Archives For security sales training

Hey Everyone, I’m just getting putting the final touches on my WatchGuard keynote for next week’s partner event in Miami…and then on to Ibiza Spain for their EMEA conference!

Also, you’ll want to download my free Cybersecurity Risk Assessment Template – it’t he key to closing with bickering over price!

© 2018, David Stelzl

IMG_9025We All Need To Keep The Learning Process Going

Spending Time With Successful People

How do I keep up?  Well it doesn’t hurt that I interview experts every month.  Last month I had the equivalent of an MBA course in HIPAA, preparing for and speaking with Marc Haskelson of the Compliancy Group.  Over the past several months I’ve had opportunities with former NSA and CIA agents, owners and presidents of highly successful resellers, and some of the highest producers at larger companies like Dell Secureworks, Accuvant, and Check Point Software.

Next month I’ll be hanging out with some million dollar producers in my own business in a 2 day planning and strategy mastermind meeting.  There’s nothing better than learning from your peers when you see them doing something great.

Morning Reading – Krebs, WSJ, Etc.

Another thing I do is read.  I always have a book going.  Right now I am working through an audio book on building your online platform, by Michael Hyatt.  I also read the WSJ CIO section each morning, and subscribe to Krebs on Security.  Here’s a tidbit from this morning’s post I found interesting … How do fraudsters “cash out” stolen credit card data? Increasingly, they are selling in-demand but underpriced products on eBay that they don’t yet own. Once the auction is over, the auction fraudster uses stolen credit card data to buy the merchandise from an e-commerce store and have it shipped to the auction winner. Because the auction winners actually get what they bid on and unwittingly pay the fraudster, very often the only party left to dispute the charge is the legitimate cardholder.”

Conferences Are Great For Networking and Learning

And today, as you read this post, I am headed out to Denver Colorado to attend the Information Marketers Summit with Robert Skrob, President of the Information Marketing Association.  IMA is code for online training programs like the Security Sales Mastery Program on my website.  If you’re in the high tech industry, you can’t afford to work so hard that you don’t have time to read, network, and attend training.  As you start looking at your 2016 two things I recommend doing. First, figure out when you are going on vacation, and block that time out.  Also block out any important days such as your spouses birthday or your anniversary.  Second, figure how what kind of training you need to get and how you’re going to get it.  If you’re not growing, you’re shrinking.

© 2015, David Stelzl

PS. Don’t forget, many of you qualify for free training. I have several sponsors who are willing to put you through the Security Sales Mastery Program – normally $450/seat!  Contact me to find out if you qualify for a seat!

virus blueWhy Urgent Issues On Your Security Assessment Report Don’t Sell The Next Step

Have you ever wondered why the client doesn’t jump on the chance to implement your recommendations when you complete an assessment?

One of the most frustrating things in the security business happens when you complete an assessment. It seems like at least 90% of the assessments I’ve been involved in or read the report from, have several urgent issues. Gartner and I both have stated that 80% of the security budget is spent on keeping people out, but in my book, The House & the Cloud, I make it clear that detection-response is the only strategy that works.  Yet, clients rarely implement the recommendations that come from these reports.  They pay to have them done, listen to your findings, and then move on to other things. Why?

What’s Really Urgent? Hint: It’s Not Old Equipment or Missing Patches

I was meeting with the President of a technology  reseller two weeks ago in a 6-Hats Strategy session, going over the assessement process.  This fall he’s signed up to do at least 15 assessments before year-end, but if they don’t convert to managed services contracts, he won’t be happy.  History shows us that only about 15% will convert to more business unless he changes something.MMS Blog Ad

As we went through the 6 Thinking Hats Brainstorming Session, his list included things like missing patches, open ports, and free or non-existant Anti-Virus software. These all sound urgent, but they’re not! Not unless you can tie these issues to something more concrete. For instance, if you’re assessment comes up with no Anti-Virus software (of course most companies today would have something for AV), but there’s no sign of malware, you’re going to have a hard time convincing the CFO or frugal business-owner to spend more money.  Same thing with outdated software or hardware. If there’s no sign of danger, they probably won’t move to remediate.

Assessment Sales Depend On Impact and Likelihood

If you want to sell the next step, you have to take the next step in the assessment process. This is clearly spelled out on page 194 – 199 in The House & The Cloud, 2nd Edition. The next step is looking for the issues that should exist when a company fails to do the right thing.  Symptoms are enough to get a response. You don’t need the deep dive technical  analysis on what a particular botware application is doing. If they have one, it’s bad even if a marketing company put it there. If the marketing company is able to install bots on a network, the bad guys can do it too. Don’t worry about what the bot is, just find it.

If the systems are missing security patches, look for evidence of tampering, foul play, or unauthorized activity.  Keep asking yourself, “So what” for each issue you find, and tie it to a business problem. Find evidence of that problem, and you’ll have justification.  Don’t just say – your port is open. No one cares.

© 2015, David Stelzl

P.S. If you want to sell larger security deals, click the ad above and see if you qualify for a free seat through one of the many hardware vendors who sponsor this training!

heart“Heartbleed, Just Another Excuse to Sell Me More Products…”

You and every one of your competitors want to jump on the bandwagon and talk about Heartbleed to sell your customers something new.

Just today, a sales rep in my SVLC Insider’s Circle was called out by his client  – accused of selling on the heels of Heartbleed. It seems like a great time to bring up security, but this client has already been hit with so many calls, he’d become sarcastic over it.

What Approach Could you Take That Would Allow You To Break Away From the Competition?

Today in our SVLC Insider’s Circle Web Session, we’ll be covering this. Heartbleed is all over the news, all over the web, and already the topic of every sales call. At some point people get tired of this. But it’s not over. It’s a real issue that needs to be addressed. The question is, can you inject some freshness into this catastrophe and shed new light on it?

We already know SSL needs to be patched and people need to change their certificates. That’s in motion in most companies right now (I hope). In fact, in many organizations, it’s already done.  What’s next?

What is the impact of this news to the business? Where are the holes that no one has thought to patch? Where might there be a need for education and guidance?

Forget about selling for a moment and focus on the assets and asset owners.  I repeat this over and over in my book, The House & the Cloud (Which is close to being complete in it’s second edition!). I love the idea of setting up executive briefings on this sort of thing. Do managers and executives really understand what happened and where a response or education is needed? Could you or your company come out with something unique like this?

The Power of Executive Briefings

First, the executives are probably getting some input from their IT people, but in most cases they don’t consider their own IT to be the expert. This kind of thing takes some initiative, research, overtime effort, and a quick response to make it work – so it may already be too late. But don’t give up! Give it a try. Try answering questions like:

  • What does this really mean in plain English – something managers might be interested in.
  • What happens when the end-users in finance visit their favorite shopping sites, and have not changed their passwords – and get hacked? How easy will it be for cyber-criminals to gain access to that company’s digital assets?
  • What about people using their home systems – with compromised passwords on their favorite Yahoo sites – and then use that same infected computer to access company systems?
  • What about BYOD companies – how will they protect themselves from all the users who don’t change their passwords?
  • What about corporate communications? Any advice as to how your clients should be communicating with their customers who are likely using that company’s online web services?

These are just some of the questions I would want addressed if I were a non-technical manager in a large corporation, handling lots of sensitive information.

Briefings like this are not built to pitch a product, they are services you provide to build credibility, and to position your firm as the adviser. If the briefing is designed correctly, it will raise questions. It will build credibility, and it will position your firm to make some recommendations. It will also allow you to understand more about what that company is doing to sure things up after this major cyber event.

This is just one of the many ideas I worked with my clients on. And given a message, we can now start looking at different ways of getting the message out – the media we use. We’ve worked on interviews, videos, special reports, live briefings. There are endless ways to do this – it all boils down to focusing on the people who really do need some help with this, developing a unique and educational message, and delivering in a media/format that will move them to action.

We’ll be covering more of this today at 4:00 PM ET in our Insider’s Circle. You can join us for a free 30 day trial right here: (CLICK).

Do something new and innovative with this – don’t get caught trying to pitch another product.

© 2014, David Stelzl




lockWhat does the CIO really need to hear?  I’m sure you’ve thought about this question before. Anyone going in to meet with a CIO or other high-level executive has to ask this question – you only get one shot at establishing this relationship.  This was central to yesterday’s workshop session on selling security and reaching for that “Trusted Adviser” status.

Yesterday’s WSJ article, “CIOs in the Boardroom: Don’t Be a ‘One-Note Piano” (by By George L. Davis, Jr. and Chris Patrick) offers some insight into what these execs need and where you might be able to help.  Authors Davis and Patrick are right on from what I can tell – but CIOs can’t easily pull this off alone.  The article calls for CIOs to step up and be strategic when serving as a board member – but this also goes for meeting with board members.  Some of the key sound bites from this article might be helpful if you can’t access it here.

  • First, the title of the article is explained: “We once heard a board chairman call a CIO serving on his board a “one-note piano,” because the CIO repeated his same theme over and over.”  In other words, the CIO can’t be too focused – but rather must offer a board level of expertise or insight.
  • Some of the key subtitles offer insight into the content: Be a translator – leave the techno-babel behind and give clear concrete information; Be inclusive – meaning you’re not  there just to give your opinion, but rather to generate dialogue and gather ideas; Remember your role – a reminder here that the CIO does not sit on the board to make all of the technical decisions; Check your biases at the door – this is clear; Seek Feed Back – everyone in that room likely has valuable experience – draw from it.

Yesterday in our class we discussed the idea that CIOs are plentiful out there – and many are looking for more ways to stay relevant to their organization (in an effort to keep their jobs).  As stated in the above article, operationally focused CIOs are no longer in vogue.  Companies need someone who thinks about the business; marketing, selling, customer experience, business valuation, etc.  While the CIO does oversee the operational side of the house – networks, servers, up-time, etc., it’s not enough to stay in that world.  The board meeting is just one example where they are called to break out of the daily fire drills and be strategic.

On all sides they are going to need advisers to stay on  top.  So who is going to help them?  Who is going to give them the input they need to sound prepared when it comes time to report on the state of the business and where to head from here. When questions about applying new technologies like BYOD and cloud come up, how will the CIO answer?  IT is not going to give them this insight.  Even if they could, the prophet is never welcome in his own town – the CIO is not likely to go to IT for this.

So who?  It could be you…if you’re in sales or the consulting side of the business, selling IT solutions of some kind.  This requires more than a willingness.  It requires some study time, reading up on the trends, staying in tune with business, and taking the opportunity to talk with more business people.  If I could encourage you to do one thing today, it would be to prepare to talk to more business leaders, listen to what they are saying, and remember it.  Become the one person who is getting input from all kinds of business leaders – the portal of information and understanding that sits between all of the business leaders you work with.  People often ask me how I stay up on all of the trends, especially security – the answer is simple.  It’s actually easier for me than most because I am talking to sales and consulting professionals every day, and meeting with CIOS and CISOs on a regular basis through the educational events I do – and by getting input from all sides on a daily basis, I learn more than just about anyone.

© 2013, David Stelzl



photoLast week, after a great meeting with business leaders at the Protected Trust headquarters in Winter Haven, FL, I had the pleasure of working with the sales team on security concepts and how best to introduce complex technology to a business leader.

This was funny – make sure you visit my blog page to view the picture on this post.  It might be hard to see, but this is a graph assembled by the marketing team with my face on it… over the past several weeks the sales team held a contest to see how many people would attend their educational event.  For each set of attendees, the rep would get a card with my face on – a STELZL…I thought it was hilarious.

If you have never tried the Protected Trust email security applications – it’s just one of the great tools these guys have put together to make sure your data is secure.  I’ve used this on numerous email exchanges, as well as to transmit large files, too big for my email service.  Follow the link and check it out.

This week I am headed to the mountains with my 13 year old son – we’re going to hit several high-peaks in the Adirondacks, starting Sunday night the 1st – so by the time you are reading this, we should be far enough into the wilderness to be completely out of range of all technology communication other than the SAT. phone we carry in case of an emergency (I’m hoping we won’t even turn the thing on.)  Hopefully I’ll come back with some great pictures before heading up to some meetings in Chicago the following week – which should bring me to a total of 100,000 airline miles in 2013!

© 2013, David Stelzl


Making Money w/ Security

I’ve just scheduled our next Making Money w/ Security workshop…if you’ve not been to this workshop, I highly recommend checking it out.

This is by far my most popular training class, and it’s all online for those who don’t have time to travel, or don’t have enough sale people in one location to host a live workshop.  It doesn’t matter if you call on SMB or enterprise, those who have attended this workshop have told me, “It works!”

This is not generic training like you would find with a Sandlers or other common sales training program – it’s high-tech, network and system security specific, led by someone who has sold security solutions and develop security practice areas.

Wall Street Journal reported a few weeks ago that Cyber Security is one of the most highly sought after skills in our nation.  Learn how to sell larger security projects that involve security strategy, assessment of risk, remediation, and ongoing managed security solutions.  I’ll show you where to look, who to talk to, what to say, how to price, and how to close.  It’s 3 days, 2 hrs each day – right at your desk.

You’ll receive a soft copy workbook, login instructions, and access to this live workshop.  It’s not recorded, and it’s not a trainer.  I conduct these sessions live, answer all of your questions directly, and provide one hour of 1-1 coaching after the session to help you apply these concepts to your personal business.  Join me on May 13th, 2013, and I’ll help you make this a great year.

Here’s the link with more information and a place to sign up: (LINK)

© 2013, David Stelzl