Archives For June 2009

I just completed a two day Profit Program Workshop in Tampa FL.  This workshop is specifically built for business owners and executives charged with building a profitable solution provider business in the technology space.  A few key points worth noting:

  1. Value cannot be based on the products you sell
  2. Just about everything you sell is a commodity – the exception is your IP
  3. Educational based marketing topics must target executives, not IT
  4. Referral business is much easier when there is a business benefit to what you sell.
  5. No one really wants to buy another computer right now.
  6. Your marketing message must have synergy across all marcom, websites, and discussions
  7. 40% of your business revenue should be recurring – this builds strong valuation.
  8. Risk mitigation is the first thing people will spend money, but it must be urgent.

Heartland is working on security – comments from the top may help you as you talk security with the business leaders running the accounts you call on…Some great sound bites sent over by a recent workshop attendee – thanks Tim!

COMMENT: Notice PCI isn’t enough.  It’s interesting that Heartland was considered compliant before the breach, but not after.  No change to the security system, just a failure to protect the data (something not listed in the PCI standards).

“Carr says that one lesson he’s learned from the breach is that the industry’s security standard, called Payment Card Industry or PCI, doesn’t go far enough. It’s the “lowest common denominator,” he says, adding that the audit didn’t detect the vulnerability that led to the hack even though it had existed for years.”

COMMENT: Heartland was not required to disclose this breach…read why!

“The laws typically cover so-called personally-identifiable information, which includes some sort of number in combination with a name. The data the hacker stole from Heartland only included credit-card numbers and bank codes. That was enough for the hacker to steal money from card holders’ accounts, but because there was no way for the bad guy to learn the identities of the card holders, Heartland wasn’t required under state laws to disclose the breach.”

COMMENT: Heartland’s voluntary response goes beyond PCI.  Remember Tylenol and the Solid Come Back?  I was there…working with McNeil at the time.  The proper response makes all the difference.

“Heartland is getting ready to roll out a more secure credit-card processing system for its customers. The new system, which will be available on a trial basis starting in the third quarter, will encrypt credit-card data from the time cards are swiped at a store until the data are delivered to the issuing bank.”

(Quotes from:

© David Stelzl 2009

Web Ad Sound Bite from the WSJ

Do the users in your accounts ever click on web ads?  I’ve often said that it’s easy to break in – and it’s getting easier as hackers develop more clever rues to trick users into installing malware.  Yesterday’s WSJ reported on the use of web ads saying,

“Viruses can be incorporated directly within an ad, so that simply clicking on the ad or visiting the site can infect a computer, or ads can be used to direct users to a nefarious Web site that aims to steal passwords or identities. In most cases, the problem becomes apparent within a matter of hours and quick fixes are put in place, but that’s not fast enough for Internet surfers whose computers end up infected or compromised.”

Let me add one comment to this.  I don’t like the use of the word virus here as virus generally refers to something disruptive and apparent.  Malware or more specifically, spyware and Trojan would be more accurate. – free audio on my Podcast Site!

It helps to have sound bites from a source that’s credible.  Regardless of your political views, it always helps to have the president’s quote on what is happening.  Here are sound highlights from his recent speech on cybersecurity.

  • In one brazen act last year, thieves used stolen credit card information to steal millions of dollars from 130 ATM machines in 49 cities around the world — and they did it in just 30 minutes
  • A single employee of an American company was convicted of stealing intellectual property reportedly worth $400 million.
  • It’s been estimated that last year alone cyber criminals stole intellectual property from businesses worldwide worth up to $1 trillion
  • we know that cyber intruders have probed our electrical grid and that in other countries cyber attacks have plunged entire cities into darkness.
  • Al Qaeda and other terrorist groups have spoken of their desire to unleash a cyber attack on our country — attacks that are harder to detect and harder to defend against.
  • In one of the most serious cyber incidents to date against our military networks, several thousand computers were infected last year by malicious software – malware
  • cyber threat is one of the most serious economic and national security challenges we face as a nation.
  • It’s also clear that we’re not as prepared as we should be, as a government or as a country.

Here are just a few notes, personal observations, regrets, and improvement points from participants that attended the Making Money with Security level one workshop in Boston this week:

  • A great sound bite on 40,000 websites infected this week with malware that spreads to PCs with key loggers, changing its form to avoid detection –  This just sent in by one of my clients in the mid-Atlantic region.  Stay tuned for more current sound bites.
  • Leading with product makes price my primary differentiator – not good.
  • Security is a discipline – not a product.  I’m going to make this part of every sale.
  • I need to work on my value proposition before meeting with executives – we only have one shot and it has to be perfect.
  • The most important point – how to keep an executive engaged long term – not get delegated down to IT.
  • I need to learn how to sell to people who are not in IT.
  • I wish I could get our entire sales team to understand these concepts!

Apparently my uploads from overseas did not work as expected, causing the last couple of podcasts to end abruptly.  I have reloaded these at so you can now listen to the entire program.  We’re going through some of the executive messaging in more detail right now, so if you’re not signed up, make sure you enroll and catch up on the past 5 or 6 programs.