This is the first paragraph in our newly drafted writers manual and style guide, and in one paragraph it tells the story I've been screaming from the rooftops for five years.
This week I had lunch with a really smart, highly qualified security sales professional (I
I showed him ours --pictures of bad guys who target banks, defense supply chain
companies, oil and gas, SWIFT. I showed him technical analysis of malware submitted from a defense company, but reported out in a way that's useful to many; and I showed him geopolitical stories of election tampering with real lessons learned (written because we had customers who operate in the area!); and I showed him how we distill that information into finished intelligence; the story, the motivation in many cases, the targeting, and the tools --broken down into actionable indicators, snort and yara rules.
[PG13] I joke about a measure of success; it's that point where I'm telling a story; when I realize the guy I'm talking to has only one hand visible above the table. You know that look? This guy ate his lunch one handed! [/PG13]
He commented throughout lunch that THIS is what EVERY CISO should be reading --especially if they need to brief the CEO or the board. At nearly every turn, he commented on the idea that he could sell the sh*t out of this, because we showed pictures, and stories, and motivations, and also, like everyone else, indicators of compromise. The difference? Ours had meaning.
We'll see if we hire this guy. He's expensive and we're a cash flow company, but he clearly got it. The value proposition was dead on for this lunch; and if he works for someone else? He'll be thinking about me ;) (Does anyone else hear an Alanis Morissette song playing in the background?)
In all seriousness, this is what we do...
We produce finished intelligence reports that offer readers insight, meaning, and context that mere data, “feeds,” or news cannot; Intelligence reports that help people understand the complex issues that they face and explain why those issues may impact them.
When we get the opportunity to tell our story to a techie, a CISO, CIO, or a board member, they get it. It takes very little convincing for them to understand why we're different.
We're heading into the end of the year, and we're talking with folks who want and need more than just data --every CISO needs intelligence; not just a list of IPs or domains --that's data. You need to know how and why things are happening and then how to protect against it.
Want to hear our story? Drop me a line. Let's schedule some time. firstname.lastname@example.org.
Until next time! It's snowing like crazy outside and I'm going to go enjoy a bit of it!
Have a great weekend!