Making Money w/ Security This Week

lockOur fall schedule is under way – in fact, I kicked off the bow hunting season last night with a successful hunting trip deep in the woods of my back yard!  (Sorry no pictures from last night’s events).  Needless to say, we were up late…but I digress.

The schedule I’m really talking about has to do with events and training programs – so we kicked off day 1 of our September Making Money w/ Security Class – if you’ve never been or have colleagues who would benefit, here’s the next two month’s worth of classes…sign up! 

Yesterday I was on the phone working with an attendee from last month’s class – you get a one hour coaching session as part of the class.  We spent some time reviewing  key concepts, but from there we dove into his particular territory challenges. New with his current consulting company, breaking into large accounts for the first time, and focusing on security…we looked at his messaging, use of the phone and email, how to maximize his time and hit rate, and who to be talking to about what.  Here’s what he wrote his manager after the call:

“I can’t speak highly enough about the quality of the training and how grateful I am to have been able to partake in it. It’s made a significant difference in my mentality regarding my job and how to go about it. The strategies I’ve learned as part of it I’m using every day and am continuing to put into practice lessons learned during the 3 sessions.

I would advise in the strongest and most staunch terms to continue the sessions for our sales personnel; … we’ll all make more money and have far greater relationships with our clients because of it.”

Thanks for your comments!

Low Hanging Fruit

On day one we always start by setting the stage with an overview of the latest security issues and trends.  Last night I asked attendees to come back with some of the low hanging fruit they see in the accounts they’re calling on.  Here are some of the responses….

  • Lack of incident response planning (CERT)
  • Failures in maintenance/patch/update processes
  • Lack of understanding of risk and impact. (Should be IMPACT & LIKLIHOOD)
  • Email issues – malware, lack of encryption, archival…
  • Backup issues –  sensitive data and generally backed up to tape or external hard drive
  • Network connectivity issues -???
  • Server failing and lack of business continuity best practices
  • BYOD – lack of management, access control, etc.
  • Current IT support provided by a single person or a really small IT firm that is based on the break/fix model
  • Businesses do not have disaster recovery options in place or they have not been tested
  • Data leakage

Some good thoughts here – but today we’ll cover predictable messaging and how a value proposition must be delivered in light of current customer needs and perceived needs…an important lesson on marketing and messaging.


Sound Bites

Of course we always cover sound bites on day one – it’s amazing to me how powerful a sound bite can be, yet how much of a set back there is in using a sound bite incorrectly.  I spoke with several people this past week about their resumes as they look for new job opportunities.  Some of the input they’ve received from human resource and recruiter types is just downright wrong with regard to sound bite usage…today we’ll be reviewing some of the sound bites to test them against what the marketing gurus tell us is the right way to think about sound bites.  Some of those submitted last night include:

  • BITE: According to the Sans Mobility/BYOD Security Survey over 61% of companies responding allowed employees to BYOD but less than 50% feel confident in their BYOD policies. – COMMENT: not a bad quote, all encompassing, and from a solid source (SANS).  However, will executives recognize or believe the source?  Probably not…I would not use it.
  • BITE: “About 40% of people are not taking the most basic security procedures, like setting up a screen lock or putting software on the phone that could find the phone if it’s lost or stolen. – Fox News”  COMMENT: This is good if we tie it to business and the BYOD movement…recognizable source, pervasive, and tied to what I would call one of the key initiatives out their for most midsized companies – mobility.
  • BITE: “Companies know they’re not spending anything close to what’s needed to make their networks invulnerable to attack, according to a 2012 study by Bloomberg Government. – Bloomberg” COMMENT: Strong source – and while it’s not that new, it’s new enough to stand up to the passive attitudes we see out there. The trick now is to tie this to some method of securing, or a mindset to be adopted by organizations.  If I can show them where companies are failing, I’ll have a place to take this sales discussion.  We’ll talk more about this in today’s class.

I hope to see you in an upcoming workshop…

© 2013, David Stelzl




One thought on “Making Money w/ Security This Week

  1. After going over a number of the blog articles on your site, I honestly like your technique of writing a blog.
    I saved as a favorite it to my bookmark website list and will be checking back
    in the near future. Please visit my web site as well and tell me what you think.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s