2009 February « Dave Stelzl's Blog

Archive for February, 2009

Feb

Washington DC: Making Money with Security

Categories: The Bottom Line
Tags: Asset Focused Selling, Information Security, Managed Services, sales

Unlike my recent NYC trip, my limo driver was professional, had an immaculate car, and was right on time. Coupled with great weather, beautiful accommodations, and the company of the entire Stelzl family – it’s kind of like being on vacation. The family headed off to DC to take thousands of pictures of various historical figures, buildings, and landscapes (part of today’s home school history curriculum), while I headed to our one day workshop.

We had an excellent group in Herndon – about 25 sales professionals working to take their business to the next level. A mixed group of solution providers, some doing very well and focusing on the right things, others struggling with some of the decisions their companies are making in the midst of a down economy. I’m always amazed at some of the steps senior management will take when under pressure to make the numbers. They think that yelling louder, reorganizing the team, or placing more accountability on the rep will somehow turn the tide despite the economy. What they’re missing is a strong offering that has the potential to improve the client’s position. Lee said it best; “We lead with analysis, use project work to improve the client’s situation, and then follow up with a managed offering that is built to offer long lasting results and recurring revenue. “ This is the profit program in its most basic form.

Feb

Off to DC, meanwhile Brazilian Cyber Gangs Target Online Banking

By Dave Stelzl's Blog Leave a Comment

Categories: Sound Bites

As we prepare for our trip to DC where I’ll be conducting the next Making Money with Security^TM workshop – scheduled for tomorrow in Herndon, there’s an interesting article in USA Today on the birthing place of banking Trojans. A side note – this trip promises to be exciting as we are bringing along the entire family (all 9 of us) to view the sites in DC.

If you recall, back in January there were reports of massive banking Trojans circling the globe via internet – Slammer like malware, only this time surreptitious in nature, a special form of malware that targets online banking relationships. These Trojans are programmed to fine PCs used to bank online – they sit silently awaiting the connection, at which time they wake up and begin recording access codes and facilitating third-party access to the herder – the one in charge of the Trojan. They’re sophisticated, hard to spot, developed by Brazilian Cybergangs, and now they’re for sale.

http://blogs.usatoday.com/technologylive/2009/02/brazil-birthpla.html

Feb

Heartland II – Another Third Party Credit Card Processor

By Dave Stelzl's Blog Leave a Comment

Categories: Sound Bites
Tags: Identity Theft, sales, security, selling, Technology, Visa

This just in…No names disclosed on this one yet, but similar to Heartland with about 100 million cards compromised…Someone has figured out how to hit the jackpot on credit card processing…no doubt these people were PCI compliant as well.

http://www.scmagazineus.com/Visa-confirms-another-payment-processor-breach/article/127725/?DCMP=EMC-SCUS_Newswire

Feb

Where is Heartland’s Solution Provider – send me an email!

By Dave Stelzl's Blog Leave a Comment

Categories: Sound Bites

More on Heartland…this attack serves as a great case study on compliant vs. secure. The recent Heartland attack mirrors that of TJX, who lost somewhere between 50 and 100 million credit card numbers over a three year period. Recent USAToday reports indicate that this attack also started with an insecure wireless network in a store which was connected to Heartland. Once on the network, thieves made their way into Heartland, setting up Trojan technology allowing them to sniff out credit cards being processed. Heartland was PCI complaint! A similar loss occurred in a recent attack on Hannaford Brother grocery stores – another PCI compliant establishment. Hannaford lost 4.3 million credit cards.

Sales people often cave in when the client draws a line between assessments and remediation. Don’t give into this sort of thinking. It may not work on the government side, but assessments and audits differ, and solution providers that secure data must start by assessing risk. If a firm claims to be compliant, security is still outstanding.

http://blogs.usatoday.com/technologylive/2009/01/heartland-could.html – this recent article reveals some of the litigation awaiting Heartland…Why didn’t their technology solution provider sell them the right security?

Feb

Leveraging Risk – the Final Session

By Dave Stelzl's Blog Leave a Comment

Categories: Opportunities
Tags: Asset Focused Selling, Cybercrime, Information Security, Marketing, Value Proposition

Session 5 on Leveraging Security posted today on my Podcast site. This session goes into some of the companies that successfully use security and concepts of risk to drive new business. Next week I will be working through a couple of weeks on specific threats I see growing over the next year and how security sales will develop. You’ll want to stay on top of this as we move from there into some specific examples of how to drive new business using risk.

Also, a number of people have inquired about my overdue book. It’s close – I had a minor glitch in getting things edited, however I have engaged a firm and am about halfway through. We should be in print next month with Data @ Risk, Building an Asset Mindset Toward Securing Data – remember, this is a book that parallels the House & the Cloud, specifically written for your clients to show them where their need is and what to do about it. My goal is to position security experts from your firm to help companies that are operating with inadequate security programs.

Feb

Getting their Attention

By Dave Stelzl's Blog Leave a Comment

Categories: Marketing
Tags: brand, Information Security, Marketing, Technology

After snow on Wednesday, we completed our Richmond, VA. executive security luncheon today with perfect weather and about 40 attendees – mostly business leaders. What makes an event like this successful? Well funded through sponsorship, relevant information, credible delivery, and a strong follow up plan. Some notable sound bites from our opening;

- Still no suspects on the $9 Million ATM heist.
- 3 arrests made in connection with the Heartland hack – which has affected 101 banks and over 300,000 credit card accounts.
- Over the past week over 200,000 identities have been compromised between Kiaser, University of Alabama medical center, and the FAA.

With about 70% of attendees going on to assess risk, I fully expect 90% of them will find there are things that should be done to increase security. Most of these will go on to add or increase some level of managed security. In addition to the event, this solution provider was able to get the attention of a local news paper and TV video spot. When dealing with a recession, marketing, branding, and differentiation are all essential parts of driving forward.

Feb

The Latest ATM Scam – 9 Million Lost and No Suspects!

By Dave Stelzl's Blog 2 Comments

Categories: Sound Bites
Tags: ATM, Information Security, Managed Services, RBS WorldPlay, sales

The sophistication of attacks is constantly growing. This video and attached news link demonstrates the power of gaining centralized control over some system that coordinates subsystems all over the country. In this case it’s ATM systems linked to a centralized payroll system run by RBS WorldPay – it could have easily been power grids or air traffic control, but in this case the attacker has compromised a central database of people who are paid by inserting debit-like cards into an ATM that will then transfer money from the employer to the employee.

There are two interesting aspects of this story. First, it’s not one person taking advantage of a system, but rather 130 ATMs over 49 cities compromised within a 30 minute period – a large number of coordinated thieves were involved. Second is the timeframe – the report shows this attack happening in November, and being disclosed this week. The ATMs are all on camera, but once again, detection only works when people are watching for alerts.

This type of attack makes a strong case for real-time detection response, a program that is delivered to your customers through a managed security offering. Logging data is of no use if no one is there to watch it. No suspects, no arrests, but there is one asset owner lawsuit in process…focus on the asset owners, they control the budget.

http://www.myfoxny.com/dpp/news/090202_FBI_Investigates_9_Million_ATM_Scam

Feb

Find New Clients

By Dave Stelzl's Blog Leave a Comment

Categories: Opportunities
Tags: Information Security, Marketing, selling

Now is the time to be attracting new clients – how are you going to do that. Here is a news link announcing an executive user awareness program I am speaking at this Thursday. The combination of outside expertise, media support, and a TV spot we will be filming at the event make a strong case for new client attraction. http://www.richmondbizsense.com/2009/02/16/data-security-how-safe-are-your-company-assets/

Feb

Finding the Pain

By Dave Stelzl's Blog Leave a Comment

Categories: Opportunities
Tags: domains, ISC2, Security Sales, selling, Technology

In our marketing strategy workshop yesterday we recognized that security pain is often not seen by the client – it must be proven. Today’s attacks are mostly stealth, and so the likelihood of your client having experienced any true security pain over the past year is low. Gaining agreement to assess security is not always easy; however it can be done as part of other infrastructure projects you are engaged in. If you’re a solution provider, you may have an advantage here because you touch so many different aspects of a clients IT investment.

Which brings me to today’s podcast – the 10 Domains of Security. Limiting security sales to firewalls and IDS or AV applications is short sighted. Take a look at the enormous scope of security through the discussion I offer on these 10 domains. Chances are you’re well positioned already to take advantage of these – it’s just a matter of knowing where to look. Check it out at http://dstelzl.podbean.com/ and select “Subscribe to Premium Content” on the right.

Feb

The Best Sales People

By Dave Stelzl's Blog Leave a Comment

Categories: Wise Counsel

Today I am out on the west coast working with a global technology firm’s marketing team on product messaging. While preparing on the flight out, I was reminded that the best sales people are consultants. By this, I don’t mean billing their time. But they do have to approach clients in a consultative manner. I find that more people talk about “solution selling” than actually know what it looks like. There’s actually a book called Solution Selling, written by Michael Bosworth, and if you haven’t read it, you might do so. While it’s not new, it does offer some insight on what is meant by “consultative”. Here are some points to consider on your next sales opportunity:

Do you know how the things you are selling are going to affect various parts of the organization on the business side? Are you just guessing, or have you actually taken time to meet with them? Refuse to sell only to IT.
When people ask you what you do, is your answer “Sales”? Wrong answer! Speak in terms of outcomes.
Do you have examples of how past project work has shown returns to your clients, reduced measured risk, or offered up competitive advantages? Are you able to articulate these stories in a way that allows your prospects to see value your current offerings?
Is your line of questioning thought provoking? Are you asking the same questions your competition has been asking for years, or are you just leading you client down some path to make a sale; or have you become like a consultant, discovering where they are headed as a company, where they are right now, and how best to help get them to their next milestone?

Consulting is a process that improves the client’s condition. Only by first understanding their condition and objectives, can you facilitate change. Your offering comes into place as one of the accelerators to move them forward. Your personal experience and understanding are the catalyst to get things going and to provide some level of course correction along the way. If you’re wondering how to take your business to the next level, start studying how to be an effective consultant and begin making application.