Archives For executives

Irvine CA. Sunrise

Irvine CA. Sunrise

Irvine CA….

Are Your Secrets Still Secret?

Hackers target startups that secure early-stage funding. Some startups are detecting heightened cyberattacks just after they raise Series A funding.” According to recent reports from the Wall Street Journal.

Business leaders tend to disregard this kind of news because their IT people are telling them, “We’ve got it covered.”  This afternoon I will be speaking to a group of CIOs in Irvine California, hosted by Accuvant and sponsored by McAfee.  This is a message every business leader needs to hear – before it’s too late.

The criminals aren’t sitting around worrying about new technologies that thwart their mischievous deeds.  They’re researching, testing, and collaborating.  The amount of money that goes into R&D on the enemy’s side hasn’t been published like it often is with security technology companies.  For instance, Cisco is proud of the fact that they spend around 300 million on security R&D annually (last I heard).  But innovation is happening on both sides, and the attacker is usually ahead (if not always ahead.)  There is no telling how much effort goes into their side, but based on the attacks we’ve seen, it’s significant, and should be scary.

A New Target: Start Up companies

“In March 2012, when cybersecurity startup Skyhigh Networks received $6.5 million in funding, the company noticed a marked increase in outsiders looking for vulnerabilities in its network.”  Nation State sponsored attacks, as well as competition, may be the instigators here.  Recent Patent Law changes encourage the theft of intellectual property when it deals with innovation.  The person who files first has an advantage over the patent rights…that means that as your clients are inventing, others are watching online to see when a development is ready, but not yet filed in the patent office.  This would be a good time to strike.  Notice that the security risks are suddenly higher at this point.  The measurement of impact goes up, but so does the likelihood of attack (an important model covered in my book, The House & the Cloud).  Understanding this is key to building a solid security architecture – it is also critical for the security provider if you want to better understand the sales cycle and how to justify a change in security spending.

Chinese Government – Are They Really Hacking?

There have been numerous hacker reports about Chinese Government over the past year.  Are they really hacking into US companies?  I have not personally experienced this – however the news is certainly saying, “Yes”.

“The disclosure early this year of a secretive Chinese military unit believed to be behind a series of hacking attacks has failed to halt the cyber intrusions,” according to Reuters’s Deborah Charles and Paul Eckert report.  Wall Street published this earlier in November, pointing to the People’s Liberation Army’s Shanghai-based Unit 61398 – the primary suspect. This sounds pretty specific.  What are they after?

According to the above mentioned article, this effort involves “cyber espionage to steal proprietary economic and trade information,” from the US.  In other words, they are after US innovation – taking what has taken years to develop, with a plan to develop the same innovations without the cost of R&D. Expect these new products to come on the market for much less, competing with the inventor on price.  This is called a copycat product, and often puts the inventor out of business.

If your clients are still thinking they are safe, have avoided attacks, and have it covered when it comes to keeping their innovation secrets under cover, they’re likely out of touch with the real world.  IT has often said, “We have it covered,” only to later find out that hackers have been inside for years.  The FBI says it takes 14 months, on average, to realize you’re under attack, but many companies will never figure it out – soon it will be too late.

© 2013, David Stelzl

 

Advertisements

IMG_9025“What questions should I ask when meeting with an executive?” This question came up about three times last week during various marketing events, coaching calls, and emails with clients – “Can we put together a list of questions for the sales team to use when talking to executives?”  I usually get this question when talking about Marketing Events and Demand Generation follow up – that’s about the only time I see sales people really engaging with executives in a proactive discovery process.

It feels better to have a list of questions – a list of 5 to 7 questions that can be read from a script, with a place to record answers.  But don’t expect this to actually work.  If it were that simple, sales people would be in front of executives with a list like this all the time.  My experience is, once you pull out the list, you’ll lose your audience’s attention.  One size can’t fit all – and if you need a list, it’s clear that you don’t do this very often.  Imagine pulling out a list to ask your spouse how their day went.  What would they think?  Well, they might wonder if this were a conversation or a project for school?

What Questions Should I Ask?

Instead, I recommend using a framework.  A series of topics that guide the conversation.  This framework has to be second nature – memorized.  This takes some practice.  In my book, The House & the Cloud (available for free as a PDF from my blog sidebar), I provide an example of a security focused discovery conversation.  I start out by exploring things that my client feels are critical to their business.  The heading reads, “What are you trying to protect?”  But the essence of the question goes much deeper – because its not really a question; its a framework.  I am searching for those applications and data repositories that contain highly valuable data.  It might be client data, intellectual capital, or some application that allows the business to work ten times faster than it would if certain work were done manually.

The second line of questioning focuses on threats.  “What would threaten these critical systems?”  This requires some give and take.  The client may not know how to answer this – the sales person might need to explore this with the client, coming up with possible threats based on the business vertical, type of data, cybercrime trends, or current conditions of the business (for instance, on the cusp of some new invention.)  The final area deals with the company’s ability to detect a problem before it’s too late.  This is a shorter question.  At this point, the sales person would have most of the data they need, but would want to know how comfortable this particular “Asset Owner” (as I describe in the book) is with their company’s ability to see into the network.  Don’t confuse this with a technical question about intrusion prevention software.  What you’re looking for here is a clue as to how safe or vulnerable this asset owner (who owns some level of liability) feels with regard to their data and applications.

How Does A Sales Person Learn This?

How does a sales person master this process?  The simple answer is, “training and coaching”.  Unfortunately, at least in this industry (technology sales), companies have substituted product knowledge for sales training.  Knowing your product is necessary, however, product knowledge is not sales training.  The executive discovery process is something that takes practice.  It’s intimidating to walk into a business owner’s or VP’s office.  One bad meeting with a CIO might be the final nail in the coffin for a promising account.  But what if the sales manager were to set aside time weekly, during the sales meeting, to run through a few tips and to have a couple of people practice?  What if it were part of the regular routine to provide new insights and experiences shared by other team members?  Perhaps you could master this skill.

Getting Started

A great conversationalist has a skill – and great sales people need this skill.  When it comes to working with executives, and working through the discovery process at that asset owner level, there is no substitute for having been trained and coached on executive level conversations and interview skills.  Here are three things you can do right now to get started:

1. Read the CIO journal section of the Wall Street Journal – be able to discuss trends such as cloud services, BYOD (Bring Your Own Device), social business, and information security, and be able to make application to business.

2. Read the books other executives are reading.  This might require you to ask around – which can’t hurt.  Recent books by Jim Collins are always a good place to start.

3. Practice…look for people in social settings and push yourself to listen and learn from them.  Ask questions about how they got into their profession, what has made them successful, how they would advise a young person entering their field, and what cautions they might give to someone entering that field.  People love to share their war stories.

© 2013, David Stelzl