Archives For cissp

Interviews Are a Great Way To Get Started With Video…

If you want to start using video in your marketing – positioning yourself as an expert, your fastest path is to start interviewing industry experts, authors, clients, and others…the more you do it, the better you’ll be – and the more relevant you’ll become to your target audience…

The best part is, there’s no text editing required…

Copyright, 2019 – David Stelzl



Here’s a common question that came up in our class yesterday…

Question: What about clients who understand there is a risk, but are comfortable with their current solution?

Answer:  If a company really has what they need, there is no reason to up-sell them.  However, it is rare to find a company that has a reasonable security solution, particularly in the mid and smaller market companies.  Reports from the WSJ and other sources tell us that even those who are under strict compliance regulations such as PCI are far from compliant, and experience tells me that if were to conduct a simple risk analysis, not only would there be many vulnerabilities, but it is highly likely that desktops and servers would be compromised by bots – something some dismiss as trivial, but shouldn’t take lightly.

An article this week from Wall Street underscored the importance of having more than just protective barriers in place.  75% of employees admit to stealing data when leaving a company, and 75% of those involved in a recent study gave into online predators (disguised as a 25 year old female,) to the point of giving up online passwords in some cases, and other sensitive information in all cases!  And a review of 2011 news articles reporting data compromises will tell us that bot technology and web threats are behind a high percentage of all hacker attacks.

Looking back on the marketing events I have conducted this year, far more that half of the business-level attendees have agreed to conduct risk assessments, and while these assessments were often provided as a complementary service, they almost always led to remediation projects and managed service contracts when performed and presented correctly (Key point here.)

So for the few companies out there that don’t want to know, and don’t really care – either you are talking to someone who is not really an asset owner, or the person you are talking to is suffering from a case of “foolish thinking” – time to move on to another prospect.

© 2011, David Stelzl

Custodians are important.  Imagine how your office would look if no one ever cleaned up, took out the trash, vacuumed, or wiped off tables after an all day board meeting.  It would be disgusting.  Things would get so bad after just one week that you would probably move your office back home.

Influencers in the sales process are like custodians.  In fact, in the CISSP study guide, security administrators are referred to as data custodians.  They manage the data, keep systems up and running, and provide maintenance type activities on the systems that house and process data.  All of this is important.

But let’s not confuse these important custodial responsibilities with strategic decision-making and liability.  While it may be easy and even informative to meet with custodians, it does not lead to big business deals in most cases.  Stop positioning yourself as a peer to custodians, and start thinking of yourself as an adviser to those leading the business.  If you don’t have what it takes to advise, get on a program to change.  Become an adviser.

© 2011, David Stelzl