Archives For Cyber Security

U.S. Eyes Pushback On China Hacking

Reads the headline in today’s tech section of the Wall Street Journal.  Over the past several months there have been numerous articles published in the Journal – some saying this is real, others denying it…I appreciate one article stating that these attacks are small enough for our government to ignore, so that there is no one single incident demanding a response, but big enough to threaten the long term viability of some of the major companies in the US.  In another Journal article I read, “All major US companies have been successfully compromised…”  Where is this all headed?

Companies who insist “They’ve got it covered…” are in trouble in my opinion.  No company is really impenetrable.  In fact, the idea of using a pen-test to show your clients that their data is safe is a false sense of security.  A failure to break in simply shows the incompetence of the pen-testing team.  It certainly doesn’t mean the company is well secured.

In today’s article the Journal reports – “The Obama administration is considering a raft of options to more aggressively confront China over cyberspying,…, a potentially rapid escalation of a conflict the White House has only recently acknowledged.”  The key phrase here is, “Only recently.”  Why have government officials denied this for so long?  Perhaps for political and economic reasons. The Journal states it like this, “Before now, U.S. government officials and corporate executives had been reluctant to publicly confront China out of fear that stoking tension would harm U.S. national-security or business interests.”

Why are the Chinese on the attack?  “China is stealing trade secrets as part of plans to bolster its industry.”  It’s simple, the US has a greater capacity for innovation.  By invading company’s intellectual capital, other nations can cut thousands of man-days out of the R&D process.  Google, EMC, RSA New York Times, Wall Street Journal, and many other well-known companies, along with many federal organizations including the Pentagon, have reported problems traced back to China in recent years.  However, things like “dependency on China to underwrite U.S. debt and to provide a market for U.S. businesses,” have allowed these nation-state sponsored attacks to go unchallenged.

Recently our government officials have come out saying, “Cybersecurity threats are the greatest threat to our security—economic security, political security, diplomatic security, military security.”  No matter how big your customers are, cybersecurity is something you want to understand and engage them in.  We’ll be covering more on this threat in the coming weeks as we approach the May, Making Money w/ Security workshop.  I’m looking forward to seeing you there.

© 2013, David Stelzl


Making Money w/ Security

I’ve just scheduled our next Making Money w/ Security workshop…if you’ve not been to this workshop, I highly recommend checking it out.

This is by far my most popular training class, and it’s all online for those who don’t have time to travel, or don’t have enough sale people in one location to host a live workshop.  It doesn’t matter if you call on SMB or enterprise, those who have attended this workshop have told me, “It works!”

This is not generic training like you would find with a Sandlers or other common sales training program – it’s high-tech, network and system security specific, led by someone who has sold security solutions and develop security practice areas.

Wall Street Journal reported a few weeks ago that Cyber Security is one of the most highly sought after skills in our nation.  Learn how to sell larger security projects that involve security strategy, assessment of risk, remediation, and ongoing managed security solutions.  I’ll show you where to look, who to talk to, what to say, how to price, and how to close.  It’s 3 days, 2 hrs each day – right at your desk.

You’ll receive a soft copy workbook, login instructions, and access to this live workshop.  It’s not recorded, and it’s not a trainer.  I conduct these sessions live, answer all of your questions directly, and provide one hour of 1-1 coaching after the session to help you apply these concepts to your personal business.  Join me on May 13th, 2013, and I’ll help you make this a great year.

Here’s the link with more information and a place to sign up: (LINK)

© 2013, David Stelzl

Lexington Airport

Lexington Airport

Yesterday I met with over 60 business leaders in Lexington Kentucky, representing more than 40 companies, along with NetGain Technologies and representatives from Cisco Systems…I shared with them some of my major concerns in the area of cyber security for the coming 12 months.  Studies show that over 80% of small business leaders are not concerned with security, feel they are pretty safe, and consider the Internet a critical part of their IT infrastructure.  Yet, nearly the same number have no formal security plans, have no way of detecting an intrusion, and worse, 90% of Visas reported cyber incidences come out of small business.

At the end of our session, NetGain extended an offer to provide a some simple tests that would allow their guests to see if they have been under attack.  The FBI tells us that it is often more than 14 months before this type of intrusion comes to light – often too late to recover. Some simple diagnostic tests can often prevent a disaster down the road.  Just about every attendee agreed that this was a necessary next step in the right direction – over 70% scheduled right there in the meeting and will be conducting these tests over the coming three weeks.  Several of the larger firms also committed to getting more user awareness training into the hands of their end-users.  This is by far the biggest point of vulnerability and must be addressed by business if they plan to protect their data.

© 2013, David Stelzl

Up to $30 billion in Cyber Security – The US government is right now in the midst of evaluating the state of security across US Internet infrastructure; I don’t expect good news to come out of this.  Budgets aren’t yet established, but it’s going to be in the billions, and numbers like 30 billion are being tossed around.  Who will get these contracts?  Will they go to firms that really understand security?  If you have connections in the federal space, and a team that understands security, I’d start making friends with Information Assurance and talking about it. Another option is to start a federally focused sales team (be aware you’re going to need some certifications to do this).  A recent Wall Street article states the alternative,

 “Some intelligence officials worry the government’s clunky contracting system will end up awarding contracts to familiar big companies that lack the highly skilled technicians who gravitate toward smaller firms.”  Do you think Northrop Grumman and Lockheed have the skills to pull this off or is the money better spent on smaller more specialized security focused firms?  I’d love to hear you opinion on this.