StillSecure, After All These Years

One of my favorite activities of RSA week is getting dressed in a tuxedo and attending the SC Magazine award show.  As I have written before, I like the SC Magazine awards because it is one set of awards that I don't think you can buy. It is actually based on user votes.  This year for the 3rd time in 3 years our Safe Access NAC product was a finalist in the Best Endpoint Security Solution category.  We won in 2006.  This year we came back and won again! 

This year, with everyone throwing dirt on NAC it was especially sweet to win this award against the many other competitors. It is a great testament to all of the hard work that many people at StillSecure have put in to making Safe Access the best product in the NAC market.  I also want to thank the many people that voted for Safe Access as well. 

NAC is alive and well at StillSecure.  Thanks to Ilena Armstrong and the rest of the SC Mag crew for putting on another great awards show this year.

Couldn't help but to compare and contrast two companies different approach to the security (and specifically the NAC) market, after reading two articles today. The first was in eChannelLine and talks about how HP ProCurve has launched a special certification and designation for its partners that are delivering solutions based on HP ProCurve's recently released ProCurve NAC 800 appliance. Rather quietly, in typical HP ProCurve fashion, they have launched their entry into the NAC space and they are bringing the considerable HP channel and machine to bear in carving out market share.  Some are still surprised when they find out that HP ProCurve is solidly the number 2 provider worldwide in the switch market.  In many ways it is one of the best kept secrets in networking.  That same approach may have us waking up one day to see this 800 pound gorilla capturing more than their fair share of the NAC space as well.

The second article in contrast had me a bit chagrined. Bradford Networks, a NAC company that has traditionally been focused on the education market, has joined the "Johns" list who pay "vendor escort" fees to SiliconValley Communications.  I have written about SilconValley and their InfoSec products guide awards lots of times, as have others like Mike Rothman.  However, there is a john sucker born every minute, so there are plenty of folks who pony up their precious marketing dollars to these charlatans to receive bogus, bought and paid for awards.  Everyone is so jaded by the nonsense that it does nothing but cheapen other honest awards.  Really now, does anyone believe that Bradfords NAC product is worthy of "the worlds best security product"?  I wonder what they paid just to be in the finals along with other renowned security products like Infineon, MXI Security, Promisec and Fujitsu.  All of them jump right out at you as contenders for the worlds best security product don't they?

Only when the security industry wakes up and smells the coffee of reality and not the cheap perfume of jokers like SVC will these folks shrivel back up under the rocks they came out of. Until then these parasites make a living off of our own greed.

I have to thank Mike Rothman for this one.  I swore off reading anything that comes out of Silicon Valley Communications, who are the folks behind Security Products Info Guide Awards. I have written many times how full of crap these particular awards are.  You can buy your own category and no one else can be in that category.  It is hard to lose like that.  Anyway, as I said I stopped reading the garbage they spew as news.  However, Mikee points out that in a case of extreme self-absorption, the Silicon Valley Communications folks are now trying to claim that by buying one of their awards you have a good chance of being acquired by Cisco or some other big company.  These guys have stones the size of boulders!  They say products that "win" their awards have 4P's (People, products, performance and potential).  I say don't stop there guys, they have a 5th P too - Payola!

When are we as an industry going to wake up and smell the coffee?  These awards for hire do nothing but cheapen and confuse those awards and accolades that are actually earned on merit.  Companies like SVC are parasites living off of the fat our marketing budgets.

BTW, in the same insight, Mike commends The Mogul for making available his analysis on DLP among other things.  Mike laments how people like Rich and he just have to figure out how to make money off of giving away the analysis for free.  I think it is sort of like Vegas.  They used to give away the rooms and entertainment, in order to get you to gamble.  Now they use the gambling to get you there and go to the entertainment and stay in the rooms.  Analysts used to charge you for their analysis.  Now they give you analysis for free, but I think that gets them mind share and you hire them customized research, advice and analysis. It is a brave new world for sure, but something tells me Mike, Rich and those like them will figure out a way to eke out a living ;-)

Hands down the biggest security show of the year is RSA (most fun though is probably Black Hat, but thats Vegas).  One of the highlights of the RSA show for me is going to the SC Magazine Awards show.  It is a nice night, you get dressed up in a tuxedo, drink free and mingle with the industry.  The guys from HayMarket and SC Magazine always do a great job.  On top of this, unlike many other awards for sale, the SC Awards seem to be on the up and up.  Over the years we have won once (Safe Access, best endpoint solution) and made the finals a bunch of times, but either way it is always a good time.

Well though the awards (and the RSA show) have been pushed back to April (they usually are in February) this year, it is that time of year again.  Voting for the SC Magazine Awards has begun!  It seems like they have expanded the categories of Reader Trust Awards this year.  These are the awards you can vote for.  They have another set of awards that are selected by the judges.  Here are the categories for the Readers Trust Awards:

Reader Trust Awards

Best Anti-malware Solution
Best Email Security Solution
Best Instant Messaging Security Solution
Best Web Filtering Solution
Best Intellectual Property Protection
Best Endpoint Security Solution
Best Mobile Device Security Solution
Best Enterprise Firewall
Best Intrusion Detection/Prevention Solution
Best Wireless Security Solution
Best IPsec/SSL VPN
Best Identity Management Solution
Best Multi- and Second-factor solution
Best Integrated Security Solution
Best Managed Security Service
Best Computer Forensics Solution
Best Event Management Solution
Best Policy Management Solution
Best Audit/Vulnerability Assessment Solution
Best Security Software Development Solution
Best Security Company
Rookie Security Company of the Year
Best SME Security Solution
Best Enterprise Security Solution
Best Regulatory Compliance Solution
Best Professional Certification Program
CSO of the Year
Best Security Team
Best Professional Training Program
Editor's Choice Award

All four StillSecure products are nominated.  Safe Access in the endpoint category, Strata Guard in the IDS/IPS, VAM in the vulnerability management and making its debut, Coba in best integrated security solution.  I would love to see all of my readers vote for the StillSecure products, but since many of you work for other vendors nominated, that probably won't be the case.  In any event, if you get a moment go vote for your own choices, but at least vote!

Mitchell wrote today about his appearance on the cover and in an article in Redmond Magazine called "The Secrets of the Windows Gurus".  It is a pretty cool article and Mitchell is deservedly in some high company with the other folks profiled.  If you get a chance check it out.

What I really liked though was the cool picture and characterization they did of the Guru's for the cover and then the individual pictures.  Mitchell and I have worked together for a long time and it is rare that I am jealous of coverage he gets.  But I have to admit the picture was pretty cool and I wish I had one of me too!  Will have to work on that. Kudos to Mitchell for getting the gig though.

You know I try to never believe the hype, even about myself.  When that silly list came out with the top 59 most influential people in security and I was number 2, I had a good laugh.  When people recognize me in the street from the picture in my blog, I feel good and move on.  When people ask if my blog and podcast has helped StillSecure, I shrug my shoulders and say "I don't know, but I have a lot of fun doing it". Frankly, I am not the most technical person in the world. I consider myself a good business person who is passionate about security and what my company is trying to do to make networks more secure. But I am no celebrity. When I helped start StillSecure, I never imagined that one day I would be considered a "known person" in the security field.  However, it appears to be true.  In a corollary to the adage "imitation is the sincerest form of flattery", it seems some of the StillSecure competition are actually buying Google ad words keyed on my name.  Can you believe that?  How low can you go? Someone told me about it today and I tried it for myself and sure as you know what, there is a banner ad that a certain NAC vendor has taken out on the name Alan Shimel.  How cool is that?  Go try for yourself.

So that got me thinking.  Hey, maybe there is a cottage industry here .  I can sell or rent my name out to NAC companies that must be so desperate that they would hitch themselves to my name. You know the kind of companies that don't have a bona fide personality themselves and need to rent out someone like me.  Hell, I am thinking even bigger than that.  Maybe I can do personal appearances, webcasts and all kinds of stuff like that. Maybe, I could even do a blog for them. I might as well suck out as much cash as I can for my kids college education fund.  I even drew up my own Google Ad over on the left.  Of course I think it only fair that I get a piece of the action from their sales then too, right? 

But seriously, how much money is there to be made by buying ad words on my name. Maybe instead of trying to get more customers by cashing in on my good name, they should use the money they have left and get their development lab over in Israel fired up. They can perhaps write their own testing software, instead of relying on someone else's licensed software layered on top of a failed IPS.  This way they could be honest and upfront about how their product works.  Nah, that sounds hard.  Probably easier to hitch a ride on my name and live off of the crumbs of my table.  Geez, I feel like John Chambers.

Of course this follows on the heels of another record breaking quarter, where this blog had over 400% Q over Q growth.  Well it seems like those crazy folks over at Info Security Products Guide are at it again.  They have figured out how to get some more money out of their johns, I mean vendor partners, for more made up awards you can buy. Looks like for this one you actually have to post a case study.  They must be based out in Vegas because this sort of thing is legal over there. I figure if they can do it, why can't I.

If any of your blog writers out there would like to win a prestigious award, please let me know what category you would like to buy and I will see to it that you win an award as well.  By the way, don't even get me started with the private companies announcing record quarters without giving actual numbers.  If you are going to announce record revenues, without giving out actual numbers, it is just BS. 

Martin anticipates me weighing in on an article by Chris Hoff on a new ad by Big Fix that ran in USA Today.  I paste the picture of the ad here strictly for context of course! 

Do I think it is sexist? Yes.  Is this the image I would want to convey for my security company? No.  Let me ask this question, if it was a hot blonde in a bikini would it be worse? Not sure. Does the big gun in her hands signify anything? Don't even want to go there. Is she a Vulcan or a Shadow Run Elf?  Does it really matter. Maybe there is an inside story on this that we are all missing.  Ryan, Amrit, is there anything we are missing?  Is this a representation of anyone who works there?

The bottom line for me is, I don't think our marketing team would want to invoke this kind of image.  I am sure the Big Fix team did some extensive research and know that this type of message and image is exactly what they are "shooting for" and appeals to their intended audience.

God knows that when another company does some stupid marketing, I am the first one to jump up and down and call them on it.  Some companies and former friends have gotten upset with me for doing it, but I call them as I see them.  So it is with some regret that I have to stand up and say that we at StillSecure did some stupid marketing, that I have to apologize to my blogging brethren for.  It seems our PR folks, realizing the tremendous influence security bloggers exert (hey don't forget the most influential people in IT Security list), thought the best way to reach them was to send out a story pitch to all the people on our blogrolls. This is the same way they do to it in pitching to the traditional media. WRONG!  That's what makes blogging, blogging.  It was not cool, a mistake and we are all sorry here.  We will make sure that does not happen again.  Lesson learned and now on with the show.

In the past I have taken to task some companies (OK they are competitors) for putting out BS press releases at the end of the quarter, pinning medals on their chests for the great quarter they have had.  One of my problems was that they talk about revenue growth rates without actually pointing at the real revenue. If you only did 100 dollars last quarter and a 1000 dollars this quarter, you had a 10 time revenue increase, but big deal.  So rather than shovel sand against the tide, I have decided to jump on the bandwagon.  So in order to beat the rush, here is my press release slated for April 1 release highlighting the great quarter we have had at StillSecure, After all these years blog and podcast.  Of course, like some other companies, I am hoping to persuade you how great things are and am trolling for more acquisition offers.  So here is my release, please take it in the spirit I wrote it in:

FOR IMMEDIATE RELEASE

Contact:
Alan Shimel
SSATY
899-U81-I812

STILLSECURE, AFTER ALL THESE YEARS BLOG AND PODCAST ENDS QUARTER WITH RECORD REVENUE AND EXPLOSIVE READERSHIP GROWTH

Innovative and tell-it-like-it-is approach drives increasing influence of leading security blog and podcast, resulting in industry wide recognition

(Boca Raton, Fl. – April 1, 2007) – StillSecure, After all these years blog and podcast (SSATY), the leading security blog and podcast, today announced record quarterly results. Marked by an unprecedented 500% quarter over quarter revenue growth rate, increased global readership, and wide acclaim as one of the most influential blogs and podcasts in security, SSATY has clearly demonstrated its leadership within the IT security blogosphere.  The 500% revenue growth rate represents the continued success of a revenue generating advertising program begun last year.  Driving this advertising revenue was the enhanced profile of the blog and podcast after being mentioned as one of the most influential in IT security by a “leading media portal”. 

The true global reach of both the blog and podcast was best illustrated not only by the doubling of the subscriber base of the both the blog and podcast but also by the country of origins of the readership.  Countries from Algeria to Yemen had readers and listeners to SSATY.  Its author Alan Shimel, was cited as a chief blogging officer by the ITSecurity.com website and as the second most influential person in IT security as a result. Podcast co-host, Mitchell Ashley was also very highly ranked by the ITSecurity.com 59 most influential people list, at least partially as a result of co-hosting the podcast and his blog, The Converging Network (http://www.theconvergingnetwork.com).

“With revenue going from $10.50 last quarter to well over $55.00 this quarter, how can there be any doubt that we have cracked the code to making blogging profitable”, said Alan Shimel, founder and chief blogging officer of SSATY. “Being listed as the 2nd most influential person in IT Security only makes me want to try harder.  I won’t stop until I am number 1, but am extremely proud of all we have accomplished here.”

“I tell you that I just can’t believe the quarter we have had, it is exceptional”, said Mitchell Ashley, co-host of the SSATY podcast. Ashley continued, “truthfully since RSA, everything has been in pretty much of a fog for me. I just wish we could find that podcast recorder I lost. But I guess we must be doing something right.”

Other highlights for the quarter include:

1. Being named one of the Fast 44 by Delight and Tush as one of the fastest growing security blogs
2. Being read by members of the prestigious International  Center for Vomiting and esophageal reflux
3. Having significant readership at the Aboriginal University of New Guinea and Aukland
4. Increased presence in the financial, health and government sectors
5. Being named a hot company to watch by Blue Anchovy
6. Winning the top blog award in the security blogs written in Florida category by InfoSec Blogs Guide

About StillSecure, After all these years blog and podcast

StillSecure, After all these years blog and podcast is a candid inside look at the world of security.  It makes no bones about its mission to influence the leading minds in information security to forward the aims and goals of its authors.  The StillSecure, After all these years blog can be accessed at http://www.stillsecureafteralltheseyears.com.  The podcast can be obtained via iTunes, via the SSATY blog or at http://www.clcickcaster.com/ss.  Mitchell Ashley, co-host of SSATY podcast maintains his own blog at http://www.theconvergingnetwork.com .  SSATY partners with and is a customer of some of the leading Web 2.0 companies in the world including, TypePad, Moveable Type, Clickcaster, FeedBurner, Lijit, etc.  SSATY is totally self-funded and has never taken a dime in venture capital.

SSATY makes no claims on any names or marks mentioned in this release not owned by SSATY. Any statements contained in this document that are not historical facts are forward-looking statements as defined in the U.S. Private Securities Litigation Reform Act of 1995. Words such as "anticipate," "believe," "estimate," "expect," "forecast," "intend," "may," "plan," "project," "predict," "should" and "will" and similar expressions as they relate to SSATY are intended to identify such forward-looking statements. SSATY undertakes no obligation to publicly update or revise any forward-looking statements. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations The factors that could affect SSATYs future financial results are discussed more fully in SSATY's filings with the U.S. Securities and Exchange Commission ("SEC"), including SSATY's most recent Annual Report on Form 20-F filed with the SEC. Readers are cautioned not to place undue reliance on these forward- looking statements, which speak only as of their dates.

The money machine over at InfoSecurity Products Guide have another scam they are running. Has anyone noticed how many "news stories" came out today with vendors being selected "hot companies". I wonder how much that cost? I counted at least 6 announcements from different companies on this. I won't link to them, as I don't want to give them any more play than they deserve.

I was reading Rothman's post today about the guys at Aberdeen wearing fishnet stockings.  If the Aberdeen guys wear those, I can only imagine how the InfoSecurity Product guys dress or should I say undress.  But hey don't blame them, it is us sleazy, media-crazed vendors who pay the money to these guys and then trumpet out press releases, announcing that we, along with everyone else who wrote the check, are happy to win such a prestigious award. Just like drugs, when the drug addicts stop buying the drugs the drug dealers go home.

The shame is how can you separate the real awards, reviews and analyst opinions from the bullshit.  I can't half the time and I am in the business, what is a customer to do?