What an awesome week for me and for Red Sky at the RSA
conference! It was a privilege to
be able to speak to some of the smartest people in the business and equally as
flattering when they would see my shirt and say, “You’re with Red Sky? I’ve heard of you guys.” What an easy way to strike up a
conversation and I’m leaving here with a renewed confidence that we are getting
it right when it comes to the challenges we all face with APT and our
adversaries.
If you’ve never been to the RSA conference the best way to
describe it would be a 10,000 square foot shopping mall called the “Expo” shoehorned
between overcrowded classrooms.
A place where almost everyone dooms their inboxes with eternal spam in
exchange for a $20 remote control helicopter – if you’re lucky enough to win
it! No thanks. A place where the line to have your
picture taken with Darth Vader is fifty-feet long and the line to have your
picture taken with the 49’rs cheerleaders is non-existent. And no, I’m not making this up!
And all the while I was walking through the Expo, I kept listening to
the vendor sales pitches and I got to thinking; all this technology being sold
exists for one reason – to prevent or limit the damage to humans caused by
humans. No wonder we can’t secure
our networks. We’re looking in the wrong place! We’re taking devices that are programmed to act rationally
and asking them to protect us from irrational human behavior. Stop me if you've heard this before "Hmm….I think I’ll disable this
anti-virus software because it’s making my streaming video slow!"
There is not a single device, yet, that can predict WHY
someone will act in the manner they do. And until one is programmed to understand the stresses of
losing a job, or a client, greed, or the want to be famous or notorious, the concept of dropping a device in your
network and thinking you’re protected is a losing proposition. I’m not suggesting we don’t need
firewalls, IDS, IPS, and DLP systems but what I am saying is simply this; in all the hype about the next magic
box that will save us from ourselves, the real force multiplier in solving this
problem is often forgotten – people.
Simple right? Let me give
you an example.
At the end of a long day at the conference, I struck up a
conversation with the IT manager of a mortgage clearing house with several
billions, with a “B”, dollars on the balance sheet. After a while, and when he felt comfortable talking, he
shared with me that his network had been targeted, breached, and was most
likely still leaking information.
His purpose for being at the RSA conference was to find a solution, a “magic
box”, to make his troubles go away.
To be fair, not HIS troubles, but his boss’s troubles! No wonder we’re losing the cyber war;
unfortunately, this story is all too common.
Now, I could have sold him on what we do at Red Sky and
gone into my elevator pitch etc. but what he really needed in that moment was
the comfort in knowing that he isn’t alone, a sympathetic ear to listen to his
problem and tell him that there are others in the same place he finds
himself. I told him very simply,
“Take a deep breath. Break the problem down into small pieces. And put your
plan to paper. And act.” I handed
him my card and told him if he ever had any questions to call. Will he, maybe, not sure, but he wasn’t
looking to buy anything and I wasn't selling. He was
looking for someone who would listen and who he could trust. Besides, Red Sky doesn’t sell new
bosses but we can make the smarter!
When I say people are the only way we’re going to solve
this problem, this is exactly what I’m talking about. Sometimes, you have to look beyond the sale by listening to
the problem and offering your advice.
That’s not to say selling isn’t important, but at Red Sky, we believe
people come first. You build trust
through communication, integrity, and genuine care for others. Do this first
and the sales will take care of themselves. How many vendors do this, listen to their customers as
humans with real problems that need to be solved? Many say they do, but think for a minute. How do you build trust through the
persistent and overwhelming noise on the floor of the RSA Expo? Simple answer – you can’t. This is why I can predict with
overwhelming confidence that you’ll never see a Red Sky booth at a trade show!
Which leads me to a few closing thoughts.
The leading principal we at Red Sky live by is first and
foremost, we are a community. When people ask what Red Sky is all about, I
always start by saying, “Red Sky is a community of really smart people with
diverse backgrounds, talents, and expertises, helping one another solve the APT
problem.”
If we all know we can’t solve our problems with a magic
box, isn’t it equally true that we cannot solve our problems on our own? Sure, you can go it alone, but the
point is, you don’t have to.
However, if you do and you solve the APT problem? Well, now that’s a sales pitch I would
pay to hear!
If you’re interested in being part of the community or if
you demand photographic proof that the 49’rs cheerleaders
were being neglected, please feel free to email me directly: rgamache@redskyalliance.org
No comments:
Post a Comment