Archives For security speaker

I’ve just scheduled the next Making Money with Security Workshop.  If you haven’t attended one of these, you need to…there are just too many security opportunities out there; unfortunately I routinely see people leaving money on the table simply because they are not prepared to sell the entire project.  In fact, the entire project is often not obvious because the client doesn’t know what they need, and the discovery process on the sales side is lacking. I am posting this along with the LinkedIn news, because I believe there is a tremendous opportunity here to really make a difference – I want every person I work with to have access to “Asset Owners” – to have access to the most important security issues their client have.  I am passionate about this…because I know it works.

Get More Information

Read more here and sign up using the early bird discount. – for dates and times, outline, etc.

 

The LinkedIn Issue So Far

This recent issue with LinkedIn is big.  It’s just one social network, but 6.5 Million passwords is huge, and most of these people use these passwords on every online account they have.  Look at some of the issues posted in a recent PC Magazine article:

  • A file containing 6.5 million unique hashed passwords appeared in an online forum based in Russia. More than 200,000 of these passwords have reportedly been cracked so far – it’s just a matter of time for the rest.
  • This breach is so serious that security professionals advise people to change their LinkedIn passwords immediately – in fact, I recommend you change yours right now!
  • This was amazing:  “One common way people create passwords for different websites is to add the name of the site into the passphrase, says Thorsheim. So some people may use the password “1234Facebook” for the world’s largest social network, and then “1234LinkedIn” for LinkedIn and so on.”  This is a foolish way to create a password – something to educate your clients on.
  • If you know the password is hashed with SHA-1 (Which in this case – these passwords are), you can quickly uncover some of the more basic passwords that people commonly use – in other words, encryption is not that secure if you know what it translates to.

© 2012, David Stelzl

As I prepare for this week’s educational security event in Michigan, I am reminded that this is the perfect time to be reaching out to business owners with an educational message. Security issues are rampant, and businesses are being compromised every day.

I was talking with another one of my clients this morning reviewing  their blog posts and other educational social media programs online.  We were talking through some of the major challenges business owners face and what topics integrators and solution providers should be focusing on.  In his case, his entire company has moved to a security message simply because the need is there.  Everyone has a security need right now – areas may differ, but they all need it.  This is a time in history where security is urgent for businesses of all sizes.

In the case of the Michigan event, our initial response has been very strong – we’ll have a packed room for this event.  We have about 30 business leaders signed up – business owners and executives all facing the same issue; that of making sure their data is safe:

1. Wall Street Journal reports that 75% of employees admit to stealing data.  How should business owners view the hiring process and what steps should be taken to ensure new employees have the right access, with the right amount of accountability?

2. Gen Y hires are turning down jobs that won’t allow them to use their own smart phones and tablets.  How do companies address  this type of thing.  Smaller companies probably lack detailed employment policy handbooks and training on this sort of thing – what should they do?

3. Work-at-home programs are also growing.  The State of VA. has, in the past, offered a substantial grant to small businesses who move some of their office workers to home offices.  But how do these companies maintain control of  home based computers used to access sensitive information?

4. Recent advancements in malware have made many of the older anti-malware technologies useless.  With little or no info security skills on staff, how will these companies ensure computers are not infected with spyware and keystroke loggers?

5. Liabilities are growing as threats increase – what policies must be in place and how do these businesses deal with compliance?

On Thursday we will be going through some of the business level mindsets from my book Data@Risk to address the root problems most of these companies have.  It’s a difficult area for these businesses, but our goal is to give them some direction on how to get their company thinking about, and doing the right things to reduce the amount of exposure they have; things they can actually get started with right away.

© 2012, David Stelzl

Back from South Dakota – we had about 70 attendees last night, mostly business owners and leaders from the local community.  About 90% of the companies represented signed up to have their security assessed…why?

Because the event was focused on their business and a growing need every attendee had in common.  This event had nothing to do with products, or the WHAT Golden West Technologies (The sponsoring VAR) sells.  It had everything to do with educating those who have worked hard to build businesses, and who want to keep those businesses going in the future.

This is the time to be talking about security…just this week government representatives and consultants have made statements in the Wall Street Journal saying things like, “Consider every one of our networks to be compromised”, “All we can do now is focus on preserving the data”, “We are losing the war with cyber criminals.”  I also read in Wall Street this week that business leaders tend to shy away from knowing too much…but with a compelling campaign encouraging them to take action, we had over 70 responses in just a couple of weeks.  5 or 6 had to cancel, but consider some of the average attrition rates at lunch & learn programs and you’ll see numbers like 50 and 60 percent.  This was a great event and more are needed just like it.  The business leaders need the education, and the solution providers need to take a more active role in helping business leaders understand the issues and why they need to be involved personally.  Last night was a perfect example of this in action.

© 2012, David Stelzl

 

Cyber criminals are winning!  This should be no surprise, but here it is again in the headlines – straight from the RSA conference…companies are losing the war and admitting it.

  • Huffington Post – Straight from RSA 2012:  “Some 70 percent of employees in one survey cited admitted to subverting corporate rules in order to use social networks or smartphones or get access to other resources, making security that much harder.”
  • RSA was hacked last year shortly after the RSA 2011 conference using a simple “email with a poisoned attachment – which had been opened by an employee.” – this in turn gave hackers, “access to the corporate network and they emerged with information about how RSA calculates the numbers displayed on SecurID tokens, which was in turn used in an attack on Lockheed Martin that the defense contractor said it foiled.”
  • Speakers at RSA called 2011 “the worst year for corporate security in history”  pointing to “the rise of activist hacks by Anonymous, numerous breaches at Sony Corp, and attacks on Nasdaq software used by corporate boards”
  • Most importantly – they all agree, “there is more to come.”

While all of this is bad for anyone running a company that relies on securing information to keep going (and that would be all of us), it also represents a huge opportunity like any major unsolvable problem does.  Just like doctors and pharmaceutical companies working on heart disease, diabetes, cancer, and other major health issues that plague our world, security professionals will profit from this as they rise to the occasion.  I am amazed to see companies missing this opportunity after such a long track record of growth.  It’s not over – not even close.  If you are not in this business, it’s time to join the war against cybercrime.  Your clients need it, and they are willing to pay.

Now, you might think I am wrong on that last comment.  I just got off the phone with a VAR owner yesterday who questioned if his clients are really willing to pay.  It has everything to do with your approach…people don’t see it, so they don’t believe it.

I have a client in the Northwest setting up his first executive-facing marketing event.  After just a few days of advertising we have 18 business owners signed up (all asset owners – qualified buyers, and new prospects)!  We haven’t even made calls yet – this is just the response to the marketing letter we mailed last week!  The point is, we designed our marketing campaign correctly – this is not a product driven event, although it is absolutely sponsored by the product manufacturers.  (That’s right – we did get JMF for this even though everyone keeps saying there is no money available for this type of event).

Working with another client on the east coast yesterday, we just completed our first webinar event. Again, the event was designed from the start to appeal to the asset owner.  We had a strong call to action, and 90% of our attendees signed up to have their security assessed!  This was just a webinar – it cost my client almost nothing to do it, other than time and some upfront education to do it right.  His team attended the Making Money with Security event and applied the principles…not a bad return.

2012 looks like a strong year to me – for those focused on the right technologies.  Join the war – it’s time.

© 2012, David Stelzl

We completed Day 2 of our online workshop Friday, with a strong focus on building a message that works, and taking it to market through five different methods.  The strongest of the five continues to be event marketing, but not without a clear understanding of what makes it work.  I received an email this morning from a long time friend and client stating the following, “Your stuff works!”  He went on to say, by using an event over the summer, he was able to connect with two very promising clients, which both agreed to conduct assessments.  After an initial look at their business, he was able to up-sell them on a more thorough, fee-based assessment, from which he identified several profitable projects, which then led to managed contracts.  This is the way it works…

© 2011, David Stelzl

The Importance of a Plan

Recently I have been working with a couple of different companies on marketing and business plans.  This morning, while preparing for a two day meeting with a security software company in Florida, it occurred to me how important it is for every sales person to have a plan in place if they aim to grow their business.  Hopefully this will help you put some structure to your next two quarters as we finish out 2011.

You plan should contain some or all of the following:

1. You strategic aim or vision.  This is where you are personally headed with your business –  your long term goal should be to run an account team (including dedicated presales, inside sales, and admin).  You may think this is impossible with the company you work for, however, it’s always a question of return on investment – your management thought you would quadruple sales, they would dedicate some people to you.  Even if you are a hunter, you still want to be running a hunting team.  To do otherwise is to set yourself up for starting at zero every quarter for the rest of your life.

2. Your niche – what will you be the adviser in.  I have written much about this topic, but here you want to identify it.  So stop and write something down, edit it later.  Where is your focus, and where do you specialize?

3. Your people group – again, stop and write this down.  Who do you love calling on, and where will you focus your growth.  You may not have complete control over this right now, but put it down and work toward it.

4. Identify your key competition.  Often when I ask, I hear, “We don’t really have any competition,” or “IT is out primary competition.”  While that may be what seems right, it really isn’t.  Know who is out there, and what they say is their value proposition.

5. Pricing – study and understand fee setting and write down some guidelines for yourself on how you will set fees, where you will discount, and under what circumstances.  Also, have a plan to learn negotiating skills and work through it in the coming months.

6. Identify key partners; if you resell, include vendor sales people in your region that you can help, understanding that they will often bring you into deals and promote you as the go to channel partner once you establish loyalty.  If you are on the product side, the same is true with channel partners.  Plan to make this model work.

7. Plan out campaigns and events.  Encourage your company and partners to join you in setting up events, speak at local business meetings, write articles, do press releases, and set up webinars.  Have a marketing strategy to take this program forward.  Also, get a strategy on how to leverage social media – everyone is doing, few understand how.

8.  Put a plan in place to build your pipeline.  This should include time with existing customers, past customers, and new prospects.  Each should be approached differently, but a plan is needed to balance your time and think through your approach.

Print it, update it, use it.

© 2011, David Stelzl

August is almost here, and I want to thank Cisco for sponsoring me to speak to a select group of their partners…Seating is limited, but if you sell Cisco and plan to attend either the BlackHat or Defcon conferences this year, you can register here to attend this special session on selling security solutions.

We are meeting at the Rio on August 4th – in the evening; the location of this years BlackHat conference.  I’ll be covering some of the strategies and materials I personally use as I meet with executives all over the US, showing them why companies, no matter how much they spend on security, continue to be victimized by hackers.  I will also show you how my clients are leveraging this material to gain access to decision makers, and how justification is created to move forward.  Please plan to join me – I look forward to seeing you there!

Sign up Here (Click) while there are still seats available.

© 2011, David Stelzl