Archives For security products

Cyber criminals are winning!  This should be no surprise, but here it is again in the headlines – straight from the RSA conference…companies are losing the war and admitting it.

  • Huffington Post – Straight from RSA 2012:  “Some 70 percent of employees in one survey cited admitted to subverting corporate rules in order to use social networks or smartphones or get access to other resources, making security that much harder.”
  • RSA was hacked last year shortly after the RSA 2011 conference using a simple “email with a poisoned attachment – which had been opened by an employee.” – this in turn gave hackers, “access to the corporate network and they emerged with information about how RSA calculates the numbers displayed on SecurID tokens, which was in turn used in an attack on Lockheed Martin that the defense contractor said it foiled.”
  • Speakers at RSA called 2011 “the worst year for corporate security in history”  pointing to “the rise of activist hacks by Anonymous, numerous breaches at Sony Corp, and attacks on Nasdaq software used by corporate boards”
  • Most importantly – they all agree, “there is more to come.”

While all of this is bad for anyone running a company that relies on securing information to keep going (and that would be all of us), it also represents a huge opportunity like any major unsolvable problem does.  Just like doctors and pharmaceutical companies working on heart disease, diabetes, cancer, and other major health issues that plague our world, security professionals will profit from this as they rise to the occasion.  I am amazed to see companies missing this opportunity after such a long track record of growth.  It’s not over – not even close.  If you are not in this business, it’s time to join the war against cybercrime.  Your clients need it, and they are willing to pay.

Now, you might think I am wrong on that last comment.  I just got off the phone with a VAR owner yesterday who questioned if his clients are really willing to pay.  It has everything to do with your approach…people don’t see it, so they don’t believe it.

I have a client in the Northwest setting up his first executive-facing marketing event.  After just a few days of advertising we have 18 business owners signed up (all asset owners – qualified buyers, and new prospects)!  We haven’t even made calls yet – this is just the response to the marketing letter we mailed last week!  The point is, we designed our marketing campaign correctly – this is not a product driven event, although it is absolutely sponsored by the product manufacturers.  (That’s right – we did get JMF for this even though everyone keeps saying there is no money available for this type of event).

Working with another client on the east coast yesterday, we just completed our first webinar event. Again, the event was designed from the start to appeal to the asset owner.  We had a strong call to action, and 90% of our attendees signed up to have their security assessed!  This was just a webinar – it cost my client almost nothing to do it, other than time and some upfront education to do it right.  His team attended the Making Money with Security event and applied the principles…not a bad return.

2012 looks like a strong year to me – for those focused on the right technologies.  Join the war – it’s time.

© 2012, David Stelzl


Yesterday we completed our first day of Making Money w/ Security – an online security sales course I provide through webex.  As security trends evolve, one area has become particularly interesting to me – that of social media and how it can be used as a vehicle for social engineering.  After class one attendee passed on an article from the WSJ, Spam Finds a New Target…here are some important points from the Wall Street Journal’s write up…

  • Facebook blocks over 200 million malicious actions every day!
  • In August 2011, over 92% of email messages were spam messages, in Nov, over 70%.  These numbers fluctuate month to month, but they are always high.
  • Twitter and Facebook are the new targets – people are on to the email problems, but social media is wide open as people accept friend requests from unknowns.  In fact, in another recent article, WSJ reported on a study showing the number of men who gave out sensitive information, including passwords, to a white hat hacker posing as a 25 year old woman using social media!  Incredible, but believable.

As I speak to executives around the world at Lunch & Learns and other customer facing events, I am hearing the need to leverage social media as a means of marketing and branding.  I agree, this is a tool that can accelerate any company’s business when used correctly.  But this also opens the door for users, who are completely unaware of the security risks, to invite predictors to install code on their machines.  The same machines that will later access the company’s most sensitive data.  If you are not attending Making Money w/ Security this week, stay tuned – we’ll be scheduling more later this year.

© 2012, David Stelzl

Here’s  a great question on Getting Your Message Out – becoming an Adviser, from this week’s Making Money with Security workshop (Virtual).


You gave some excellent information on what to say and do when you are in front of the executives/asset owner…when communicating by email and by other electronic means…

You mentioned that sound bites alone are ineffective and how you throw most of your marketing mail away. I agree with both of these statements, so with that said, do you have any suggestions for what I can do to increase our chances of getting our marketing messages heard/read?


Content is the key.  When your goal is to sell, people feel sold.  When your goal is to educate, people feel helped.  The key is in finding things that are helpful to the buyer – the asset owner.  Most asset owners are not technologists, so educating them on products, or anything technical, sounds like an opportunity for demotion.  Expect to be delegated back down to IT.

Sound bites, or statistical data may be somewhat interesting, however it must be presented from a source they care about.  If the Wall Street Journal publishes it in their daily paper, chances are it appeals to business people.  However, statistics, as we stated in class, lead to judgmental thinking, not emotional buying.  So while, sound bites do build credibility, don’t expect them to lead to a sale.  Use them as attention grabbers only.

In my book, The House & the Cloud, I talk about “Idea Emails”.  These are ideas that I present to prospects to create knowledge gaps.  “I have some ideas I’d like to share with you on how to make sure your employees are not stealing company secrets”.  Idea emails are one example of creating curiosity through a knowledge gap that potentially helps a client/prospect with something they would care about.  Other messaging might be “How to” posts on your blog – how to educate the organization on safe data handling or presenting “Seven things your employees need to know before traveling with company laptops”.  This type of education can be written to appeal to asset owners in a non-technical, business format.

In summary, create content, use knowledge gaps to generate interest, and then educate with your content.  This education should lead to action using services your firm provides.  As an example, my wife was reading a document on the harmful effects of amalgam fillings (dental).  The document began describing all kinds of symptoms people complain of every day.  The article went on to explain the importance of removing these fillings using a special process that prevents serious side effects including possible fatality from poisoning.  The doctor writing included several case studies showing how patients had been improperly diagnosed and treated for major diseases including MS.  He described the procedure for removal and then recommended using other synthetic metal-free materials.  Of course, both my wife and I had the metal removed from our mouths.  While we did not use the doctor who wrote the article, we would have, had he been local and had he called on us.

© 2010, David Stelzl