Ingram Webinar ScreenYou Can’t Afford to Ignore The Security Trends

This Just May Be Your Biggest Growth Opportunity

On Sept 18th Ingram Micro invited me to to present a security update to resellers.  This is one of the most important messages you’ll see this year as you consider what to do to prepare for 2016. Don’t let the Q4 rush keep you from doing some serious planning.  The next 5 years of your business depend on it!

Replay the webinar right here  (CLICK).  << Access the webinar replay now…

Growth Opportunities:

  • Don’t forget, Ingram Micro, along with numerous security manufacturers including Websense, Bit9, Cisco, Fortinet, and more, are offering free seats from my Security Sales Mastery Program!  You can contact my team through this blog to find out if you’re business qualifies for these free seats.
  • Both Check Point Enterprise and Check Point SMB resellers may also qualify for Check Point Sponsored seats in the Security Sales Mastery Program – Contact us through this blog if you are a reseller, or are considering Check Point as a partner.
  • HIPAA Compliance! Do you work with businesses that must become and maintain HIPAA Compliance? This may seem out or reach, but it’s not.  If you’re interested in learning how you can build a strong HIPAA practice, contact my team. We have recently partnered with The Compliancy Group and can help you make the jump into this lucrative market!
  • Marketing Events Are More Successful Than Ever! Next Wednesday I will be presenting to 30 business leaders in the Mid Atlantic Area.  The sponsor, a local reseller, was able to attract 30 business leaders in about 4 weeks using our Marketing Success Kit.

© 2015, David Stelzl

Back From An Amazing 7 Day Trip

This past week we covered about 50 miles of very rugged country, climbing 7 of the 46 Adirondack High Peaks!  Here are a few pictures of the SVLC team, and my son David who joined us!



On the summit

On the summit

Crack Climb

Crack Climb

Bethany on Gothics

Bethany on Gothics

The team on Armstrong

The team on Armstrong

Downtime in the lean-to

Downtime in the lean-to

Swimming in Lake Colden

Swimming in Lake Colden

Relaxing on Mt. Colden

Relaxing on Mt. Colden

Avalanche Pass

Avalanche Pass

We made it!

We made it!

Climbing Mountains.

dollardataCredit Card Data Is A Commodity…It’s The Company Secrets That Profit

How Secure Is Your Data – What About China?

The big companies have had their share of horror stories with credit card theft this year, but are you and your customers watching the trends in Espionage?  Earlier this month I interviewed a couple of former NSA agents to give technology providers some insights into cybercrime trends and a war we are all involved in.  Summer Worden, one of my guests on the SVLC Insider’s Circle Program talked about Russian and China, revealing some of the hidden agendas and what to expect in the future.  Much of this is driven by Economics according to Worden.  China’s economy needs more innovation, and what better way to get it than to take it from the United States?

Espionage Is Hitting Businesses Right Now

This week in the Wall Street Journal, FRANK J. CILLUFFO AND SHARON L. CARDASH gave us more on this. Here’s a sound bite that should shock us; “The FBI reports a significant spike in its number of economic espionage cases: a 53% increase just this past year.”  Where is this coming from and what’s driving it?

According to the article, “Randall Coleman, the head of the FBI’s counterintelligence division, told the Wall Street Journal in July that much of the suspicious activity is performed by Chinese companies against U.S. firms and that the Chinese government plays “a significant role” in the attempted theft of trade secrets.”  Espionage, as pictured in movies is generally dealing with government data – like the recent OPM hack I wrote on a few weeks ago.  But this is about business. These are companies, targeting companies that have new ideas, strategies, and innovations that the competition in China will benefit from.

In Kevin Mitnick’s book, The Art of Deception, he shares the tale of a businessman entering a small business responsible for developing high tech manufacturing equipment. The man approaches the front desk asking to see the president of the company. The receptionist informs him that the president is out of the country and unavailable. At that point the businessman begins to fumble through his planner, double checking his meeting.  He’s flown in from out of town, and is supposed to be meeting the president to discuss a joint venture. There must be a mistake!

In a last ditch effort, he asks if the development team is in – perhaps he can take them out to lunch to review the plan he and the president have come up with.  They agree, and into the development area he goes. They spend several hours discussing the latest drawings and plans – the company’s latest top secret innovations. The businessman takes a few pictures, and heads out, promising to reconnect next week when the president returns.

You probably guessed – but when the president returns, and the team reviews their recent meeting, the president has no idea who they are talking about. This is a case of economic espionage, and chances are the business guy is now back in his own lab building a “Copy-Cat” product with only a few months of R&D vs. the decade the first company spent developing these ideas.

No Need to Go Onsite

Like your evolving managed services program (if you are an MSP), you no longer have to go onsite to do your work…the same is true when it comes to stealing company secrets. As the WSJ article states, “If you place yourself in the shoes of those playing economic catch-up, why invest millions in R&D if you can simply steal it at a fraction of the cost, especially with just a few clicks of a mouse?”. Now that everything is connected and online, stealing information is simple.

Cilluffo and Cardash rightly point at that,  “The theft of intellectual property and trade secrets destroys jobs in this country, and undermines the nation’s economic competitiveness by striking at the heart of U.S. innovation.” And in this case, nation states are behind these acts of war!  Years ago I read in another WSJ article, “This is a slow sifting of the American Economy,…and because it lacks the alarming explosions and bodybags, no one is really paying attention.”  At some point we will find our bank accounts empty, and our businesses collapsed.

No One Is Claiming Responsibility, But Who’s Investigating This?

Terrorists claim responsibility when they blow things up. They want us to be afraid. In a war, the opposing country generally announces their demands and threats of invasion. In this case, the thief is not interested in being known – they have no demands. They are looking for a competitive advantage. It’s to their benefit that no one know what they are up to. If they can silently get away with strategic information, they can recreate a product in their own lab, with a fraction of the required investments in time and money. With their copy-cat product in hand, they are now able to sell it at a fraction of the cost. Recovering their investment is easy – they didn’t spend their own money on this invention.

What to Do About It

In the WSJ Article, the writers tell us, “Recent reporting suggests that the Administration is striving to craft an innovative and calibrated response to the OPM hack in light of its scale. This is a significant development in the ongoing match of Spy vs. Spy on steroids. An equally compelling answer is needed to China’s economic espionage against the United States. Time is money in this context — but more importantly, it is national security.”

It’s true, our government needs to get on this. In a recent Presidential speech I heard Obama say that our greatest threat right now is environmental…I have to respectfully disagree.  Without a doubt, I believe it’s cybercrime – Hacktivists, Nation States, and Cybercriminals.  All three are attacking everything from your personal data, to company innovation, to our nation’s intelligence.  As a technology provider I want to encourage you to start educating your clients – everything must be secure, and it can’t wait for the next budget cycle or a government mandate.  Like a doctor sharing the diagnosis of cancer with a patient, it’s up to us to convince them to begin treatment. This is not about insurance, it’s about preservation.

“Those who say they have it covered are either ignorant or lying to you.” – A quote from my most recent book, The House & The Cloud 2nd Edition.

HC Image

© 2015, David Stelzl

P.S. If you want more on how to convince your customers they need better security, this book explains how to do it…(click to see it on

zeusHave You Heard of Gameover Zeus?

If you’ve encountered Cryptolocker – it’s just one of many attacks that have come out of the Gameover Zeus Gang.  But the story is just now unfolding. The Gameover Zeus Gang refers to itself as The BusinessClub.  Their botnet has been one of the most destructive forces in cybercrime over the past few years – focusing on espionage, bank account sifting, and ransomware. Small and large businesses have been impacted – this is important! Rather than rewriting all the details, there are two ways to get more insight on this:

The FOX IT Report on Gameover Zeus

Read two reports – Krebs on Security does a nice job of summarizing.  The Fox IT report contains more details, and looks to be the primary source for Krebs.

The Fox IT Report  << Click Here to Access it

Brian Krebs Summary Report  << Click Here and Consider Subscribing

Interview: Get The Inside Scoop on Gameover Zeus

On August 11th, I’ll be interviewing former NSA Agent Summer Worden – who has been collaborating with investigators on this major crime break over the past several months. Summer Worden is the founder and chief executive director of Filly Intelligence LLC, an advisory firm focused on applying an intelligence-based approach to secure enterprise vulnerabilities using military cyber and intelligence best practices.  Ms. Worden is a 13-year veteran of the U.S. military and Intelligence Community (IC).  During this time she served as an operational intelligence officer in a variety of leadership roles; her positions held within the IC were served at both the field level and at the heartbeat of our nation’s highest authority for strategic national intelligence. Her strong competencies within sensitive intelligence operations were recognized when she was selected to lead one of the five operational teams of the National Security Agency (NSA). These five teams serve as a direct asset of the Director of the NSA, and their mission delivers 24-7 national support for critical events and clandestine operations across the globe.

You don’t want to miss this….

To join us on August 11th, simply join the SVLC Insider’s Circle today – there’s no obligation to stay long term, however this is one of the best ways to stay on top of security trends, as well as sales and marketing strategies needed to serve the security market.  CLICK HERE to read more  << Discover the SVLC Insider’s Circle.

© 2015, David Stelzl

windowsWindows 10 Is Here – So How Will This Affect Your Managed Services Business Over the Next 12 Months?

Resellers – I’m talking about the SMB VAR that has converted most of the business to managed services.

There are many; if you’re a VAR, it’s you and your competition. Since the late 1980’s, when Microsoft Windows first appeared as a viable business choice, beating out OS/2 for the majority market share, Window’s problems have dominated IT’s time.  This operating system has never really worked – not like other operating systems. If you don’t agree – you may not have experienced the amazing capabilities and stability of IBM Mainframe technology, the OS/400 and it’s System 36 predecessors, and of course many flavors of UNIX. These computers run circles around Windows. But that’s another subject for another day.

The point is, Managed Services has been sold as a way to even out the expense associated with the support nightmares small businesses face every day. And I have to believe that 90% of them, based on many VAR interactions, are Windows problems. What happens to your manage services business if this version actually works?

I Use Mac and Don’t Really Need An IT Group

I started with Apple back in 1984.  In 1987, taking a job with what is now Bank of America, I was forced to move to DOS (which was also extremely stable and easy to use,) and eventually Windows 3.0 (The First real Windows look and feel). Windows 3.0 was not an operating system – it was an overlay that ran on DOS.  Eventually Microsoft turned this thing into a complete operating system – NT.

Remember Vista? Many revisions after the original NT operating system…It was supposed to be the silver bullet. I bought my a new laptop from Dell around that time, with Vista installed. By the time Windows 7 came out I was ready to convert!  I did – I moved back to Apple.  I rarely need any support, and have no regrets. It’s been over seven years now.

Mac People Converting? It’s a Sign.

When Microsoft Windows 7 came out, many of the problems were said to be corrected. And they were. I had one Windows desktop remaining in my office, and immediately upgraded it to the new Windows OS.  Running 4 Macs and one Windows 7 computer was interesting. In case you haven’t guessed, the Windows box was the only system that required frequent rebooting, laborious updates, and periodic wiping and reloading. 

So I was surprised when I read last week in the Wall Street Journal about a Mac follower converting to Windows 10! Something about 10 must be really good!  I guess we’ll see – but what happens to your business if Window’s users suddenly don’t need much in the way of support?

Sure, there will always be a need for some support. The entire city of Charlotte, NC and surrounding 100 mile radius is supported by about 2 Apple Stores. There might be a third.  This is actually good. I mean, computers should be getting better, and software should be more stable over time. This technology is maturing. But what’s you’re next move.

The Point Is, VARs Must Change

I’ve written about this before, but it needs to be written again. I just got off the phone with a long time customer and friend. His business has been very successful over the years – he sells managed services. This year growth is flat. I know many resellers are making money – they’ve built substantial recurring revenue through managed programs. It was the smart thing to do. Those who didn’t do it are probably in trouble right now.

But there’s always a next move. The technology business won’t stand still. And it’s about that time. Regardless of when you made the transition, it was 2003 when the early adopters did it.

You have two choices, the way I see it.  Security or Software. Either help companies make the digital transformation with customer software (a competitive advantage sell) or move to security – intelligent, predictive security. The  technologies are new, but now’s the time to jump onboard.  If not, you might find your Windows 10 customers don’t really need you. After all, it’s moving to the cloud…like just about everything.

© 2015, David Stelzl

P.S. Not related to this post really, but there are some interesting and concerning security issues emerging with the release of Windows 10.  Your team might want to be up on these – might create some new business opportunities.

boardroomWhat Question is Most Often Asked of the CISO, By The Board Of Directors?

And What Questions Should They Be Asking?

The big question being asked, according to Kim Nash, columnist for the WSJ, is; “Whether their company is vulnerable to breaches similar to those at Target Corp., Anthem Inc. and the U.S. Office of Personnel Management (OPM)?” There’s two things to consider here – First, who can answer this question? Second, is it the right question?

According to Kim, it’s not the right question – but let’s go to my first concern which is, “Who can answer this question?”

Will We Be Hit Like Target, Home Depot, or OPM?

Most executives can’t answer this question honestly. And their security team doesn’t really have a clue either. If they did, we wouldn’t be reading these stories every day.  And, if you look at the stories being published, it’s the big guys – yet we know statistically, 60% of the breaches are hitting the SMB market.  Most of these breaches never make the news.  So the board can ask, but they’re not likely to get the real answer.

If you didn’t see my comments on OPM, you might want to take a look (Read about Donna Seymour and OPM’s failure to protect our nation’s critical personnel data.) The board is missing the mark here because they misunderstand risk.  In my book, The House & The Cloud (2nd Edition), i’ve given a lot more attention to the impact vs. likelihood graph than I did in the 2007 version – it’s a model I use to communicate risk to business leaders.

If you know security, the concept is pretty simple. The missing link in most assessments is a measure of likelihood.  And that’s what the board is really asking – although they are asking it incorrectly.  What they really need to know is, where’s our data, and what are the top 3 to 5 threats we are facing right now. Given these threats, what are the odds we’ll be hit over the next 12 months?  (More detail on how to figure this out, starting on page 194 in The House & The Cloud.) As I said in my latest speaker promo video, risk needs to be presented in simple business language – in terms everyone who uses and depends on data can understand.

One thing everyone must comes to grips with is, every company is vulnerable just like Target, JP Morgan, Home Depot, and most recently Ashley Madison.Check Point Training Ad

The question isn’t “Can they get in like they did at Target?” Rather, they should be asking, “Can we detect a breach in time to stop the damage?” Remember, like a house or bank physical robbery, hacking does take some time, and it does make noise – but you won’t hear it with your ears. You’ll need detection technology in place and the people with the skills and understanding to turn that data into intelligence.

So what’s the right question? Can we detect and respond before it’s too late?

Are You Getting To The Board?

Have you ever been invited to meet with or present to a board of directors? It’s a powerful moment in the sales cycle if you have something meaningful to say.  Yesterday I was working with a rep on some strategy, as part of the SVLC Security Mastery Sales Program. We were discussing strategies to get a CEO or Board level meeting.

Most are still working at the IT Director Level. Remember, the IT Director is low on the liability list for security. They might lose their job – but getting a new one, if they know security, won’t be hard. In fact, they may take a pay raise.  On the other hand, people like Donna Seymour of OPM are in trouble. (Again, read my post and consider Donna’s situation – is it her fault, or is there something bigger going on here?)

Now is the time to move up – company leaders need more security insight right now and the WSJ is backing you on this. The CISO cannot possibly figure all of this out in a vacuum. And aside from some of the largest accounts out there, their people won’t have the experience to do it either. Managed services (with a security focus), backed by skilled security experts is needed to collect and analyze the data, repackaging it into something business leaders can use – intelligence.

What About SMB Companies?

Don’t let the Board of Directors thing keep you from your SMB accounts. The SMB is under fire right now – and the owner of that business is similar to the Board. They need to know the same things, they just have less resources to figure it out.

© David Stelzl, 2015