Written by Dave Stelzl CISSP

Making Money w/ Security Day Two…Questions

lockYesterday we completed day two of our Making Money w/ Security Workshop (Online).  A couple of questions came up that might be helpful to anyone selling security solutions…

Sound Bites and Helpful Articles

One person asked about some of the sound bites I mentioned as we went through the session on how to effectively use sound bites.

1. I mentioned a WSJ article that describes how the CISO/CIO needs to be involved in the overall security architecture – Here’s the link.
2.       In a recent interview with Richard Clarke, reported on by Ron Rosenbaum, the statement was made that Every Major US Company Has Already Been Hacked Into – where is the article?  Here’s the link
3.       The WSJ article that references how 70% of small businesses think they are secure -I comment on this in one of my blog posts – here it is.

 

Typical Responses to the Question, “What are you trying to protect?”

One of the three questions I ask in my book, The House & the Cloud, is “What are you trying to protect?”  When given the opportunity to sell a security product, this should be your first question.  It’s an Asset Owner question.  IT can’t answer this question – so don’t look for answers like – servers, storage, network, etc.  Rather, you are looking for internal systems and applications business people rely on.  Your best answers are going to be the internal names of systems they use.  In one business I worked with, the company kept referring to their FIS system – FIS for Financial Information Systems.  I worked on another project involving the ARMS systems – Account Relationship Management.  These are the internal systems asset owners use every day to do their job.

Another possible answer might refer to intellectual capital, R&D data, trade secrets involving a new development or secret formula such as is used in Coke products or Michelin tires.  The bottom line is, if you’re asking a technical person, you’re not likely to get what you need.  Learn to speak the internal language and you’re likely to get a lot further down the road on the sales process.

Today we will be covering effective security assessment strategies.  I will be going through several real assessment projects, looking at deliverables, and showing why a thorough security assessment that did uncover “Bad stuff” doesn’t necessarily lead to remediation work.  I also want to show some simple ways to rewrite the assessment deliverable to drive that remediation process forward.

© 2013, David Stelzl

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s