Archives For IT spending

tradeshowDo You Know What CIOs Are Struggling With Right Now?

IT Doesn’t…

What would it be worth if you knew something really important, that your IT clients don’t know?

It might lead to that coveted Trusted Advisor status – if you presented it right.

I opened Thursday’s session at SecureWorld Charlotte with  “The One Big Mistake Companies Are Making w/ SECURITY”. My session was packed! Standing room only. and a wall full of stand-ups…

I guess people heard me telling funny stories and decided to wonder in from the hall. After all, even technology sessions should be fun to listen to.

But here’s the surprising fact.  After assessing who was in my audience (mostly F500 company IT people), I asked for input on the CIOs role in 2016. No one had the right answers!  No One!  I did get generic answers like, Security.  And yes, Gartner and The Wall Street Journal are reporting this.  But it’s old news, and only one person in the room raised their hand when I asked who is reading the CIO Journal Section.$1 HC Book Ad

No wonder IT has a hard time convincing their leadership to do the right thing. Even when selling internally, good marketing starts “where people are” and takes them “where they need to go.”

Given the walls that exist between IT and executive management, event a great marketer will rarely be heard.

One thing everyone did agree on – their end users are heading toward More IoT, More Cloud, and More BYOD…even those companies that claim to not be doing BYOD, are.  People are going to use their phones for email regardless of what the company does. Even if they have to use their gmail account – Ref. Ms. Clinton.

So what are CIOs doing in 2016:

  • More interaction with the Board.
  • More involvement in company strategy – because it all hinges on using technology.
  • Finding ways to leverage IoT, Cloud, Big Data, and Social Business – to achieve better customer experience / competitive advantage (Think Amazon vs. Walmart). And remember Walmart is big on technology – but their customer experience is miserable.
  • More focus on security…  (Have your read recent reports on Target’s failure to expand into Canada – blamed on IT mishaps!)

But Also Take Note – IT Budgets and Security are a Challenge:

  • IT spending is down 5.88% as of Q4, 2015!
  • IoT spending is up and growing!
  • Compliance will continue to grow and demand more budget – but won’t make things more secure (in most cases).
  • Security talent is growing scarce. Only the very large companies will have real security talent…the rest will work for consulting companies. (Meaning the mid and small market needs it from a third-party source.)

Lots to think about in 2016!  If you have security answers – this could be a great year for you and your company.

© 2016, David Stelzl





DemandGenLogoIf You Want to be Relevant In Your Technology Sales Role

There are 7 Things You should be Focused On

Security is more a people problem than it is a technical one. Many of the losses you read about could be prevented if people better understood how security works, and how data is compromised. In each of these concerns you will see a technical issue. But underlying most are mindset problems. Mindsets that could be changed with some education. Stop talking product, and start talking like this when meeting with prospects.

  1. Malware Advancements. The bot, or robotic malware, is the most common tool used to compromise computers today. Most people are thinking about viruses, but bots are not viruses. They install on your computers when you download infected emails or files, or visit an infected website. Just about every company has bots. Most don’t realize how dangerous they are or how to detect and remove them. The problem is, because they are so common, even technical people treat them as “normal”. Brian Krebs just put a great book called SPAM NATION, The Insider Story of Organized Crime – From Global Epidemic to Your Front Door. I’m just into the second chapter, but I can already tell this is going to be spot on. If you want up to date, relevant stuff to talk about with your clients, get this book and study it.

Spam Nation, Brian Krebs << Get it on Amazon.

  1. Trends in Mobility and BYOD (Bring Your Own Device). BYOD initiatives are going on in companies all over the world right now. Since almost every aspect of life involves technology, drawing a hard line between work and personal is becoming impossible. And no one is going to carry two laptops or two phones for long. This will become more and more pervasive over the next few years as generation C evolves. The destructive mindset here is thinking that computing on one device or in one location is just as safe as any location. And so your employees are likely to store and transmit your company’s secrets just about anywhere and on any device. They’re assumption is, security technology has me covered. They’re wrong.

Blog Subscribe Ad

  1. Misuse of Social Media. The use of social media at work has been an Achilles heal for office managers for several years now. It’s a time waster. But wasting time is of little concern when compared to the mindset social media has created. Remember when people were afraid to purchase something online? Or when it was scary to write something about yourself or post a family photo? That’s gone. People send naked pictures of themselves across the Internet everyday. If they’re willing to do that, what will they do with your data? In a recent WSJ article, one financial firm reported that 75% of the men in their company gave up highly sensitive information to a woman on Facebook. But get this, 13% of them gave away company passwords. You might have guessed, but this was a 40-year-old male, white hat hacker, posing as a woman to test the integrity of the office workers in that firm. How can companies like yours protect against this type of irresponsible behavior? 
  1. Misunderstanding Compliance. Compliance is not security. Lawmakers would like to think that HIPAA or GLBA compliance are going to keep healthcare and financial data safe. But the truth is, compliant companies get hacked all the time. Compliance rules are set up to move a company toward security, but in no way are they actually addressing the problem. The problem with compliance, according to McConnell is, “Once a company passes the compliance audit, they stop working on security.” Compliance is the law, but in my opinion it’s too often just a distraction from true security.
  1. Internal Threats. Cybercriminals, spies, and hacktivists are real. But in just about every major data breach, there’s an internal component. In some cases it’s operator error. In other cases it’s a bribe to cooperate with an outsider. The perimeter security mindset assumes that the threat is always outside, yet a recent WSJ report tells us that 75% of employees admit they steal data. When employees don’t get promoted, do get laid off, or move on to a better opportunity, you can assume they’ll be taking data with them. But it’s also true that a hacker can easily pay off one of your employees, giving them 3 to 5 times what they make in salary to cooperate in a data heist.
  1. Nation-State & Advanced Persistent Threats. You’ve probably seen the term, “Advanced Persistent Threat,” or APT. What is this? The APT are groups of people that want in – they are a “who”, not a “what”. Google “Stuxnet” (a highly sophisticated attack targeting the Iranian nuclear uranium enrichment program,) and you’ll start to get a glimpse of the control the hacker has over us. Or consider cyberwarfare attacks that have taken down power grids – they’re seemingly unstoppable. The APT is bigger than malware. These groups are sophisticated, well sponsored, and determined to get something they specifically want. In other words, they are “Persistent.” If they can’t get what they want one way, they’ll simply find another entry point—likely through an unsuspecting employee or third party supplier. If they have to, they’ll pay off an internal employee to get the access they need. 
  1. Cyberterrorism. Finally there is the threat of war or cyberterrorism. While many of these things may not directly impact the small business owner or entrepreneur, they are real. In a worst-case scenario, hacker groups are capable of taking down power grids and other critical infrastructure you rely on to carry on business. There’s not much you can do here to protect yourself. The best thing is to just be aware of it and at some level be prepared for disaster.

In a recent interview with Matt Keane of RiskIQ, we discussed the relevance of security going forward. Over the next 5 years expect your hardware sales to drop off. If you want to grow your business you either need to move into AppDev – with a focus on customer acquisition, customer experience, and customer retention, or you need to focus on security. If you sell infrastructure today, security will be the easiest direction to head. This is what everyone out there needs – the opportunity is big. The challenge is learning how to get to the right people, and how to deliver the right message. When you get there, budget will be available.

Learn more about selling security – check out my newly released Security Sales Mastery Program…

Master the Security Sale  <<< Click to Learn More!


© 2014, David Stelzl

Here are some ways to increase fees without penalizing your clients.

  1. Measure risk – Impact and likelihood, of a disaster, jointly place a value on it and set your fee accordingly.
  2. Look for problem areas that consistently show up across the companies you do business in.  Come up with solutions and use this material to call higher.
  3. Trade product gross profit for recurring revenue.  This builds annuity rather than a one-time transaction.
  4. Use Assessments rather than traditional open-ended questions to discover larger opportunities.
  5. Be willing to give away assessments in order to reach higher-level people in the account.  This leads to selling larger value priced deals.
  6. Propose options to build adjacent business in the accounts you are already working.
  7. Build greater expertise into your consulting group to offer more complex solutions
  8. Develop presentation skills that appeal to the executive level.  You’ll find that you are worth more to them than the next guy.
  9. Pass up smaller transactions to create more time for complex deals that offer greater reward.
  10. Develop stronger marketing programs to position your company as the expertise leader, rather then the low price leader.

© 2011, David Stelzl

I call decision makers, Asset Owners.  They make decisions because they manage assets, and as asset managers or owners, they are liable.  Some distinctions from yesterday’s post may help guide our thinking on the next sales opportunity:

1. Asset owners are building a business, IT is building an empire.  Ask the IT person if they want to save money.  Perhaps they’ll say yes.  Then show them how you can replace their entire team with managed services and see what they say.

2. Asset owners are managing risk, IT is maintaining boxes.

3. Asset owners are held responsible for the security of their company’s secrets, IT can simply claim they are doing the best with what they have.

4. When an asset owner’s data is compromised, customer’s blame them, not IT.

5. If something really bad happens…the asset owner may be out of a million dollar job, their picture on the front page, and pending lawsuits.  The IT person will have updated their resume with newly found security knowledge,  tout actual forensics experience, and demand a 20% raise at the company across the street.

© 2010, David Stelzl

What IT Wants

October 20, 2010 — Leave a comment

What does IT want?  A vacation…  Here are ten other possible answers:

1. Higher pay

2. A better chair

3. A new laptop – probably a MacBook Pro

4. Add to it a new Ipad for personal use

5. Education – on technology, to improve the resume

6. Recognition

7. A promotion

8. Better stuff to oversee

9. Better stuff to oversee with

10. A new job that just is…better.

So why are we spending some much time negotiating prices, selling ROI, or talking about risk and liability?  IT doesn’t really care.