophisticated than the Chinese and therefore pose an even greater threat. Evidence suggests they are actively stealing U.S. innovations right now.

Many have called these acts of war, “The greatest transfer of wealth in history.” When you read about large complex cyberattacks, both Russian and Chinese groups are the primary suspects.

How Is Cybercrime Impacting Businesses Around Us?

Obviously there is the financial loss. But these crimes also cut into jobs, your competitive advantage, and even national security. McConnell comments how large-scale this problem is, stating, “We think it is safe to say that large easily means billions of dollars and millions of jobs.”

The Internet is the ideal medium for stealing intellectual capital, money, and power. Hackers can easily penetrate systems that transfer large sums of data, while corporations and governments have a hard time identifying specific perpetrators.

In a recent study, the 9/11 Security Commission reported back stating, “Our most pressing problems are the daily cyberattacks against the nation’s most sensitive public and private networks.” They later added, “Yet, because this war lacks attention-grabbing explosions and body bags the American people remain largely unaware of the dangers.” In the case of 9/11 we didn’t awaken to the gravity of this terrorist threat until it was too late – we must not repeat this mistake in the cyber-realm.

What Are Cybercriminals Really After?

As just mentioned, Company Secrets and IP are the newest hacker targets. So who is at risk? The truth is, no business is safe. But small business and entrepreneurial startups are often the primary targets for these perpetrators.

A recent WSJ headline reads, “Hackers target startups that secure early-stage funding.” Startup companies are now detecting cyberattacks just after they raise their Series “A” funding. They’re watching to see when funding is made available, knowing that there will be a sudden influx of cash. Another target would be new innovation. These groups are looking to advance without the R&D cost. To further exasperate this problem, recent patent law changes actually encourage the theft of intellectual property. The person who files first has an advantage over the patent right. That means that as you are inventing, others are watching. Suddenly credit card theft is of little consequence compared to your ten-year R&D effort. A copycat product overseas might be enough to put your company out of business.

How Will A Digitized World Worsen This Problem?

When it’s digital it’s connected, and that means it’s accessible. It doesn’t matter if something has a password on it. It doesn’t even matter if it’s encrypted. Firewalls are no match for today’s cybergangs. But as we necessarily move more toward the use of transformational technologies and IoT we expose ourselves more and more.

Over the past decade your clients have probably safeguarded their data behind network perimeters. Using firewalls, passwords and encryption, They have felt fairly secure. However there’s an underlying flaw in this approach. See my free ebook below for a thorough description of this flaw…

But a move to transformational technology is necessary. And that means moving away from traditional perimeter security. Digitization means connectivity, mobility, and a necessarily open computing architecture. If you’re clients are going to compete, all of this is necessary. As I’ve already stated, this is a great opportunity for the small and medium business leader. But with it comes exposure. People can’t control their data in someone else’s cloud, and they don’t oversee the network their employees are using at Starbucks. Their systems will, by design, face the public web, and their company no longer has any definable perimeter security. In the new world, their data is everywhere and accessible by just about anyone. And so, security approaches must change…

This is your opportunity. They need an advisor. But this is not a product sale – it’s an advisory role. One IT can’t really fill…

Make sure you have my book, The House & the Cloud – and get access to the House  & the Cloud private resource page, only accessible by those who have the book!

Send me the Book!  <<< You can get the book, and access to the resource page right here!

© 2014, David Stelzl

bluedataWhat Is the Digitized Megatrend All About

Your Clients are going digital. We all are. And it’s happening fast. Obviously we all use computers and smartphones. That’s not what I mean. I’m talking about a Megatrend. A complete paradigm shift in the way we think about business. Think cloud, appstore, smartphones, and Internet of Things (IoT). Everything is connected; everything is digital. This is the mindset of Generation C – C stands for connected, and they will be connected.

By 2020 our businesses will be fully meshed with a generation of digitized workers and leaders. Their world is online – friends, family, photos, entertainment. They bank on tablets, invest electronically, buy and sell on their smartphones, and transact business anywhere at anytime. These people share their lives on Facebook, opt for a text message over a phone call, and hang-out together in chat rooms.

This trend is unstoppable. To compete in the future, your clients must be connected too. They must be mobile. They must be global. All of this is now possible, even for the micro business, using what have been called transformational technologies. The cloud, big data, online collaboration, social business, etc. With these space-age advancements, small businesses or start-ups have an incredible opportunity. You have global reach. Suddenly they can complete with fortune 500 companies. They can utilize enterprise class technology simply by plugging in like a utility. All of this was out of reach just a decade ago.

But what about security???

We’ve already seen evidence of the disaster that awaits us if we don’t wake up. Everything is online. Everything is accessible. Keeping it in the right hands will be overwhelmingly difficult. Over the past five years we’ve seen power grids disrupted, military secrets compromised, major retailers sifted of their customer’s data, and some of the most intimate parts of our lives digitally exposed. And it will get worse.

So while your clients must be digital, can they handle these new threats? Threats that may surreptitiously take their most prized intellectual property (IP), and steal the trust of their most loyal customers.

This is an opportunity for every technology reseller – but especially those of you who call on the SMB sector…

This is so important that I’ve recently updated my book, The House & the Cloud to include these concepts. I had hoped to have it out this past summer, but it was just too much. So I am making some final edits, including some recent events, and hope to have this in the printer’s hands before month-end!

As a bonus, I have created a special private membership site just for those who have the book. You can get access to it by downloading the current free version of The House & the Cloud – an email with instructions will get you there.  You’ll find updates on the new version as well as videos and other tools to supplement the book content…

Get The House & the Cloud  << Click to Get the Book and Access The Site!

Also, if you have not seen my new Security Sales Mastery Program – it’s in place and people are taking advantage of it. You can read more here:

Master The Security Sale <<< Click to Read More About It!

© 2014, David Stelzl