1. Selling Security
Bill Kasper from HackerVaccine.com
You must sell IT security
It does not sell itself
(Eww, sales)
2. Selling Security
Start from the end. Work our way back from our goals.
Visualize World Peace (Through Strength)
Goal: The System Is SECURE!
Goal: The System Owner is HAPPY!
Goal: You are a HERO!
3. Selling Security
Report your success (blow your own trumpet)
Goal: Inform the client
Goal: Emergencies averted
Goal: Boss looks good!
4. Selling Security
Re-check the SYSTEM (every day is Groundhog Day)
Goal: Verify predictions/fixes
Goal: Avoid surprises
Goal: Reduce your stress
5. Selling Security
Schedule and act on deployment/downtime as agreed
Be when and where you said you'd be
Goal: Demonstrate timeliness
Goal: Avoid cascading crises
Goal: Predictability = trust
6. Selling Security
Get client to commit to time/date/resources to secure the SYSTEM
Convey that your time and schedule are valuable
Goal: Communicate your value
Goal: Share responsibility
Goal: Determinism is our friend
7. Selling Security
Offer goodies to meet a deadline to secure the SYSTEM
Encouragement in search of excellence (not manipulation)
Goal: Organize your calendar
Goal: Commit your client(s)
Goal: Speed up sales cycle
8. Selling Security
Pick a time you want to secure the SYSTEM
24 hrs from now, this weekend, before Simpsons is on
Goal: Lock gates before escape
Goal: Communicate urgency
Goal: Chance to be a hero
9. Selling Security
Find your sponsor's hot button/deadly sin
Fear, greed, ego, pride
Goal: Know your customer
Goal: Speak in effective terms
Goal: Build relationship
10. Selling Security
Whoever owns the SYTEM will respond to SOMETHING
Communicate that SECURITY represents money, peace, time
Know: Psychology opens doors
Know: You're right, that's a fact
Know: Common ground = sale
11. Selling Security
In order to secure the SYSTEM, we must sell security
Overcome “The suits sell, we actually do stuff” attitude
Know: Ninja sales skills = work
Know: Technicians can sell
Know: Selling is being friendly
12. Selling Security
Hate not the ways of The Suits
For tho they are but non-technical, lo, they bringeth in the buck$
Know: Technicians don't like suits
Know: Suits don't grok technicians
Know: Suit skills + tech = Winning
13. Selling Security
What established personal interaction model works?
White Hat Hacking the stakeholder's psyche
Goal: Succeed with least effort
Goal: Get that SYSTEM secured!
Goal: Get paid to succeed
14. Selling Security
Getting the SYSTEM secured requires personal interaction
Stakeholders like to be wooed
Know: Technology doesn't sell
Know: Solutions/sex sells
Know: You solve client problems
15. Selling Security
Prospect Theory (Daniel Kahneman, 1979, eventual Nobel Prize)
Why 85% of people would rather risk losing big
than losing a little up front for sure
Know: Risking big loss is preferred
Know: Security is an uphill psych war
Know: There are psych war weapons
16. Selling Security
Who is in charge here?
There is a behind on the line. Find out whose.
Goal: Don't bother talking to minions
Goal: Identify “launch” authority
Goal: List areas of responsibility
17. Selling Security
Preemptive security is obviously a great way to spend money.
Why are we even talking about this?
Know: You're smarter than your client
Know: What's obvious to us, ain't
Know: Security is a negative
18. Selling Security
OMFG!
Does anyone know about the lack of security in the SYSTEM?
Goal: Find someone who can agree to fix
Goal: Be Paul Revere 2012!
Goal: Apply your passion profitably
19. Selling Security
OMFG!
The SYSTEM is unsecured!!!
Know: You see a problem others don't
Know: You can't fix it all by yourself
Know: It's probably worse than you think
20. Selling Security
Bill Kasper from HackerVaccine.com
Www.HackerVaccine.com
@hackervaccine