Yesterday we completed day two of our Making Money w/ Security Workshop (Online). A couple of questions came up that might be helpful to anyone selling security solutions…
Sound Bites and Helpful Articles
One person asked about some of the sound bites I mentioned as we went through the session on how to effectively use sound bites.
1. I mentioned a WSJ article that describes how the CISO/CIO needs to be involved in the overall security architecture – Here’s the link.
2. In a recent interview with Richard Clarke, reported on by Ron Rosenbaum, the statement was made that Every Major US Company Has Already Been Hacked Into – where is the article? Here’s the link…
3. The WSJ article that references how 70% of small businesses think they are secure -I comment on this in one of my blog posts – here it is.
Typical Responses to the Question, “What are you trying to protect?”
One of the three questions I ask in my book, The House & the Cloud, is “What are you trying to protect?” When given the opportunity to sell a security product, this should be your first question. It’s an Asset Owner question. IT can’t answer this question – so don’t look for answers like – servers, storage, network, etc. Rather, you are looking for internal systems and applications business people rely on. Your best answers are going to be the internal names of systems they use. In one business I worked with, the company kept referring to their FIS system – FIS for Financial Information Systems. I worked on another project involving the ARMS systems – Account Relationship Management. These are the internal systems asset owners use every day to do their job.
Another possible answer might refer to intellectual capital, R&D data, trade secrets involving a new development or secret formula such as is used in Coke products or Michelin tires. The bottom line is, if you’re asking a technical person, you’re not likely to get what you need. Learn to speak the internal language and you’re likely to get a lot further down the road on the sales process.
Today we will be covering effective security assessment strategies. I will be going through several real assessment projects, looking at deliverables, and showing why a thorough security assessment that did uncover “Bad stuff” doesn’t necessarily lead to remediation work. I also want to show some simple ways to rewrite the assessment deliverable to drive that remediation process forward.
© 2013, David Stelzl