Archives For selling security

HC MP3 CoverPeople have been asking for Years – Finally, We Have The Audio Version… The House & The Cloud…

The only book written specifically to technology providers on how to sell security…


***** NO TIME TO READ THE POST?  …. “Just point me to the Audio Book…”


In 2007, after traveling around the world (more than once) doing Security Sales Mastery Training Classes – Live, I wrote the book.  Actually, I wrote it on the plane.  Flying over 150,000 miles some years, I had lots of time, and writing the book was my dream…

I first got the bug to write a book in 6th grade – Mr. Haar, my teacher assigned us the task of writing a book over the course of  the year. We watched a film (8mm) on the process – the example, an old man going to the sea to study crabs and other shell fish… pretty boring….

My first book featured a family lost at sea on their 25ft cabin cruiser…

I think I made it to page 25, lots of edits, and then just got tired of the whole thing.  Years later, I met a guy who’d written two books.  When I met him, I thought to myself, this guy doesn’t look that smart, how ‘d he write two books?…then he said it, “I know what you’re thinking, I don’t look smart enough to write a book…” Guess he’s heard that before…

Well, he showed me how…and it wasn’t all that hard once I understood the process.  Of course Amazon (Create Space) has taken a lot of the labor and cost out of it…

Fast forward 7 Years – The Second Edition

If you’ve seen the old green cover book, or have the digital version (which is version one)…toss it… Seven years after writing my first book, I’d learned a lot, not just about selling security, but about what a book should look like, feel like, read like…and I rewrote the book. It’s a complete rewrite.

However, I also know you don’t have time to read…(Although everyone should be reading a book a month)…enter, the Audio Book!

I love audio books! I listen in the car, on the plane, and when there’s just too much noise in the car traveling with the family…

Get more info here – and finally get through the book you’ve wanted to read but just don’t have time to read…

© 2018, David Stelzl


In Dallas This Week Speaking at The 20 Conference…

…with over 200 attendees, all looking for one thing – growth!

What’s the number one factor? Not enough leads…I hear it everywhere I go….coaching calls, training classes, live events…

But as Tim said this morning, there’s more to it.

If you had dozens of leads this month, could your company deliver?

Do you have enough people, infrastructure, process?

What about conversion?

If I gave you 20 leads tomorrow, how many do you think you’d actually close – if there were competitors involved? What makes you better (or unique)?

These are the questions we’re addressing this week…I’ll be on stage tomorrow showing how security sets companies apart when they really get it – and how to take people from thinking, “We’re covered” or “We have an IT guy”, to ready-to-assess…

© 2018, David Stelzl

PS. Does your risk assessment close business? Check out my HIGH-CONVERSION RISK ASSESSMENT TEMPLATE… (Click).

business-mtgGetting Executive Buy-In Is Critical

If You Expect Your Clients to Take Action on Assessment Findings

Only about 15% of the risk assessments, from audience poles I conducted, are being acted on! Yet, over 95% of them show urgent issues, according to security experts I am in touch with.  There’s a major disconnect.$1 HC Book Ad

The Right Language Matters

One key reason I’ve observed, is the language being used to write the assessment reports. Not only are the reports too long to attract executive readers. Even if they did want to wade through the 50 page document, it would be like you or I wading through a technical journal to find out what to do about cancer risks. Chances are we would comprehend about 5% of it, giving up after the first few pages.

If you’ve worked in a large corporation, you know there’s a disconnect between IT and executive management. Don’t expect everyone to sit down to review your paper. In the small business the security expert doesn’t exist, and the small business owner is already running at top speed, trying to grow the business, manage cash flow, and build customer experience before their competition does. They don’t have time to sift through mounds of jargon.

Grabbing Their Attention Early

But the other issue is one of desire and priority. Does the business owner or executive see your report as urgent – must read now? If you have not involved them in the findings, chances are they don’t see it as urgent. If they have an IT group, they’ll delegate it. If they don’t it will sit on their desk (especially if you waved your fee – a common practice in the small business market).

All of this changes when you start your assessment at the Asset Owner level. (See my book, The House & the Cloud, Page 195).  Starting with those who have liability, with the goal of discovering their most important data as it relates to their business growth and profitability, is the best way to get them interested before you complete the assessment.

Find out what digital assets are most important to protect and why. Then look at who would want them. And based on how things are set up and who creates and uses this data, discover how unauthorized users might gain access. When you’re done, tie your findings to business issues. Leave out the technical jargon. And bring your report to the that executive with a short presentation on what it means to their business.

If your conversion rates on this process don’t go up to about 60% something is wrong. Consider reading through chapter 13 of The House & the Cloud – 2nd Edition, for ideas on how to convince your audience that this is important.

© 2016, David Stelzl

socWant to Sell More Managed Services?

Being the Low Cost Provider Never Works…

But don’t be the middle priced offering either. There’s absolutely no benefit…

Your only option is to move upstream. Kmart, Walmart, Target…they’ve all worked hard to be the low cost provider. And how is that working out? Well, Kmart is closing dozens of stores before year-end. Walmart has been sweating over Amazon, their chief competitor, for the past 12 months. Month after month, these big box companies are fighting over pennies.  Amazon’s model is the only one that makes sense. It’s membership driven, offering music, storage, and instant purchase options, and a growing level of subscription oriented, monthly recurring revenue.

But in the reseller technology business you can’t win on price. Keep lowering you per workstation price and you’ll soon have margins that are so thin, you’ll have to let your best people go.  Don’t do it. (You can find more strategies on this in my book, The House & The Cloud!).$1 HC Book Ad

Instead, start asking, “How can I upgrade to a premium level of service?” Take this one step further and ask, “Where is my niche market?”

Security Offers a Compelling Premium Service

You probably already offer firewall management. But as firewall companies like Check Point and Fortinet add advanced services such as threat emulation, sandboxing, and SIEM like technology, there’s an up-sell opportunity to provide the 7 by 24 monitoring aspect. Something your clients just cannot afford to do internally.

Don’t have your own SOC (Security Operations Center), or the team to do this overnight? You can outsource it through channel-only security providers like Foresite. For a small fee, they’ll take over the management, offering different levels of service depending on the size and need of your client.

Don’t Give it Away

Don’t give this away. It’s your added value to the MSP program – something not many service providers are offering right now.  Over time, begin adding security expertise to your team, and add some high-end security services to your offering. For instance, you might add virtual CISO services or take over the reporting and interface needed for auditors policing compliance regulations such as PCI and HIPAA.

One client I work with offers GLBA management to regional banks, leveraging new laws that require there be a compliance officer, independent of the IT department. How many small banks can afford to hire someone qualified to fill such a role? Not many. But a third-party provider is permitted and makes for a great add-on service offering.

If you’re getting beat on commodity pricing, start thinking about security services and how to add that premium level. If you just raise your prices, you’re likely to be out there with Kmart, closing down offices. If you only have one office, it might be a short ride to the end.

© 2016, David Stelzl

The New Data Center

The New Data Center

IT Spending Is Shrinking – The Cloud Is Growing

If you happen to be selling hardware to Amazon or Google, you’re probably in good shape. Especially if you sell storage. Cloud storage requirements are growing. IT spending isn’t.

Steve Norton, contributor for the Wall Street Journal published some figures last week from Gartner and others that should serve as a wake up call to you if you are a technology reseller – especially if you are selling to the small or mid-sized businesses.

Here’s What Gartner Predicts:

“Global IT spending will shrink 1.3% to $3.66 trillion in 2015 amid a strong U.S. dollar, slowing PC sales and a continued switch to software-as-a-service, research firm Gartner Inc.IT -0.72% said in its latest quarterly forecast.” They were calling for 2.4% growth. New predictions are negative. 1.3% might not sound like a big deal, but you can multiply that for small companies looking to cut costs. They’re likely to move to cloud services first. Forrester was calling for 80% of these companies to be in the cloud within 5 years, but the time is shorter now. In other words, expect it to be far less than 5 years.

Also from Gartner: “Microsoft killed the XP licenses, but people are still running XP,” Gartner analyst John Lovelock told CIO Journal. “PCs are plummeting, but there is still a desire to get some of that new functionality.” In other words, people are going to keep their old computers and run their apps from the cloud – Microsoft 365, Google Apps, etc.

Steve Norton’s Comments:

“Gartner noted a substantial reduction in their forecast for office suite spending, reflecting an uptick in adoption of cloud services like Microsoft Corp.’s Office 365”, says Steve Norton.

He also notes that “IT services spending is forecasted to shrink…this year, with the largest drop seen in implementation services.” Expect it to drop more than you think. With Microsoft moving more to the cloud, your support services will be in less demand.  Less infrastructure also means less installation. The smaller the business, the less likely it is that they’ll be adding servers or disk.

What About Managed Services?

This is clearly becoming a price war. Managed services is a commodity business right now, and it will get worse.  Many of the resellers I am working with tell me their prospects just want to know how much they charge per device. That’s a bad sign!  They are also being undercut with low prices from both very large providers and the guy who works out of his garage.

Security is Still In Play

The good news is, there’s still a strong market for technology. Amazon will certainly cash in on cloud services. Apple is killing it with the iPhone. But you can grow too if you’re selling something clients really need. Security demand will continue to grow. The more companies more to mobile devices and cloud apps, the less secure they’ll be. There’s also an opportunity to move upstream with compliance and assessment offerings. Firewall management is not what I’m talking about.

Consider services like hosting policy, ongoing assessments, event correlation services, and monitoring for breaches. The small business can’t afford the technology required to detect a breach, and they most certainly can’t staff a team of responders. Virtual CISO services are another great offering. People need help with their security strategy as they move toward digitization. The CISO function will become more important for smaller companies, yet still unaffordable.

© 2015, David Stelzl

P.S. Find out how to sell into the security market…. (Read More)

DemandGenLogoIf You Want to be Relevant In Your Technology Sales Role

There are 7 Things You should be Focused On

Security is more a people problem than it is a technical one. Many of the losses you read about could be prevented if people better understood how security works, and how data is compromised. In each of these concerns you will see a technical issue. But underlying most are mindset problems. Mindsets that could be changed with some education. Stop talking product, and start talking like this when meeting with prospects.

  1. Malware Advancements. The bot, or robotic malware, is the most common tool used to compromise computers today. Most people are thinking about viruses, but bots are not viruses. They install on your computers when you download infected emails or files, or visit an infected website. Just about every company has bots. Most don’t realize how dangerous they are or how to detect and remove them. The problem is, because they are so common, even technical people treat them as “normal”. Brian Krebs just put a great book called SPAM NATION, The Insider Story of Organized Crime – From Global Epidemic to Your Front Door. I’m just into the second chapter, but I can already tell this is going to be spot on. If you want up to date, relevant stuff to talk about with your clients, get this book and study it.

Spam Nation, Brian Krebs << Get it on Amazon.

  1. Trends in Mobility and BYOD (Bring Your Own Device). BYOD initiatives are going on in companies all over the world right now. Since almost every aspect of life involves technology, drawing a hard line between work and personal is becoming impossible. And no one is going to carry two laptops or two phones for long. This will become more and more pervasive over the next few years as generation C evolves. The destructive mindset here is thinking that computing on one device or in one location is just as safe as any location. And so your employees are likely to store and transmit your company’s secrets just about anywhere and on any device. They’re assumption is, security technology has me covered. They’re wrong.

Blog Subscribe Ad

  1. Misuse of Social Media. The use of social media at work has been an Achilles heal for office managers for several years now. It’s a time waster. But wasting time is of little concern when compared to the mindset social media has created. Remember when people were afraid to purchase something online? Or when it was scary to write something about yourself or post a family photo? That’s gone. People send naked pictures of themselves across the Internet everyday. If they’re willing to do that, what will they do with your data? In a recent WSJ article, one financial firm reported that 75% of the men in their company gave up highly sensitive information to a woman on Facebook. But get this, 13% of them gave away company passwords. You might have guessed, but this was a 40-year-old male, white hat hacker, posing as a woman to test the integrity of the office workers in that firm. How can companies like yours protect against this type of irresponsible behavior? 
  1. Misunderstanding Compliance. Compliance is not security. Lawmakers would like to think that HIPAA or GLBA compliance are going to keep healthcare and financial data safe. But the truth is, compliant companies get hacked all the time. Compliance rules are set up to move a company toward security, but in no way are they actually addressing the problem. The problem with compliance, according to McConnell is, “Once a company passes the compliance audit, they stop working on security.” Compliance is the law, but in my opinion it’s too often just a distraction from true security.
  1. Internal Threats. Cybercriminals, spies, and hacktivists are real. But in just about every major data breach, there’s an internal component. In some cases it’s operator error. In other cases it’s a bribe to cooperate with an outsider. The perimeter security mindset assumes that the threat is always outside, yet a recent WSJ report tells us that 75% of employees admit they steal data. When employees don’t get promoted, do get laid off, or move on to a better opportunity, you can assume they’ll be taking data with them. But it’s also true that a hacker can easily pay off one of your employees, giving them 3 to 5 times what they make in salary to cooperate in a data heist.
  1. Nation-State & Advanced Persistent Threats. You’ve probably seen the term, “Advanced Persistent Threat,” or APT. What is this? The APT are groups of people that want in – they are a “who”, not a “what”. Google “Stuxnet” (a highly sophisticated attack targeting the Iranian nuclear uranium enrichment program,) and you’ll start to get a glimpse of the control the hacker has over us. Or consider cyberwarfare attacks that have taken down power grids – they’re seemingly unstoppable. The APT is bigger than malware. These groups are sophisticated, well sponsored, and determined to get something they specifically want. In other words, they are “Persistent.” If they can’t get what they want one way, they’ll simply find another entry point—likely through an unsuspecting employee or third party supplier. If they have to, they’ll pay off an internal employee to get the access they need. 
  1. Cyberterrorism. Finally there is the threat of war or cyberterrorism. While many of these things may not directly impact the small business owner or entrepreneur, they are real. In a worst-case scenario, hacker groups are capable of taking down power grids and other critical infrastructure you rely on to carry on business. There’s not much you can do here to protect yourself. The best thing is to just be aware of it and at some level be prepared for disaster.

In a recent interview with Matt Keane of RiskIQ, we discussed the relevance of security going forward. Over the next 5 years expect your hardware sales to drop off. If you want to grow your business you either need to move into AppDev – with a focus on customer acquisition, customer experience, and customer retention, or you need to focus on security. If you sell infrastructure today, security will be the easiest direction to head. This is what everyone out there needs – the opportunity is big. The challenge is learning how to get to the right people, and how to deliver the right message. When you get there, budget will be available.

Learn more about selling security – check out my newly released Security Sales Mastery Program…

Master the Security Sale  <<< Click to Learn More!


© 2014, David Stelzl

IoT Brings Danger – And The Executives Around You Don’t Understand!

Do You Sell Technology? What About Security?

If your company sells technology, and specifically security technology, your firm has an important job to do.  It’s frustrating when marketing efforts seem fruitless or when prospects seem to have no real needs. Or when executives refuse to meet with you, insisting that your meet with IT Administrators.  But the truth is, they all have an urgent need. And your technology firm could be helping them.

The Internet of Things (IoT) is a game changer. I’ve posted the TED video above because it speaks to the future when just about everything is online. Even the chair sitting next to the speaker.  The IoT can mean a lot of things. It offer all kinds of efficiencies, like resetting your A/C while away on a trip, to using your smartphone to control your home security system, or maybe a deer cam deep in the woods.  But there’s a problem no one’s really addressing.  It’s a big opportunity if you’re ready for it.

So Where’s The Big Opportunity?

It’s the threat that stands behind the chair in the TED video. Target was attacked through an HVAC connection.  But an article posted in the Wall Street Journal today sheds light on a much bigger issue. Critical Infrastructure Devices on the Internet.  Stuff that’s connected that no one is really thinking about.

The U.S. tops the list of connected critical infrastructure.  Rachael King, one of the WSJ writers I follow daily, writes, “control systems used in utilities, health care facilities and transportation systems are connected…to the Internet…In many cases, the operating companies are not even aware…” That last sentence is the key. The people running the companies you call on have no idea what’s connected and how that exposes them. In fact, Rachael goes on to point out that “Most of the systems that are exposed seem to be accidental…and the result of poorly configured network infrastructure.” In other words, no one really knows until a thorough investigation takes place.  IT is making mistakes, and no one really knows until it’s too late.

This is a topic for your next Live Event Demand Generation Program!

Next week I’ll be speaking about these things in Cincinnati, Ohio.  It’s an educational event with a big opportunity on the other side.  My goal is to get business leaders thinking about this. No one has it covered. The question is, can we convince them to take a closer look?  If we can, there’s an opportunity, because 95% of the time we will find evidence of data exposure or critical devices or data accessible from outside the firewall.

One of my coaching clients recently took a job with RiskIQ.  This is cool technology.  The idea is to profile the attacker. To take a look at a company’s assets from outside the firewall. Using some pretty sophisticated scanning technology, this company will scour the Internet to find data that belongs to a given company. That data might be unstructured date on a Sharepoint server, or it might be stolen data being sold in a chat room.  In most cases they’ll find something that isn’t supposed to be outside the firewall. And when they do, it’s a surprise to the CIO. But it’s also an opportunity – a project opportunity.

While you don’t have to use RiskIQ, these types of issues demand something more than simply scanning the perimeter for open ports.  In my book, From Vendor to Advisor (pg. 139), I describe an executive approach to discovery. The security message demands a executive audience. It requires involvement from the people who are liable when a breach occurs.  Preparing to deliver this message might be the key to your future value proposition – the thing that sets you apart from the average reseller.

© 2014, David Stelzl

P.S. Looking to Make Quota This Year?  Make sure you have a copy of my security sales book, The House & the Cloud… Get  the free ebook version (CLICK HERE TO GET IT).