- 1 Business Security Weekly #73
- 2 Interview: Dawn-Marie Hutchinson, Optiv
- 3 Article Discussion on Leadership, Communication, and Innovation
- 3.1 Security concerns pushing IT to channel services - research
- 3.2 The golden ticket to higher paying jobs: Hard skills plus social skills
- 3.3 What Really Drives Sales Growth and Repeat Business?
- 3.4 Is the problem incompetence or lack of training?
- 3.5 Best Practices Are Dead
- 3.6 BONUS - this is horrible advice
- 4 Startup & Security News You Need to Know
Business Security Weekly #73
Recorded February 2, 2018 at G-Unit Studios in Rhode Island!
- InfoSec World is March 19-21st of 2018. It is at Lake Buena Vista, Florida. Security Weekly subscribers can save 15% off the InfoSec World 2018 Main Conference or World Pass with the code OS18-SW! You can catch talks from Adrian Sanabria, Diana Kelley and Ed Moyle, Jennifer Minella, Joseph Zacharias, Mark Arnold, Matias Madou, and Summer Fowler.
- HackWest 1.0 “The Wild Bunch” is scheduled for March 21st through 23rd in lovely Salt Lake City. It includes training opportunities with Tim Tomes, FuzzyNop, and Jordan & Kent from Black Hills Information Security. You'll find a wireless hacking village, a voting machine hacking village, a mobile device hacking village. And keynotes from Dawn-Marie Hutchison and Eve Galparin. Go to hackwest.org to register and our audience gets a 25% discount with the code SWHW2018
Interview: Dawn-Marie Hutchinson, Optiv
Dawn-Marie Hutchinson brings 15 years of enterprise information technology experience to her role as an as executive director, executive advisory at Optiv. She is an innovative business partner with extensive experience serving on Enterprise Risk Management teams. Hutchinson is an expert in providing data privacy and security solutions to manage information risk, improve IT governance and strengthen internal controls. Hutchinson’s extensive experience in information security and privacy program development has served the healthcare, insurance, retail and higher education sectors.
Article Discussion on Leadership, Communication, and Innovation
Special thanks Nigel for sharing his mind map of Never Split the Difference!
Security concerns pushing IT to channel services - research
- “60 percent of CIOs/CTOs and 49 percent of procurement say security is one of their top three biggest challenges. A third of CIOs/CTOs and a quarter of procurement rank it as number one.”
- This is driving the push to “the cloud”
- Also important: supply chain optimization, connected workforces, cloud and data center transformation, and digital innovation
- How many of those are on your radar?
- Right technical skills + social skills = premium offers
- Social skills means understanding other people and understanding where you fit in
- You can always develop your social skills
What Really Drives Sales Growth and Repeat Business?
- “Content builds relationships, relationships build trust, and trust equals sales.”
- This applies to our entire industry and community — especially if you are an enterprise team
- What content are you creating (and is it any good)?
- How are you building trust?
- What, then, is the overall experience of working with you?
Is the problem incompetence or lack of training?
- Every industry, every organization claims a “talent gap” and then pretends it’s true (and unique)
- I LOVE THIS PASSAGE: “(Let’s put it another way: If your company’s work requires only skills that people should already have, those skills aren’t unique and differentiated, and it’s unlikely your company is, either. If those people have the right skills, they probably have a job already, so why leave that for you?)”
- What does your training and development program look like? Note: training and development are distinct roles
- More than the specifics, what about your mindset? I always loved “What if we train them and they leave? With the reply, ‘What if you don’t, and they stay?”
- More than the technical skills, this is the real challenge of security
Best Practices Are Dead
- The idea of a ‘best practice’ is to capture an effective approach to enable desired outcomes
- Despite the claims, we’ve never had ‘best practices’ in Security (I prefer to call them standard practices, if I call them anything at all)
- Technologies and standards are rapidly changing
- Is the answer — Imagination + Experience = Innovation?
- Start by asking more — and better — questions (and learning how to get the right answers)
BONUS - this is horrible advice
- The opening advice is solid… focusing on problems and solutions
- Then they move to discredit …. Please don’t do this
- Differentiate is a misunderstood approach to a proper Value Proposition
- Instead, focus on a real value proposition - a promise to solve their problem in a way that adds value… in consideration of the impact
- And skip the games…
Startup & Security News You Need to Know
APERIO Systems raised $4.5M in a Seed Round
- “APERIO Systems develops and provides industrial critical control systems to detect artificial manipulations of process data.”
Proofpoint acquired Wombat Security for $225M
- Wombat raised $10.9M over a series of equity investments since 2013 (with estimated revenue of $13.4M)
- Interesting since Barracuda just picked up Phishline — for security awareness
J2 Global acquired VIPRE Security for Undisclosed
- Security is steadily proving to be the differentiator for a lot of companies
LogMeIn acquired Jive Communications for “up to” $357M
- The push to consolidate and improve the enterprise collaboration market continues
- Security is increasingly becoming important here - both for enterprises to consider, and for acquisitions
Owl raised $18M in a Seed round
- Interesting - draws power from the OBD port