Archive for April, 2012

30
Apr
12

How Do I Build a New Region – Using Educational Marketing

By Dave Stelzl's Blog Leave a Comment
Categories: Demand Generation
Tags: , , , , ,

Downtown Grand Rapids

I’m Back from Grand Rapids and heading into a busy week, but not without some reflection on the benefits of last week’s educational event.  27 business leaders attended this event where I addressed the group on current security trends and threats specific to the SMB space.   Over half of them will be looking at their security issues in greater detail this week with the sponsoring solution provider, in the form of an assessment.  The majority of these companies are not currently engaged as clients, but are still receiving this assessment as a thanks for joining the meeting. This is a significant step in the right direction and a value to both the business owner and the consulting firm.

On Friday (the day after this event) I spent some time with a rep out in the north west (by phone), going through this type of event and what makes an event successful.  On the call, we discussed ways of attracting new clients, a question I have run into more and more over the past year. He mentioned that they have tried doing  lunch & learn events, like the one above, to demonstrate their value to the local firms – “But we can’t seem to get people to attend – why?”  “How do you continue to attract audiences, even in cities where there’s already of glut of these kinds of events?”, he asked. There are a couple of key issues to consider here:

1. People attend events that offer something they personally need and care about.  If I am in the market for a particular kind of tool or home improvement, I might attend a home show or head over the the Woodcraft store’s open house (a popular store for those engaged in fine woodworking).  I have a specific need and the above mentioned gatherings offer some insight.  If the thing I am buying is obvious, I don’t need to attend.  The problem here is, my lunch & learn at this point only appeals to a certain group of people who are currently shopping for something – it’s a small audience, and my chances of marketing to the right people are slim.

2. If I make this into a product pitch, I can still draw an audience.  Consider RSA – a product show that continues to draw thousands.  What’s the attraction?  There show is advertised to technical people…but the attraction comes with the speaker line-up.  Technologists convince their firms to fly them there and pay for lodging and food, to see John Chambers or Marc Benioff speak.  The problem with your lunch & learn at this point is, you don’t have a speaker that will draw an audience.  Stop saying, “People are too busy,” or “We have too many lunch & learns in our city,” the truth is you don’t have a show worth going to.

3. Too many companies are focused on the numbers.  My coaching client on Friday told me his sponsors only care about numbers in exchange for marketing dollars – meaning it doesn’t matter who shows up.  This is wrong thinking.  The vendor requires some re-education on the importance of converting attendees to buyers.  The percentage matters far more than the number of attendees when we are working with expensive solutions.  With this in mind, getting the large technical audience referenced in point number 2 is not really valid.  Based on the attendee list, I can almost predict the percentage that will sign up to do the assessment (or any other offering).  IT people will love the talk (if it has great content), but will pass on the assessment – why?  Two reasons, they have no liability, and they have no money.  The bottom line here is; setting up an educational event for technical people will buy some good will and demonstrate value to an existing customer base, however it generally will not produce new clients for a solution provider.

4. Content that will attract business leaders, must focus on the business leader and their business. What do they think about all day?  Obviously they hire advisers; legal, health, financial and investment, and more..what about technology?  The event mentioned above was specifically designed to help business leaders understand their risk and liability regarding data and intellectual capital that resides in their most important business applications and databases.  These attendees saw value, responded to a message aimed at reducing their risks of data loss, and followed up with value delivered through the sponsoring solution provider in the form of an assessment.

© 2012, David Stelzl

 

 

26
Apr
12

Poisoned w/ The Knowledge; Information Security Speaker David Stelzl

By Dave Stelzl's Blog Leave a Comment
Categories: Demand Generation
Tags: , , ,

Grand Rapids Marriott

This morning I am getting ready for today’s executive security lunch meeting in Grand Rapids, MI (Sponsored by IBM).  The question came up in a meeting yesterday, “What is an urgent security issue?”  This may seem obvious to some, but when you start discussing it, opinions differ.  For instance, an IT person might see anything that affects their job stability as an urgent issue, the security consultant might consider a lack of policy or compliance to be critical, but the business owner might not consider anything urgent until it’s been explained in layman’s terms – and they are convince something is threatening their business.

For example, is malware urgent?  When you think of malware on a PC, it’s tempting to think, this happens everyday, therefore it’s not urgent – it might be easy to delete, and therefore it isn’t urgent.  However, if you explain to the business owner that someone outside your organization has installed code on their laptop that allows them to potentially collect passwords, read files, and even listen in on meetings or access some of their most sensitive databases, it’s urgent.  Nortel’s recent discovery showed that bots had been installed (malware) to steal data over the past 12 years.  Their AV experts could not detect it, yet their security officer suspected it.  The executives ignored it simply because it wasn’t pointed out in a way that they could receive it.  Had they known that a competitor was stealing their inventions, I feel certain they would have acted. If someone called this a virus with possible, but no actual damage, they would have assumed IT had everything under control.

Being a provider of security solutions requires more than strong technical skills in the area of information security.  It requires the ability to look at a business model and understand what is important.  It requires the ability to predict where the weaknesses are based on the way that company uses technology.  It also requires the ability to do some forensic investigation to discover what is really happening under the covers, and once all of that has been done, it requires that someone be able to piece together evidence in order to predict what might happen as a result, and what the likelihood is that something bad will happen any time soon.  If this can’t be done, chances are that the executives will never take action.  Their position is one of determining where to focus.  Every day they must look at the potential opportunities, and the possible risks; and after weighing whatever data they have, they’ll make a choice where to spend their time, money, and energy.  If the data risks are under control, at least as they perceive them, no action will be taken.   It is incumbent on the security professional to figure out if the issues at hand are, in the reality – in light of the business, critical or not.  And then, the challenge becomes one of presenting in a way that compels that management team to take action.  This is the difference between the professional security consultant, and the backroom security expert.

© 2012, David Stelzl

24
Apr
12

Data@Risk – Preparing for This Week’s Security Seminar in Michigan

By Dave Stelzl's Blog Leave a Comment
Categories: Demand Generation and Sound Bites
Tags: , , ,

As I prepare for this week’s educational security event in Michigan, I am reminded that this is the perfect time to be reaching out to business owners with an educational message. Security issues are rampant, and businesses are being compromised every day.

I was talking with another one of my clients this morning reviewing  their blog posts and other educational social media programs online.  We were talking through some of the major challenges business owners face and what topics integrators and solution providers should be focusing on.  In his case, his entire company has moved to a security message simply because the need is there.  Everyone has a security need right now – areas may differ, but they all need it.  This is a time in history where security is urgent for businesses of all sizes.

In the case of the Michigan event, our initial response has been very strong – we’ll have a packed room for this event.  We have about 30 business leaders signed up – business owners and executives all facing the same issue; that of making sure their data is safe:

1. Wall Street Journal reports that 75% of employees admit to stealing data.  How should business owners view the hiring process and what steps should be taken to ensure new employees have the right access, with the right amount of accountability?

2. Gen Y hires are turning down jobs that won’t allow them to use their own smart phones and tablets.  How do companies address  this type of thing.  Smaller companies probably lack detailed employment policy handbooks and training on this sort of thing – what should they do?

3. Work-at-home programs are also growing.  The State of VA. has, in the past, offered a substantial grant to small businesses who move some of their office workers to home offices.  But how do these companies maintain control of  home based computers used to access sensitive information?

4. Recent advancements in malware have made many of the older anti-malware technologies useless.  With little or no info security skills on staff, how will these companies ensure computers are not infected with spyware and keystroke loggers?

5. Liabilities are growing as threats increase – what policies must be in place and how do these businesses deal with compliance?

On Thursday we will be going through some of the business level mindsets from my book Data@Risk to address the root problems most of these companies have.  It’s a difficult area for these businesses, but our goal is to give them some direction on how to get their company thinking about, and doing the right things to reduce the amount of exposure they have; things they can actually get started with right away.

© 2012, David Stelzl

20
Apr
12

Ingram Micro Advanced Technology Webinar – Speaker David Stelzl

By Dave Stelzl's Blog Leave a Comment
Categories: Audio Programs, Opportunities and Sales Strategy
Tags: , , , , , ,

Did you attend the Ingram Micro Advanced Technology Webinar on Accelerating Security Sales using The House & the Cloud?  We had nearly 300 registered for this event yesterday…if you missed it, or if you didn’t know about it, Ingram Micro did record the session and has made it available online.  Here’s the link for the playback:

CLICK TO HEAR DAVID STELZL’S HOUSE & CLOUD PRESENTATION

Don’t forget, you can also request a FREE copy of the House & the Cloud Book here…(CLICK), and there is also a live audio program available on how to sell using the House & the Cloud sales model (CLICK and scroll down to the MP3 on Executive Selling).

In this session we covered several important topics including:

  • Problems with the current approach resellers are taking to both sales and marketing.
  • The problem with most assessments – which leave the sales person with little hope to sell follow-on project and managed services business.
  • The problem with most sales presentations – leading to boring company overviews that drive your audience to their Blackberries and iPhones rather than listening to you.

From there we moved into several concepts that build a strategy that will lead you up the ladder, into your decision makers office.  We talked about how to get to the right people and what to do when you get there.  In the end, there must be solid justification.  Listen in and see what I am talking about.  Thanks for listening!

 

© 2012, David Stelzl

 

11
Apr
12

Making Money w/ Security Sales Training Day 3…

By Dave Stelzl's Blog Leave a Comment
Categories: Opportunities
Tags: , , , , ,

P2P Peril Link Updated

First, I continue to reference this article – P2P Peril, in my workshops. This article was written back in 2008, but is still highly relevant, providing some great catalyst for selling security when it comes to employees that work from home…I just updated the link on my blog – here’s the post I wrote: http://davidstelzl.com/2008/12/15/p2p-peril-great-sound-bites-for-security/ (with the link to the article)

The House & the Cloud

Yesterday we spent time discussing the House & the Cloud model (in our virtual sales class) – a model I use to gain access to the right people with the right message…you can request a free copy of this book in PDF format on the right-hand sidebar of this blog…While the book is not brand new, it does contain information that I continue to use in my executive facing educational events.  Every person trying to sell security solutions should read this book – it’s free, so check it out.

Assessments that Sell

Today we are covering assessments – this seems to be the biggest hurdle as sales and technical people try to figure out what an assessment is for, and how it should be conducted.  Who does it?  Who should be involved from the client side?  How much detail? The list goes on…the bottom line is, if the report finds urgent issues (which it should), and the client does not take action, the project team has done the client a disservice.  I say that because the assessment should be performed with remediation in mind – if the client does nothing with an urgent issue, it’s usually because those liable for the company data were not involved, or that the project team failed to communicate the urgency to the right people in a way that compelled them to take action.  There is simply no reason to charge money for a 50 page document that does not lead to action.  So today we’ll be covering:

  • How to sell the assessment
  • How it should be conducted – from the selling perspective
  • How the results should be delivered

In order to accomplish this we will also need to cover the process of getting to the right people and asking the right questions.  Take some time to evaluate your own assessment and discovery process.  Do you have Asset Owners involved?  Are your findings leading to remediation efforts?  Does this eventually turn into managed services business?  If not, you may be approaching this incorrectly.

© 2012, David Stelzl

10
Apr
12

Making Money w/ Security Day 2 – Security Sales Training

By Dave Stelzl's Blog Leave a Comment
Categories: Marketing
Tags: , , , , ,

Sound bites are a term I use for collecting and memorizing powerful statistics or statements that come from credible sources like The Wall Street Journal.  By themselves, they won’t sell a thing – in fact most technology sales people are guilty of overusing them, or using them with the wrong people.  They have two purposes:

  1. They build credibility when taken from the right sources
  2. They soften cries from IT that the company has everything they need – “We have it covered”, they claim.

When the buyer hears powerful statements from The Wall Street Journal telling them that Visa, MasterCard, and the Pentagon have experienced major attacks and are unable to defend themselves, it is hard to sit there and claim to be in better shape – especially in the small and mid market companies.  In today’s session we explore marketing theory and what it is that actually motivates the buyer to carve out funding for major security projects.  We use the sound bites to accomplish their task, but then move on to more advanced marketing strategies (ones that should be taught in school, but just aren’t).  Here are some of the sound bites sent to me as part of last night’s homework…I thought everyone might benefit from seeing some of these things.  Note:  These are in not particular order, and may not even by the most significant…just a sampling.  Feel free to add more powerful ones if you like.

1. The people in the IT department pose the biggest risks to data security. They can access nearly anything on the network, usually with no one looking over their shoulders. WSJ 4/4/12
2. 56% of those surveyed (WSJ) after financial crimes were committed, said the most serious crimes involved insiders WSJ 4/4/12

3. 53% of respondents indicated IT was involved in serious cyber crimes involving money over the past year 4/4/12 (WSJ)

4. Damage is only just now coming to light in the form of millions of false 2011 income tax returns filed in the names of people currently receiving Social Security benefits – reported by WSJ for Puerto Rico, but not the US – just coming out now!  Cringely Report.

5. Out of 47 attempts last year, hackers managed to penetrate NASA’s computer network 13 times – Ziff Davis  – March 2, 2012

6. Global Payment Inc – shares dropped 9% after disclosing a cyber attack – Reuters.3/30/12 – affected Visa, MasterCard, Amex, and Discover – 10 Million Card holders affected  (all 4 had stock price drops as a result).

6. The Chinese People’s Liberation Army (PLA) runs a very active industrial espionage program because it has the joint mission of ensuring both military and economic security. So when companies from another country attempt to do business with a Chinese company or agency in an important area of technology, the PLA helps give its side an advantage by stealing data from the other side. They use the same targeted cyber-intrusion techniques they use to steal military secrets. They are after the “play books”–the documents that tell what the company is willing to give up and where it will hold the line. That data gives their side an advantage in negotiations. Sometimes, as in the Google case, they just steal the technology they want.  (FBI discussion with SANS – March 2012)

7. Shawn Henry, who is preparing to leave the FBI after more than two decades with the bureau, said in an interview that the current public and private approach to fending off hackers is “unsustainable.” Computer criminals are simply too talented and defensive measures too weak to stop them WSJ 3/28/12

8. James A. Lewis, a senior fellow on cybersecurity at the Center for Strategic and International Studies,  I think we’ve lost the opening battle [with hackers].” Mr. Lewis said he didn’t believe there was a single secure, unclassified computer network in the U.S.  WSJ  3/28/12

9. 24 Million customers compromised through Sony PlayStation last year, over 100 million on NASDAQ.  WSJ 3/28/12

© 2012, David Stelzl

09
Apr
12

Piggyback Ploy

By Dave Stelzl's Blog Comment
Categories: Sound Bites
Tags: , , , , ,

“…The stealing of another person’s paid Internet access by tapping into their home router or cable modem. When someone uses your Internet connection for illegal activity, it could leave you as the unwitting target of a police investigation.” This is a quote from today’s USAToday article, Internet thieves piggyback on legitimate users.

For those calling on the SMB space, the above quote should include small business routers as well – and of course, small businesses running out of a person’s home, something I am seeing more and more as small companies operate without brick and mortar offices.  Like spam, the average business owner is under the impression we are fighting a bandwidth hog or time waster, but the real risk is in the phrase, police investigation!  They don’t mention it here, but the fastest growing business on the net today is kiddy porn – so the above quote should read, …by tapping into home or small business routers…uses your Internet connection for illegal activity, such as the resale and distribution of kiddy porn.  And it won’t be the police knocking, it will be the FBI, knocking and confiscating all of your business computers while this mess gets sorted out.  In the mean time, your family members and close friends will be wondering who is telling the truth.  Try explaining this to your spouse…Talk about urgent – this is urgent.

Today is Day 1 of the Making Money with Security class - if you’re not signed up, I have three seats open – over the next three days we’ll be taking a look at exactly how to find the right prospects, how to gain their permission to uncover opportunities, and how to create justification – without introducing competition.  This almost always leads to larger remediation projects as well as managed services contracts.

© 2012, David Stelzl

04
Apr
12

Eventbrite – A Tool to Help w/ Your Next Event

By Dave Stelzl's Blog Comments
Categories: Demand Generation
Tags: , , , ,

If you have attended any of my webinars, or perhaps signed up for my online Making Money w/ Security class, you’ve been to my EventBrite page. This has been a great tool for setting up just about any kind of event, both online and live.  I wanted to pass this along to you as you consider doing lunch & learns and marketing webinars this year…a couple of great features to ease the burden of event planning:

  1. First, the fee; Eventbrite charges a percentage of what you charge, so if your event is free (which most lunch & learns and marketing webinars are), your fee will be $0!  It doesn’t get much better…
  2. You can limit the number of seats, so if you have a Webex account that permits 100 seats, you can limit your sign up to 100 attendees.  Same would go for a live event.
  3. You can set up different ticket types, so in my Making Money w/ Security class I have three different ticket types; one at list price, one for early sign up, and one for mentor alumni.  This really helps when the event has a fee associated with it.
  4. It’s easy to customize.  I often have a picture to go with my event, so uploading a photo is common.  On some sites you have to make the picture a certain size, but Eventbrite is smart enough to modify your photo so that it works without any changes.
  5. You can include a location which automatically displays the Google Maps picture!  Pretty cool for live events.
  6. You can specify what information you want to collect.  Some can be optional, and others can be mandatory, but its all up to you.
  7. You can mass email your list, keeping people up to date, and sending out reminders – all prescheduled and easy to create.  That is how  I get the 24 hr notice out, then the 6 hour, then the 1 hour reminders. This cuts down on attrition.
  8. You can also do mass email marketing with a list right from Eventbrite and it will track your responses.  I don’t use this, but its out there.
  9. You can connect with Google Analytics, or just view the Eventbrite statistics.  Google gives you more, but the Eventbrite stats are good enough in most cases.
  10. Finally, you can duplicate an event – making it easy to set up a next event of a similar type – for instance, if you do monthly webinar events.

There you have it – give it a try, you won’t be sorry.

© 2012, David Stelzl

 

03
Apr
12

Hackers Grab 1.5 Million – Visa and Mastercard

By Dave Stelzl's Blog Leave a Comment
Categories: Sound Bites
Tags: , , , , ,

I’ve been saying this for years – detection is the most important part, and your managed services program is a critical component of the detection strategy.  I just finished up today’s webinar – the second session of, Accelerating Managed Services Sales.  Both sessions, March and April, where full, with a waiting list.  This article on Global Payments underscores the problem with most security problems – if you read the quotes from the experts cited in this article you will see the recurring theme, Firewalls and Perimeter security don’t do it.

In today’s session on managed services sales I presented several mistakes being made in the sale of managed services offerings. The biggest one is putting the focus on ROI – Return on Investment, or TCO – total cost of ownership.  Is there a TCO savings?  Probably – or maybe even a forceful “YES”, but don’t lead managed services sales with this.  Risk is the motivator here, and companies are losing the battle according to last week’s FBI reports.  If you’ve read my book, From Vendor to Adviser, some sound bites worth remembering from the above article include:

  1. The Heartland Payment Systems breach exposed 130 million credit card numbers – credit card data is still vulnerable.
  2. The Payment Card Industry Data Security Standard (PCI DSS) is highly prescriptive in nature, but simply complying does not ensure credit card security.
  3. The perimeter-based approach is not sufficient and fails to protect critical data and internal resources that bypass these point solutions.
  4. Firewalls, antivirus and [intrusion detection and prevention systems] are no longer enough to protect against rapidly evolving zero-day and insider attacks.

Remember, sound bites build credibility, however, as I explain in my book From Vendor to Adviser, they do not sell.  They help you relate to executives as long as the source is credible in the eyes of the buyer – so steer away from Infoweek type sources when gathering these sound bites.

Join me on April 9th – 11th for a deep dive into the world of selling highly profitable security solutions and you’ll also get a one hour one-on-one session with me to review your business and create a more effective strategy for selling more profitable solutions.

Sign up here! Making Money w/ Security (just 5 seats left)

© 2012, David Stelzl

 

Free Book

Email Updates

Subscribe to Profitprogram's Blog by Email

Subscribe by Feeder

Subscribe in areader

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 361 other followers

My Twitter Profile

Twitter Updates

Order Now!

Follow

Get every new post delivered to your Inbox.

Join 361 other followers