Security Minded - from Kai the Security Guy

Some thoughts on security (and other stuff) from a Microsoft security professional

Partner Love

Partner Love

  • Comments 2
  • Likes

Today I'm in Denver speaking at the 2007 Microsoft Worldwide Partner Conference. The topic? A little thing I put together entitled "Bad Things Do Happen to Good People: Adding a Security Offering to your Partner Business".

Here's the jist of the session:

  • Trusted Advisor - Being a security professional (which is what you are if you plan on doing this for a living) means more than going to a customer site and drooling over all the delicious licenses you can sell. The first and most important thing you should be worried about is becoming the Trusted Advisor for that business. If I don't feel I can trust you with my business, why on Earth would I buy whatever you're sellin?
  • ROI - The next thing consider is something I've mentioned before on this blog. Security ROI doesn't need to be "good" or "okay"....it needs to be "exceptional"!!!! Why is that? Because the rate of return on security is one of the toughest things to quantify. I'm essentially forking over my company's Retained Earnings, in order for something NOT to occur. You remember that old joke:

Joe:Why you wearing that funny hat?

Bob: To keep the alligators away.

Joe: But there aren't any alligators around here.

Bob: See how well this hat works.

Security often works the same way. Why should I pay you for something that may never happen? You can try using some of these free tools that are out there, like the Microsoft Security Assessment Tool, which is a great thing.

  • Lost In Translation - Did the term, "retained earnings" through you for a loop back there? What's the matter? Don't understand those complicated business terms. Here's my suggestion: Learn them. Learn them now or your customer will find someone who does. You have got to understand the business aspects of your potential customers, before you start worrying about closing ports and Single-Sign-On technologies. I'm not saying that you should go and take a Financial Management class (but guess what, I am, and I'm learning tons about the things execs care about)...but you do need to be able to have "business discussions" with customers. Security isn't hard. It's all about risk management. If you can't explain that in business terms and instead go back to the Happy Home of Tech Talk....how do you understand my business?
  • Ridiculously Obvious - I talked about this before too. Just because it's obvious to you doesn't mean it's obvious to them. I give some great examples at TechEd 2007.
  • What About You? - Does adding a security offering actually make sense for your business? Do you have the available resources (people, time, expertise, etc.) that allow you to add this to your plate at the moment?  What is a satisfactory Internal Rate of Return (IRR) for you? (Don't ya just love that I'm in this class?) See, it's all about Capital Expenditure. That's because if you didn't lay out the money for a security practice, you could use that money somewhere else in your business. How long will it take you to get your initial investment back? (P.S. That's called the Payback method). It really is "all about the Benjamins" or as we call it in Finance, the Net Present Value or NPV. It represents the amount by which the value of your business changes if you accept and fund the security offering (or anything else). Enough Finance chat..let's move on.

Damn the Torpedoes! Full Steam Ahead!

Okay, okay.....you've done the homework and you think this is a good plan for your Partner business. How can Microsoft assist you? Well, the first thing you should do is head over to the Security Software Advisor program and sign up. Heck, you can make up to 30% on selling Microsoft security products, that you're probably selling to the customer anyway. Selling them Exchange? Why not add Forefront for Exchange Server and get paid? It really is a pretty sweet deal.

You'll also probably want to sign up for the new Security Software Competencies, which will prove that you got what it takes to deploy and deliver these solutions. It'll also list you as a Security Partner when they do a search by zip code in your area.

Cost for all of the above = FREE

(and FYI, that's a good deal, even with the Finance terms.)

So what else?

  • More than Swag - Start Marketing your new business. My wife is a Marketing consultant (and coincidentally, worked at Microsoft in our Partner Business)...and she always has wise words. Basically it boils down to, "You may be the smartest IT guy in the whole city, but if no one knows about you....who cares?" You can't just sit in your home/office trying to level your Level 32 Orc Hunter in World of Warcraft waiting for the phone to ring. You got to tell somebody! That's what Marketing is. It's not just the people who pass out the good swag. Look into hiring a decent marketing firm that specializes in the tech business.
  • Re-Engaged - Remember, the big money comes with the re-engagements. So do a good job the first day out, and you'll get called back.
  • The Niche - Look into a "security niche". If everyone in your area is deploying firewalls and setting up anti-virus, pick a speciality. My co-speaker, John Dickson, is from a company called Denim Group, and they specialize in "application vulnerability testing". Don't know what that is? Well, you don't need too, because the guys at the Denim Group are experts. Pick a speciality, excel in it, and soon all the other "security generalists" in your area will be doing your marketing for you. Like CSI? Want to do computer forensics? There's a specialty.

Okay...I'm tired.

I hope this provides everyone with some thoughts to consider when starting a security business. It's more than just "Heck yeah....let's add it." Think about the risk/reward that adding such a business will add to your company.

P.S. Stupid Terrorists

Oh yes, I forgot to add this. For those who keep up with the goings on in the security world, 3 men were just arrested for having some terrorist activity planned in the U.S. Just so happens that one of the 3 terrorists taken into custody was a computer hacker with the screen name Irhaby007 (translated from Arabic) which means Terrorist007. Just a clue....proly not wise to refer to yourself as the "Terrorist James Bond". I want you to look at his mugshot after he was picked up. He looks a little worse for wear, doesn't he? I wonder how many times he "fell" before they put him in jail. Serves him right.

This Just InThe terrorist attacks on the UK airports were subsidized by stolen credit cards.

Comments
  • "Unexplained facial injuries"... Hmmm... I wonder if he resisted arrest.

  • It has recently come to my attention that some of the partners who attended my session at the Worldwide

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment