Friday, July 26, 2013

Enlightenment, Dirtbags, and Scumbags

An old friend used to tell me that in the landscape of failed entrepreneurial CEOs (he was really active during the boom), there are two kinds of failed CEOs --dirtbags and scumbags.


  • Dirtbags are failed CEOs who simply don't know that they've done wrong. They spend money without a plan, had no real roadmap, and basically (ahem) urinate the money away.
  • Scumbags are failed CEOs who know the end is coming, yet they continue to spend investor or stockholder equity right up to the end. They willfully spend money, knowing full well they'll never return profits. Scumbags could have returned angel or VC funding, but chose to spend until there's nothing left. 


In the last two years of Red Sky Alliance, this message rings through my head on nearly a daily basis -- not because I don't want to ever be looked at as either a dirtbag or scumbag, but because many of the CIOs and CISOs that I talk with on a regular basis could also fall into one of these categories.

Many, many, of the IT workers I talk to on a regular basis lean forward, do their best work, know how to persuade leadership for needed budget and are actually very effective in doing what they do. Others however either have their heads in the sand, or simply have no clue. They lack the ability to operate at the executive level, can't persuade, hide truths, or, as we used to say in the Navy --they're on the ROAD program --Retired On Active Duty.

.. a real downer huh?

Here's a good story: In the last week, we signed up a new member, presented to another who will likely become a new member, and, while on vacation next week, I've got three more membership presentations. The company I spoke with last night indicated they not only wanted the membership for their global SOC, but have their own informal network of companies they talk to that they want to introduce to Red Sky as well. We love being introduced to other companies by our members. In fact, that's probably one of the biggest drivers of membership growth for us! We like that!  I call these guys 'Enlightened'. They know when to ask for help... and they come to a strong membership in Red Sky to help them along. One of these companies was starting from a clean slate, building their SOC. They've got a new CISO, new team, hired a dozen and a half new folks in the last three weeks. To them I say Bravo Zulu (Navy for GREAT JOB)!

At the same time, I had two other conversations with executives from two other companies --neither of which do I expect to become Red Sky members. In both cases, their senior leadership has had incident responders onsite, and in both cases, asked them to leave. In both cases, the companies have struggled with cyber problems. One (apparently) clearly APT; one probably not. In neither case were the breaches reflected in their 10K. We looked. One of our Red Sky guys is a professional IT Auditor. The 10K was the first place he looked.

Two companies.. one public one private, building their team, looking for ways to gain strong situational awareness. The public company taking steps to protect their stockholders from intellectual property losses. The private company building equity, creating jobs, taking care of the local economy... they've become enlightened.

Two other companies.. both public.. neither reporting cyber issues in their 10Ks, hiding the breaches, executive management onboard the whole way. IT folks know there's a major issue; both spending money on incident response and/or spinning their wheels chasing attackers or simply hiding their heads in the sand. Dirtbags or scumbags? You tell me.

BT BT

From a profile perspective, our membership, while mostly larger enterprise companies (100K+ computers per company) brought in a company this week with 250 employees, but a significant player in the Internet infrastructure space. This makes me happy on a couple of fronts --we're growing, but also attracting companies that are not only large, but have something to offer the other members. These guys are small, smart, and growing. I'm going to have to quit telling people we do large enterprise!


  • This week, after announcing our intent to service only IT workers in the federal government, we received several requests for information from ISSOs around the government. The response has been quite strong. 
  • Our first healthcare gig was apparently a success. We received great feedback from the client at a social last night. We're told they've decided to move forward with our Wapack's Cyber Security Operations Center Monitoring (Wapack cSOC) service. 
  • Last, but certainly not least, we released two new reports in the portal this week.. one detailing a 0-day, and one priority intelligence report focused on forward-thinking analysis. 


Checking out. Back in two weeks. I'll give you a break from reading my rants next week.

Looking forward, I'm not going to be at Blackat, although we're sending Alison Choquette. She's a spitfire. You'll have a hard time missing her!

I'll see some of you in NYC on August 6th and then off to Iceland for the Nordic Security Conference at the end of the month!

Jeff