Available at www.stelzl.us

As I prepare for this week’s educational security event in Michigan, I am reminded that this is the perfect time to be reaching out to business owners with an educational message. Security issues are rampant, and businesses are being compromised every day.

I was talking with another one of my clients this morning reviewing  their blog posts and other educational social media programs online.  We were talking through some of the major challenges business owners face and what topics integrators and solution providers should be focusing on.  In his case, his entire company has moved to a security message simply because the need is there.  Everyone has a security need right now – areas may differ, but they all need it.  This is a time in history where security is urgent for businesses of all sizes.

In the case of the Michigan event, our initial response has been very strong – we’ll have a packed room for this event.  We have about 30 business leaders signed up – business owners and executives all facing the same issue; that of making sure their data is safe:

1. Wall Street Journal reports that 75% of employees admit to stealing data.  How should business owners view the hiring process and what steps should be taken to ensure new employees have the right access, with the right amount of accountability?

2. Gen Y hires are turning down jobs that won’t allow them to use their own smart phones and tablets.  How do companies address  this type of thing.  Smaller companies probably lack detailed employment policy handbooks and training on this sort of thing – what should they do?

3. Work-at-home programs are also growing.  The State of VA. has, in the past, offered a substantial grant to small businesses who move some of their office workers to home offices.  But how do these companies maintain control of  home based computers used to access sensitive information?

4. Recent advancements in malware have made many of the older anti-malware technologies useless.  With little or no info security skills on staff, how will these companies ensure computers are not infected with spyware and keystroke loggers?

5. Liabilities are growing as threats increase – what policies must be in place and how do these businesses deal with compliance?

On Thursday we will be going through some of the business level mindsets from my book Data@Risk to address the root problems most of these companies have.  It’s a difficult area for these businesses, but our goal is to give them some direction on how to get their company thinking about, and doing the right things to reduce the amount of exposure they have; things they can actually get started with right away.

© 2012, David Stelzl

For those calling on the SMB space, the above quote should include small business routers as well – and of course, small businesses running out of a person’s home, something I am seeing more and more as small companies operate without brick and mortar offices.  Like spam, the average business owner is under the impression we are fighting a bandwidth hog or time waster, but the real risk is in the phrase, police investigation!  They don’t mention it here, but the fastest growing business on the net today is kiddy porn – so the above quote should read, …by tapping into home or small business routers…uses your Internet connection for illegal activity, such as the resale and distribution of kiddy porn.  And it won’t be the police knocking, it will be the FBI, knocking and confiscating all of your business computers while this mess gets sorted out.  In the mean time, your family members and close friends will be wondering who is telling the truth.  Try explaining this to your spouse…Talk about urgent – this is urgent.

Today is Day 1 of the Making Money with Security class - if you’re not signed up, I have three seats open – over the next three days we’ll be taking a look at exactly how to find the right prospects, how to gain their permission to uncover opportunities, and how to create justification – without introducing competition.  This almost always leads to larger remediation projects as well as managed services contracts.

© 2012, David Stelzl

In today’s session on managed services sales I presented several mistakes being made in the sale of managed services offerings. The biggest one is putting the focus on ROI – Return on Investment, or TCO – total cost of ownership.  Is there a TCO savings?  Probably – or maybe even a forceful “YES”, but don’t lead managed services sales with this.  Risk is the motivator here, and companies are losing the battle according to last week’s FBI reports.  If you’ve read my book, From Vendor to Adviser, some sound bites worth remembering from the above article include:

1. The Heartland Payment Systems breach exposed 130 million credit card numbers – credit card data is still vulnerable.
2. The Payment Card Industry Data Security Standard (PCI DSS) is highly prescriptive in nature, but simply complying does not ensure credit card security.
3. The perimeter-based approach is not sufficient and fails to protect critical data and internal resources that bypass these point solutions.
4. Firewalls, antivirus and [intrusion detection and prevention systems] are no longer enough to protect against rapidly evolving zero-day and insider attacks.

Remember, sound bites build credibility, however, as I explain in my book From Vendor to Adviser, they do not sell.  They help you relate to executives as long as the source is credible in the eyes of the buyer – so steer away from Infoweek type sources when gathering these sound bites.

Join me on April 9th – 11th for a deep dive into the world of selling highly profitable security solutions and you’ll also get a one hour one-on-one session with me to review your business and create a more effective strategy for selling more profitable solutions.

Sign up here! Making Money w/ Security (just 5 seats left)

© 2012, David Stelzl

• Huffington Post – Straight from RSA 2012:  “Some 70 percent of employees in one survey cited admitted to subverting corporate rules in order to use social networks or smartphones or get access to other resources, making security that much harder.”

• RSA was hacked last year shortly after the RSA 2011 conference using a simple “email with a poisoned attachment – which had been opened by an employee.” – this in turn gave hackers, “access to the corporate network and they emerged with information about how RSA calculates the numbers displayed on SecurID tokens, which was in turn used in an attack on Lockheed Martin that the defense contractor said it foiled.”

• Speakers at RSA called 2011 “the worst year for corporate security in history”  pointing to “the rise of activist hacks by Anonymous, numerous breaches at Sony Corp, and attacks on Nasdaq software used by corporate boards”

• Most importantly – they all agree, “there is more to come.”

While all of this is bad for anyone running a company that relies on securing information to keep going (and that would be all of us), it also represents a huge opportunity like any major unsolvable problem does.  Just like doctors and pharmaceutical companies working on heart disease, diabetes, cancer, and other major health issues that plague our world, security professionals will profit from this as they rise to the occasion.  I am amazed to see companies missing this opportunity after such a long track record of growth.  It’s not over – not even close.  If you are not in this business, it’s time to join the war against cybercrime.  Your clients need it, and they are willing to pay.

Now, you might think I am wrong on that last comment.  I just got off the phone with a VAR owner yesterday who questioned if his clients are really willing to pay.  It has everything to do with your approach…people don’t see it, so they don’t believe it.

I have a client in the Northwest setting up his first executive-facing marketing event.  After just a few days of advertising we have 18 business owners signed up (all asset owners – qualified buyers, and new prospects)!  We haven’t even made calls yet – this is just the response to the marketing letter we mailed last week!  The point is, we designed our marketing campaign correctly – this is not a product driven event, although it is absolutely sponsored by the product manufacturers.  (That’s right – we did get JMF for this even though everyone keeps saying there is no money available for this type of event).

Working with another client on the east coast yesterday, we just completed our first webinar event. Again, the event was designed from the start to appeal to the asset owner.  We had a strong call to action, and 90% of our attendees signed up to have their security assessed!  This was just a webinar – it cost my client almost nothing to do it, other than time and some upfront education to do it right.  His team attended the Making Money with Security event and applied the principles…not a bad return.

2012 looks like a strong year to me – for those focused on the right technologies.  Join the war – it’s time.

© 2012, David Stelzl

• Facebook blocks over 200 million malicious actions every day!
• In August 2011, over 92% of email messages were spam messages, in Nov, over 70%.  These numbers fluctuate month to month, but they are always high.
• Twitter and Facebook are the new targets – people are on to the email problems, but social media is wide open as people accept friend requests from unknowns.  In fact, in another recent article, WSJ reported on a study showing the number of men who gave out sensitive information, including passwords, to a white hat hacker posing as a 25 year old woman using social media!  Incredible, but believable.

As I speak to executives around the world at Lunch & Learns and other customer facing events, I am hearing the need to leverage social media as a means of marketing and branding.  I agree, this is a tool that can accelerate any company’s business when used correctly.  But this also opens the door for users, who are completely unaware of the security risks, to invite predictors to install code on their machines.  The same machines that will later access the company’s most sensitive data.  If you are not attending Making Money w/ Security this week, stay tuned – we’ll be scheduling more later this year.

© 2012, David Stelzl

1. Companies that offered managed services with a security slant (Messaging), grew the most.  When I say “Grew”, I mean, profit.  Who cares about top line growth?  Manufacturers and very large resellers who are publicly traded, perhaps, but for the traditional reseller and even small, privately held manufacturer, gross and net are more important.  Managed services, is always a “security” sale (but often not treated as one), and is the key to developing financial stability.

2. Assessments where also a hot topic.  In my latest book, From Vendor to Adviser (which is doing very well since it’s release in late December – buy it here), I discuss the need to move into a more consultative approach using discovery and assessment strategies.  Clients who have made this a core part of their business development strategy are building business faster and more profitably than any other group of clients I serve.

3. Marketing events continue to produce strong results!  Lunch & Learn marketing has been around as long as I can remember,  yet few can tell me how they are benefiting from these expensive and time consuming events – with the exception of those engaged in security.  We continue to get large audiences, executive level attendees, and a very strong sign up (Conversion) rate – averaging 75%!  Still, companies continue to try other things, looking for diversity and point product selling.

Today we kick off the first 2012 Making Money with Security workshop! (You can still sign up – starts at 1:00 PM). I am looking forward to exploring all three in detail.  Those that master security sales, will win in 2012.

© 2012, David Stelzl

Happy New Year!  2012 is just starting, and promises to be another great year for those providing security solutions.  In fact, I am kicking off the new year with a workshop on selling security – Making Money with Security.  We have a great group, so if you are not signed up, you should be – here is the link (below).  Either way, this is a powerful video to send out to business people who don’t really understand what they are up against.  With the growth in mobile and home workers, this type of attack (illustrated on the video) is easy money for any hacker targeting the average end-user, especially on home computers not controlled by corporate security policies.

http://makingmoneywithsecurity.eventbrite.com/

© 2012, David Stelzl

By observing the information and writing style of the assessment, we were able to ascertain how the assessment might have been conducted, who would have been involved in the assessment process, and how the findings were put together to create justification to move forward.  Here is what we found:

1. Fees – given the size and detail of the assessment, the seller probably could have sold it for more.  However, most assessments are sold to IT people who have no liability.  Creating justification for more expensive assessments requires asset owner involvement, and a belief that things might not be as secure as originally thought.  On there other hand, there are ways to conduct complementary assessments that can result in even great long term gross profit.

2. Interviews – the discovery process was probably limited to more technical people, and did not involve business people, top performers who use mission critical data, or executives who ultimately carry liability for both the systems and data their companies depend on.

3. Executive Summery – Like most executive summaries I read, this one did not speak to executives.  Instead, it was a summary targeting a technical audience.  It was called an executive summary simply because it was a summary…it’s unlikely an executive will read it.

4. Recommendations – most of the findings were written in a passive format, stating that certain Trojans or other common attack vectors could gain access to data.  This rarely moves a buyer.  It’s like saying, eating fatty foods might contribute to heart disease.  No one will act unless the doctor says, “You’re on the verge of a heart attack!”  Every company has urgent issues, but rarely are they called out with passion and urgency.

5. The seller’s involvement – It appears that this document was put together without the involvement of the rep.  As a result, it will be difficult for the rep to own the information and lead the charge for remediation.  Great sales people are trained and skilled in selling – how can the remediation phase be sold without the rep leading the way?

By going through this process, we were able to redefine the roles of the seller and consulting team, reformat the assessment document, and talk through the proper delivery process to move forward with both remediation and managed services contracts.  The next step – each attendee will have a one hour private coaching session allowing us to make specific applications to their business using the tools and strategies learned over the past week.  Stay tuned for our next online class, and join the success.

© 2011, David Stelzl

This Friday I will be going in to some detail on a free webinar – taking a look at the four things buyers buy, the two that make the most sense, but then taking this a step further to show how sales people adopt these areas of specialization when working in specific markets, or with specific technologies. This session is sold out, but consider getting on the waiting list as some may not be able to make it. http://thingsbuyersbuy.eventbrite.com/

© 2011, David Stelzl

From my Window

Back in Vegas, and looking forward to delivering a session from my new book, From Vendor to Adviser – which will focus on meeting executives and business owners using the discovery process, and moving from pure vending to truly advising…Hosted by Ingram Micro at the Aria this year.  Don’t miss it!

© 2011, David Stelzl