Alert Logic talk
So the presentation went over very well. Let me break down a bit why I went to talk to Alert Logic and some specific points on the talk.
Sam Van Ryder is a friend of mine who is a sales guy at Alert Logic. He wanted me to come in and present to the sales staff what a Security Manager’s job entails. I jumped at the chance because it gave me a chance to show sales people what trench warfare in security is all about.
How I approached it was from the standpoint of an SMB security manager type. Since this type of security manager is usually low on resources and high on duties (and since this is the most common type today), I figured showing them the daily grind of the just how much work a security manager has to do. I broke the day down like this:
7:35 AM â€“ 9:00AM Check security logs
9:01AM â€“ 10:30AM Check spam filter
10:31AM â€“ 12:00PM Answer voice mails and email
12:01PM â€“ 12:45PM Lunch (maybe)
12:46PM â€“ 1:59PM Run network scans
2:00PM â€“ 2:59PM Check helpdesk tickets
3:00PM â€“ 3:45PM Install patches
3:46PM â€“ 4:30PM Tune IDS/IPS
4:31PM â€“ 6:45PM Administrative crap
6:46PM â€“ 7:30PM Drive home (maybe)
7:31PM â€“ 7:29AM Worry
That all got a good laugh, but I assured them that this is often not far from the truth, and this was not everything a security manager had to deal with.
To give them a more in depth look from the technical side, I reproduced my post about all the many and varied security devices a security manager has to work on (IDS, IPS, firewalls, routers, switches, email gateways, etc.) and the maintenance on them.Â Then I hit them with the many non-technical issues a security manager has to deal with, like employee issues, meetings, project management, budgets, etc. I could see that many in the room had not thought about those as being security manager tasks.
I went a little deeper into the amount of research a security manager must do and how much training (user, IT employee, and self) must be done and kept track of.
Then I talked about the compliance issues that security managers deal with. I did it without going too deep and boring them, but I wanted them to realize how importantÂ compliance was in today’s world (especially PCI).
I talked about how security managers prioritize projects, though I honestly said that I could not really talk about how others do it. I described how I tried to keep a schedule as best I could, and how it was typically unsuccessful because of everything that popped up during the day.
Then I spoke about what makes a successful security manager and how admin crap was necessary to the job but tended to take away focus on securing the network and could lead to security problems.
Then I produced a list of what talents and skills a security manager must have to be successful:
â€¢Has strong technical skills and knowledge
â€¢Has strong documentation skills
â€¢Can talk to employees and execâ€™s in laymanâ€™s terms
â€¢Can lead and mentor a team
â€¢Has strong project management skills
â€¢Has the talent and the patience to deal with corporate politics
Before you start commenting and adding to this list, realize that my purpose here was to show just how varied and wide a security manager’s job must be. And I admitted that I was not good at the last one and that it was the main reason I got out of the security management role.
Finally, I told them about how they could help the security manager. My answer was, “Give the gift of time” (if you see this in any of the AlertÂ Logic marketinf materials anytime soon, I told them they could have it – it’s not really unique, but they liked it).
I explained that good reporting capabilities for any type of device and service such as theirs is one of the most essential time-saving tools a security manager can have. Give me a pretty (and functional) portal that I can place in front of my CIO where he can run his own reports and leave me alone, and I will pay a couple more grand right up front.
Also, make the device where it actually contributes to security and is not just a compliance widget.
There was some other stuff, but a lot more came out in the Q&A session after the presentation that was great.
- I told them that cold-calling sucked very much bad.
- I told them to not just ship a POC box out and expect it to get installed and demo’ed in the month that is typical (help out with the install and keep in contact).
- I told them to sell through channel partners (resellers) instead of direct and use the resources (SE’s) provided by channels
That was basically it. I felt very good about it, and I received several positive comments. I’ll talk about Alert Logic as a product sometime soon (from what I have seen of it).