Author Archive for David Stelzl
Yesterday we completed day two of our Making Money w/ Security Workshop (Online). A couple of questions came up that might be helpful to anyone selling security solutions…
Sound Bites and Helpful Articles
One person asked about some of the sound bites I mentioned as we went through the session on how to effectively use sound bites.
1. I mentioned a WSJ article that describes how the CISO/CIO needs to be involved in the overall security architecture – Here’s the link.
2. In a recent interview with Richard Clarke, reported on by Ron Rosenbaum, the statement was made that Every Major US Company Has Already Been Hacked Into – where is the article? Here’s the link…
3. The WSJ article that references how 70% of small businesses think they are secure -I comment on this in one of my blog posts – here it is.
Typical Responses to the Question, “What are you trying to protect?”
One of the three questions I ask in my book, The House & the Cloud, is “What are you trying to protect?” When given the opportunity to sell a security product, this should be your first question. It’s an Asset Owner question. IT can’t answer this question – so don’t look for answers like – servers, storage, network, etc. Rather, you are looking for internal systems and applications business people rely on. Your best answers are going to be the internal names of systems they use. In one business I worked with, the company kept referring to their FIS system – FIS for Financial Information Systems. I worked on another project involving the ARMS systems – Account Relationship Management. These are the internal systems asset owners use every day to do their job.
Another possible answer might refer to intellectual capital, R&D data, trade secrets involving a new development or secret formula such as is used in Coke products or Michelin tires. The bottom line is, if you’re asking a technical person, you’re not likely to get what you need. Learn to speak the internal language and you’re likely to get a lot further down the road on the sales process.
Today we will be covering effective security assessment strategies. I will be going through several real assessment projects, looking at deliverables, and showing why a thorough security assessment that did uncover “Bad stuff” doesn’t necessarily lead to remediation work. I also want to show some simple ways to rewrite the assessment deliverable to drive that remediation process forward.
© 2013, David Stelzl
Yesterday we kicked off our three-day online workshop, Making Money w/ Security Day One. This class continues to grow, and this quarter we have about 30 participants!
Sales Training Is Crucial to Success!
Sales training is crucial if you want to grow sales, and specialized training, not product training, is the key to moving from Vendor to Adviser. Yesterday’s class is an example of security-focused sales training. Google Information Security Sales Training, and you’ll see that this type of training is rare. Google something like Solution Selling and you’ll find that, even though Bosworth wrote the book in 1995, everyone from vacuum sales people to high-involvement technology sellers are taking the same classes from millions of so-called solution selling trainers.
Not that basic sales training isn’t important – it is. But taking the next level and specializing is what creates differentiation. Yesterday we covered a number of areas including where the trends are, where the business is, and what is expected to happen around the world with security in 2013. Security continues to be a hot topic among business leaders worldwide.
We also covered sound bites. Part of our home work was to discover more recent hard hitting sound bites and evaluate their usefulness as a sales tool. Most security presentations I’ve seen in a sales call contain sound bites – but most of the sales and marketing people I know are using them incorrectly. They are actually defeating themselves before the competition ever arrives.
Today we’ll cover how to use them. Using them incorrectly leads to a judgmental, left-brain mindset – one that won’t make a buying decision even when there’s an urgent issue at hand. Here are come examples of sound bite evaluation…
1. “China is stealing trade secrets as part of plans to bolster its industry.” Wall Street Journal on April 22,2013. This is a good sound bite – it’s global in nature, speaks of an ongoing trend, and affects any company that store mission critical information such as intellectual capital and trade secrets. It also comes from a source that speaks to executives – the Wall Street Journal. No one is going to question its validity.
2. LivingSocial.com, a site that offers daily coupons on restaurants, spas, and other services, has suffered a security breach that has exposed names, e-mail addresses and password data for up to 50 million of its users. 4/27/13 – Ars Technica Magazine – This one isn’t bad…it’s an identity theft sound bite which in my opinion may be too common – it doesn’t wake up as much as the first one. The other problem is the reference. No one reads Ars Technica – at least not the C-Suite as far as I know.
3. “What most organizations do is overreact: they throw all of their efforts into that one incident and are not looking at what they should be looking at,” says David Amsler, president and CIO of Foreground Security. “And worse, they don’t have a playbook [for response]. It’s so haphazard, and that’s where they fall down.” – This one is good…it speaks to the security strategy and can leveraged to up-sell the bigger picture. It’s what Cisco would call the architectural sale – an opportunity to look beyond the immediate disaster, and over the entire enterprise to sure up things. One downside on this one – it’s too long. If you can’t quickly quote it, you’ll lose your audience.
4. “More than 90 percent of user-generated passwords, even those considered strong by IT departments, are currently susceptible to hacking, according to Deloitte’s analysis.” – I love this one. It’s quick, quotable, concrete (meaning visual), and from a trusted source…and it affects every organization, federal, commercial, big and small.
© 2013, David Stelzl
Last week Ingram Micro’s Physical Security Marketing Group sponsored a webinar going through the House & the Cloud model with particular emphasis on the physical security side. You can replay this event right here:
Earlier this week Ingram Micro – distributor for all kinds of technology, sponsored a webinar on Moving From Vendor to Adviser – for it’s technology resellers. In my book, I talk about at least 12 things resellers need to start doing if they want to remain relevant in the coming years. In this 50 Minute webinar I provide five key things to start doing and relate them to information security.
- Becoming a risk adviser to the companies you serve
- Conducting effective demand generation programs (See my recent ebook on Event Marketing)
- Implementing the secrets of high-priced consultants
- Using value-based pricing strategies – no more block time or time and materials.
- Redefining the way you approach the proposal process – writing great proposals that actually close business.
Also, make sure you have a copy of my book, The House & the Cloud – available on this blog sidebar for free – in PDF format.
© 2013, David Stelzl
We’re just returning from a marathon trip – from Australia to Chicago, over to Boston and New Hampshire, back to Kentucky and Ohio, and finally, back home! Here are a few pictures…with some interesting pizza adventures…
I was surprised to find some pretty good pizza in downtown Bennington. The crust is a little thicker than I like – more like the Ohio Pizza than NY – but over all pretty good. I’d recommend it if you are in the area.
Why do the pizza places in Ohio insist on cutting round pizza into squares?
Sicilian Pizza in Ohio – this was probably the best pizza we had on this trip….
© 2013, David Stelzl
Heading to a conference in Ohio this week – we had a chance to stop in at The Creation Museum with the family. The meal to order here is the pizza – just my opinion. It’s not like NY Pizza – much thicker, spongier crust, and if you look closely, you’ll notice some orange cheese sprinkled on the top. Why do people west of NY insist on putting orange cheeses (such as cheddar), on a pizza?
The good news – the sauce was good, and there’s enough sauce to give it some flavor. It has a sweet flavor to it, kind of like a Papa Johns Pizza. In fact it reminded me of a Papa John’s pizza – so I would classify this as a fast food pizza. I’m sure they don’t have pizza ovens at this place, so chances are they cooked it on the conveyor belt, or possibly in the convection oven. This is not how a pizza should be baked – either go with the high temp pizza oven or brick oven for a more authentic taste.
My son ordered the personal size, which seems big enough for me, but probably not for a growing teenage son. The pepperoni was plentiful and tasty – over all, not a bad deal.
© 2013, David Stelzl
Reads the headline in today’s tech section of the Wall Street Journal. Over the past several months there have been numerous articles published in the Journal – some saying this is real, others denying it…I appreciate one article stating that these attacks are small enough for our government to ignore, so that there is no one single incident demanding a response, but big enough to threaten the long term viability of some of the major companies in the US. In another Journal article I read, “All major US companies have been successfully compromised…” Where is this all headed?
Companies who insist “They’ve got it covered…” are in trouble in my opinion. No company is really impenetrable. In fact, the idea of using a pen-test to show your clients that their data is safe is a false sense of security. A failure to break in simply shows the incompetence of the pen-testing team. It certainly doesn’t mean the company is well secured.
In today’s article the Journal reports – “The Obama administration is considering a raft of options to more aggressively confront China over cyberspying,…, a potentially rapid escalation of a conflict the White House has only recently acknowledged.” The key phrase here is, “Only recently.” Why have government officials denied this for so long? Perhaps for political and economic reasons. The Journal states it like this, “Before now, U.S. government officials and corporate executives had been reluctant to publicly confront China out of fear that stoking tension would harm U.S. national-security or business interests.”
Why are the Chinese on the attack? “China is stealing trade secrets as part of plans to bolster its industry.” It’s simple, the US has a greater capacity for innovation. By invading company’s intellectual capital, other nations can cut thousands of man-days out of the R&D process. Google, EMC, RSA New York Times, Wall Street Journal, and many other well-known companies, along with many federal organizations including the Pentagon, have reported problems traced back to China in recent years. However, things like “dependency on China to underwrite U.S. debt and to provide a market for U.S. businesses,” have allowed these nation-state sponsored attacks to go unchallenged.
Recently our government officials have come out saying, “Cybersecurity threats are the greatest threat to our security—economic security, political security, diplomatic security, military security.” No matter how big your customers are, cybersecurity is something you want to understand and engage them in. We’ll be covering more on this threat in the coming weeks as we approach the May, Making Money w/ Security workshop. I’m looking forward to seeing you there.
© 2013, David Stelzl
For the past 4 days I have been going back and forth between representatives at United to locate my suitcase. What a disaster this has been. Every time I speak with a new person to get an update, they think my bag is in a different city. Finally I get a call from the people who deliver United bags – http://www.wheresmysuitcase.com – they have my bag and will call in one hour to arrange delivery.
Well, an hour later, no word. Later that evening I called them, but they did not know where my bag was. The next morning I contacted United and they didn’t know either. I asked the representative at United to check on this with the bag delivery company, but the bag delivery company claimed that they had no record of me. “How can that be?” I asked. The United person was not able to get an answer to this question, so I contacted the bag delivery people personally. I spoke with Chris on the phone who had no idea – in fact, he sort of insisted that they did not call me. But their number was on my caller ID, so they must have. After some back and forth on this, trying to get Chris to look further into this or at least agree that they must have called me – he hung up on me. At that point I called Chris back to get his name, which amazingly he did give me. He then said, “If I do see your bag I am not going to deliver it to you!” This is amazing to me – if you ever have a partner tell one of your customers something like this – make sure they terminate that employee immediately.
Finally, later that morning I did get a call from someone at United who took ownership of the problem, went out and found my bag, and is holding it for me. At this point I would rather take the three hour trip than risk them putting my bag in the hands of http://www.wheresmysuitcase.com. In the end, the United rep understood, agreed to hold my bag there, and offered me a free flight voucher – she did the right thing. Know who your customers are interfacing with and who represents your brand on your behalf. Make sure they uphold the brand you’ve established and understand how difficult it is for you to win over a new client. You can’t afford to lose clients that actually spend money with you. Note: I’ve flown nearly around the world twice this month on United…I’m definitely a paying customer.
© 2013, David Stelzl