StillSecure, After All These Years

Roger Grimes has a good article up on his InfoWorld, Security Advisory blog entitled "Security firms frustrate loving customers". Roger details some specific examples of how security vendors just don't "show the love" to customers and prospective customers, with the result being lost business. Roger highlights three examples:

1. Making renewals a manual process with those annoying phone trees. I agree, when I hear the press 1 for this and press 2 for this, my blood starts to boil. There is no reason that this just can't be built into the product to renew over the web. Security or no, any software vendor not doing it this is just plain crazy.

2. Calling into a company with a sales inquiry and the sales guy never calls back. This one just kills me. When doing due diligence on potential acquisitions at a prior company I would call in or email with a sales inquiry and wait to see how long it would take for them to get back to me. It was a good indication of how well the sales organization and company functioned.

3. Killing the deal with one sided, overly legal and burdensome terms. Another one that I battle all the time. The CFO has to be able to recognize revenue so needs specific T&Cs. The lawyers want to protect the vendor against all eventualities and is doing his job. You want to make as few warranties and representations as possible to limit your liability. The result, the customer gets one sided, unfair document with fine print on maintenance pricing, renewals, SLAs, etc. Most customers don't even read the EULA. Take a lot at some of the ones with software you have bought. It may surprise you.

But in my best Fox News voice, lets be fair and balanced. So in that vein, let me give you 3 specific examples of how loving customers frustrate security firms:

1. The guys who picked the product leave and the new guy comes in and doesn't have a clue. This happens all the time, especially in the government. One guy or team buys the product for a specific reason and has all of the expertise. The new folks come in and even if they know your product is there, they don't know why or how to use it. They may feel they inherited this product and have their own favorite product in this category. They can't wait to replace you and either don't use the product at all or blame the problems of the world on it.

2. Buying the product and than "other priorities" delay implementation. A surefire recipe for shelfware. When I see this happening I tell our folks better to be a pain in the butt and force them to use the product they bought than to sit around watching the license expire on the shelf. The longer the product sits, the more it becomes a nice to have, rather than a must have, that drove the sale. Now sure, one can say that what does the vendor care, the customer paid. If he doesn't use it, less support costs. But you don't get renewals, you don't get upsells or referrals without customers using product.

3. Using the product in unintended ways. Another favorite heartburn of mine. Customers figure just because the application runs Linux underneath, why can"t I run (You Name It). We recently had a customer that was chewing up support hours like the dial at a gas pump today. It turns out the problems we all due to the all of the other software that he had put on the box, not to mention editing .conf files, database tables, etc. It is hard enough supporting the software we developed. It is a whole another story supporting software that you have written.

So Roger, yes the customer is always right and security vendors have to get their act together if they want to survive, let alone compete in these tough economic times. But customers certainly don't make the job any easier with some of the shenanigans they pull.

One of my favorite responsibilities at StillSecure is business/corporate development.  The biz dev role is something I have done for a long time for several companies. Having a decent grasp of technology, insight into business and my legal training have helped me to conclude many successful business deals over the many years I have been at it. Over the years I have also had the opportunity to work with many good people on both sides of the table, as well as the chance to help train many good people.  Some of the things I have tried to teach others and that I myself try to remember in negotiating business terms are:

1. Win-win - I know it is such a cliche, but it is also still true.  I have seen so many people from attorneys, to entrepreneurs to other biz dev people try to "beat" the other guy.  You may put one over on the other side and get favorable terms in your agreement, but ultimately if doesn't work for the other side, all of the agreements in the world won't make it work for you.  The most successful deals I have been involved in have been ones where both sides feel that they are getting real value out of the deal.

2. Don't think you are smarter than the other guy - How many times have I seen this vain attitude ruin deals.  Everybody sitting at the table puts their pants on one leg at a time.  Don't think that you are so superior or more intelligent than the other side. They usually are perfectly capable of seeing exactly what you are really driving at and trying to outsmart them again will wind up with a lose-lose.

3. Its not the battle, but the war that counts - One of the things I disliked most about practicing law was dealing with other lawyers.  Every single point of every single agreement could become a knock down, throw down battle to the death, as each side tried to show that they were the better attorney on each point.  Its not about winning any given point, its about getting the deal done.  Unless a particular point is truly a showstopper, you have to remember the big picture of what you are trying to accomplish.  Too many times I have dealt with people who seemed to keep a running tally of how many points they got their way versus how times they gave in.  Is the deal in total a good deal, accomplishing your goals the real scoreboard.

4. Theory is fine, but go for the meat and potatoes -  I have seen so many deals drag out because a particular point is taken to a theoretically possible, but highly unlikely scenario.  Good legal drafting practices says you should try to plan for every eventuality.  But because a corner case of a corner case is remotely possible, don't throw away a great opportunity.  Try to draft around that remote possibility.

5. Put as much effort into the success of the relationship as you do in negotiating the contract.  I have been involved in some deals that by the time the agreement is agreed to, one party or the other is spent and just seems to lose the momentum to carry the relationship beyond the contract.  The contract is the beginning of the business relationship, not the end.

6. Put yourself in the other guys shoes - Empathize with what your colleague is thinking and feeling. Understanding their needs, motivations and state-of-mind can help understand what it will take to reach an agreement.

Of course every deal is different, but remembering these rules will serve you well every time.

Image via Wikipedia

Actually they were forced to step up. Steven Musil reports that according to this NY Times article, NY State Attorney General, Andrew Cuomo has forced several of the largest ISPs including Verizon, Sprint and Time Warner Cable to institute blocking of web sites and usenet groups that traffic in child pornography. I say what took so long. For years now the ISPs have wrapped themselves in first amendment issues and claimed that they had no responsibilities for individuals communicating with other individuals. But as Musil reports, Cuomo said that at some point if they knowingly allow such illegal activity they do bear responsibility. Cuomo's office had to threaten legal action before the ISPs would agree to get involved though.

The I don't have responsibility defense used by the ISPs has been frustrating for a long time. When I was in the hosting business, some web hosts said the same thing about hosting web sites with illegal content (porn, warez, etc.). Law enforcement was quickly able to pierce that veil and get web hosts to take down illegal sites. Cuomo I think said it best, “No one is saying you’re supposed to be the policemen on the Internet, but there has to be a paradigm where you cooperate with law enforcement, or if you have notice of a potentially criminal act, we deem you responsible to an extent”.

Of course the question is: who picks what is objectionable. Child porn is easy, but what about other types of porn, gambling sites, etc. Once we put the power to filter content in a private companies hands, we entrust them to filter only what is illegal. But it would be naive to think they won't filter for their own best interests either.

While I applaud this step and give Andrew Cuomo credit for bringing the ISPs to heel, I think you have to put some process in place to make sure that legitimate and protected communications and freedom of speech is not suppressed.

In any event now the security folks can blame the ISP for why certain executives web browsing to quesitonable sites is being blocked ;-)

There are some days where nothing strikes me as interesting enough to blog.  Than there are days like today where there are just too many things that I find compelling enough to comment on.  So rather than do 4 or 5 posts today, let me condense all of this goodness (I hope) into one post:

1. Sophos releases "financial results ahead of analysts expectations". While I applaud the Sophos folks for making public their revenue numbers (at least gross, net and deferred totals it seems), I am not sure what analysts they are talking about.  As a private company, it is not like people are trading their stock and the financial analyst crowd is putting their numbers on the street.  200+m is a lot of revenue, even for an AV company and 40+m to the bottom line is impressive, but until you are public, no one is holding your feet to the fire and analyst coverage is just not the same.

Authors note: Dr. Jan Hruska, co-founder of Sophos wrote me off line and gave me permission to publish this comment: 2. Apple is ready to enter the platform war - Larry Dignan over at ZDNet has some good comments and stats on Apple vying with Microsoft and Linux/open source to be "the platform" of the future. I agree that the iPhone and iPod are Trojan Horses into the enterprise and along with the Mac represent a viable platform that could compete with Microsoft and the Linux/open source crowd.  However, I don't think you can judge how many developers are developing Mac/iPhone apps based on the crowd at the upcoming WWDC (worldwide developer conference).  Steve Jobs is a master showman and I think these conferences have become media events.  Many people are there to to twitter and report and to "be there".

In October last year we prepared for a float on the London Stock Exchange. As a part of the exercise we had analysts from the three sponsor banks produce their projections for revenue etc for the next three years. We did better that their projections for 2007/08.

Larry is right though that Apple has to balance being too iPhone and iPod crazy at the risk of ignoring the "real" platform here the Mac.  His example about PGP developing a Mac version is a great point.  I have heard many other security companies likewise bringing Mac versions to market. This graphic I think shows the point well:

  But my ultimate point on this one is that the ultimate platform will be the web.  What the underlying OS is for future web apps should be somewhat meaningless.  The webtop platform would seem to me to be the platform going forward!

In any event the WWDC should be a lot of fun and I will be watching to see if any new reports come out.

3. Belden buys Trapeze - Another independent WLAN provider gets bought. Doesn't seem like a great multiple, 133m on 2007 revenue of 56m.  There are not many independent WLAN providers out there now.  Meru Networks is probably the biggest of the bunch. You don't hear too many people saying that wireless is not here yet anymore.

4. McAfee still chasing the dragon on security ROI - McAfee announced that using the Forrester Economic Impact Calculator you can now easily find out your ROI from buying a McAfee product. They have a very nice diagram that I have pasted in here. They ask you to plug in a few numbers about type of security you want, desktops, laptops and servers and presto - they give you an ROI.  I didn't call them to get the scoop, but it really underwhelmed me.  Looks like smoke and mirrors to me, just like many of these security ROIs do.

A couple of weeks ago I was offered a free year membership in the Clear airport security program for registered travelers.  Though my home airports of Ft Lauderdale and West Palm Beach don't yet offer Clear access, I fly enough in airports that do like Denver and Regan that I thought for free, what do I have to lose.  I filled out the forms on line and last time I was in Regan airport I handed it in along with fingerprints, Iris scans, passport, etc.  This past week my Clear card came in the mail and I have been looking forward to using it.

I thought that with my background check and all, they knew that I was a low risk for terrorist or other type of activity and therefore would not be subject to the same scrutiny and testing that we all endure when we have to fly.  Turns out that I don't think that is exactly the case.  However what it does do is allow you to go right to the front of the line in security, much to the dismay of others waiting on those lines.

The experience was great.  I went to a special entrance for Clear members where I was met by a very helpful young lady.  She escorted me to a Clear machine where we inserted my card and did a fingerprint scan.  After that was done she escorted me to another young lady who walked me past all of the people waiting on line (and a long line it was).  At the head of the line, the Clear lady gave my boarding pass and ID to the TSA person.  The TSA person checked my id and pass, same as always and they passed me through.  Than my Clear escort brought me to a special metal detector line which had no one on it, just waiting for me.  Again skipping another line.  I put my computer and other metal objects in the same old grey bin, took off my shoes and went through the metal detector.  I thanked the Clear escort came out the other side, scooped up my stuff and proceeded to my gate.  The entire process took less than 3 minutes I bet!  That was great!  The looks on the faces of the people I bypassed on line also gave me a perverse pleasure as well, I will admit.

After finishing this though I sat down and thought about it.  What security did bypass?  They still checked my ID and boarding pass. I still went through the metal detector and took off my shoes.  In fact if anything security was added to my check in, as they now did a fingerprint match.  So fact is, with all of the background checks and everything, having the Clear program did not relieve me of any security obligations and tests. In fact it added to them.  What it did give me was a "first class" personal escort to the front of the line and than a first class que for the metal detectors.  Because I was willing to pay some money and have a background search, I got the first class treatment.

To me this is not a scalable solution.  As more Clear passengers come on board, having a dedicated person walking me through the security line is just not going to work.  Also, lets be clear (no pun intended), this is not about going through less security.  Why the background check and all?  This is about paying money and skipping the line, but still going through the same security procedures that everyone else goes through.  Just faster.  Hey, don't get me wrong.  I loved it!  But I was wrong to think this was about bypassing security, this is a "first class" traveler lane.  As long as you are "clear" with that, it is good by me!

No, not IPO public, but public about disclosing employer secrets which could provide a risk to the public. My friend Martin McKeay has written an article over the recent firing of an employee of TJX for disclosing in a public forum continued poor security practices by TJX. The same TJX I might add that as a result of slipshod security practices caused 100s of thousands of dollars, if not millions of dollars in bank fraud to occur.

Many have categorized CrYpTiC_MauleR, the employee who disclosed the information on hackers.org, as a "whistleblower". The term whistleblower is a term of art and in many circles will invoke some special immunity for the person who disclosed the confidential information. However, usually the disclosure of this information is made to a person or entity with the power or at least willingness to take corrective action. In this case, I think that is the missing pre-requisite. Just disclosing this information on a public message board does not meet the burden of defining this as whistleblowing. I think Martin is right on there. He says CrYpTiC (If I can call him that), was not a whistleblower in the strictest sense of the word and is not due any protection. He is just another person who violated his employment terms and his termination by TJX was perfectly justified. Let me say that I don't disagree with Martin about TJX having the right to fire CrYpTiC. They certainly do.

I have a problem with Martin when says that CrYpTiC should have done what he has done and that is keep your mouth shut and move on to the next opportunity. I think depending on the level of wrongdoing, not only is that wrong, but by willfully withholding certain information from the authorities it could make you guilty as an accomplice! Think about it Martin, if you knew your employer was committing a crime and you just quit your job rather than report that crime, you are an accomplice. When does the responsibility for the general good, outweigh your obligation to your employer. Is sticking your head in the sand and moving on while letting illegal or irresponsible behavior go on the right posture? I say not.

I think CrYpTiC felt strong enough about what TJX was doing was wrong that he posted it publicly. Though he did it anonymously and did not think it would be traced back to him, he felt strong enough that what TJX was doing was wrong and he wanted the world to know. When he made that decision, he also made the decision that letting the world know the truth was more important than his job at TJX. I am sure potential future victims of TJX fraud that will now be spared that loss would thank him for it.

Martin, there comes a time where keeping your mouth shut and moving along does not cut it. You have a duty to alert the proper authorities for the greater good of the public. The question is when does your duty to disclose surpass your duty to keep your employers information private? I think that is a personal question that all of us have to answer ourselves. Clearly criminal activity should be disclosed, otherwise you risk criminal exposure. Beyond that it is a judgment call. But saying not to disclose and just move on is appeasement at its worst.

The real question is why doesn't the PCI council or the government have a forum for people like CrYpTiC to go to in the future. That is what is needed!

I was reading an article in the Orlando Sentinel newspaper this morning (I know who reads newspapers anymore), about how so many companies are tracking unhappy customers by monitoring blogs and even twitter messages. It reminded me of a story that Chris Hoff had a while back about Southwest Airlines monitoring his Twitter message

The story in the Sentinel had two opposite corporate views on this. One was Comcast who quickly turned a negative blog post and experience into a positive one by reaching out to the customer and fixing their problem. The customer than ran an updated blog post to commend Comcast. Much the same way Hoff did in his post on Southwest. The polar opposite of this was Spirit Airlines, whose spokesperson according to the article said, "she wasn't concerned and that Spirit doesn't let blog posts affect its policies and procedures." Well a year later that article is still the number 3 search result on Google if you pull up Spirit Airlines. It has over a 1000 comments with many people saying they didn't fly Spirit as a result. I wonder if Spirit Airlines still feels the same way about not listening to blogs?

The article mentions a few other companies that monitor blogs and twitter and message boards. It also mentions a web site called getsatisfaction.com where over 3000 companies monitor to help consumers iron out customer service issues.

They always said the pen was mightier than the sword. In todays world maybe the keyboard is too.

Anybody remember that slick marketing line?  You are a winner if you picked OS/2. OK I will admit it, I was an OS/2 user. I liked it much better than Windows 3.1 and used it even after Windows 95 came out. I still think it was a superior product to anything that the guys from Redmond put out.  Why don't we all run OS/2 today instead of Windows?  Good question, I ask myself that all the time.  Some say it is because Microsoft used strong arm tactics to persuade ISV's from developing apps for OS/2.  That may be true, but for me the real problem was IBM's strategy was instead of fighting the fight to get OS/2 apps developed, they said go ahead and run Windows and DOS apps on OS/2, we can run them better.  They could, but at the end of the day they were still Windows and DOS apps and this gave Microsoft an inherent advantage that could not be overcome.

I was reminded of this today while reading an article in eWeek by Joe Wilcox on how Microsoft is in so much trouble and how nobody is using Vista (better not tell the 100 million or so users of Vista that). Joe points out the recent Gartner report that says Microsoft is headed for a train wreck around 2011 or so because Windows is vulnerable (to competition that is, not necessarily to vulnerabilities.  Well actually it is vulnerable to those too, but that is for another blog).  Not to be outdone by the G-men, straight off the shrimp boat the Forest-er Gump crew come out with a pair of reports (here and here), that detail Vista's adoption issues.  The net of one is that while tech folks see the benefit of upgrading to Vista, it is a tough sell to the CIOs and CFOs of the world.  Many according to the article are saying they will wait for Windows 7, whenever that comes out.  I don't buy this myself. I remember similar talk when XP came out. 

Where I really disagree with Wilcox though is his comments regarding Mac OSX replacing Windows in the enterprise:

I disagree that Mac OS X is no alternative, particularly when businesses must swap out hardware anyway and Exchange-supporting Office 2008 is available. Mac OS X nicely plugs into Active Directory. I don't expect massive conversions to Mac OS X, but I strongly disagree with contention that it's "simply not a viable option."

What will enable this Mac revolution? Virtualization according to Wilcox and those who believe as he does. This is where they step in the footsteps of OS/2 before them.  If OSX is a better OS, fine. But don't fool yourself. If you are going to rely on Microsoft Exchange, Microsoft AD and other Microsoft server products plus Microsoft applications and you are going to run your Mac hardware running Windows in a virtual hypervisor on top of it, you are just a "better Windows than Windows" but you still run Windows.  Microsoft will use its stranglehold on the applications to make sure that they run better, faster, cheaper on the real Windows.

Gartner, Forester and Joe Wilcox miss the point here.  Windows will not be in serious danger of losing its preeminent position on the desktop until there are enough applications that run natively on another OS and don't run on Windows.  I don't see many application developers willing to walk away from the Windows market for that to be a reality.  That makes desktop Linux, Mac OS and the rest just more OS/2s.

My friend and StillSecure VP of product strategy Andrew Grealy heard an interesting hypothesis today. It goes like this, you can judge the health of the US economy by the size and extravagance of the RSA show. The theory has these rules:

1. The better the chotchkies (booth handouts) the better the economy. I can buy that one. This year the best give away I have seen is the bicycle that RSA is giving away.  Other than that, I didn't see great giveaways.
2. The more booth babes, the better the economy.  I disagree with this one.  I think sex is a recession proof business and in hard economic times, people sell sex more.  So the more booth babes, the worse the economy is in my mind.
3. The size and extravagance of the conference gala.  A large party at a first rate location with top shelf booze and food is a dead giveaway to a booming economy.  Andrew has a corollary to this theory that you judge the economy by the size of the cocktail shrimp.  Being from Australia, home of giant prawns I think has a lot to do with that.  BTW, this years party is at the Marriott and I hear it is not a "a" rated venue.

So though this years RSA is the biggest one ever, I would have to say based upon the Grealy law of economics we are in for a rough year.

Beware -Another non-security story. Last week I wrote a story about my son Landon and how proud I was about his experience in baseball.  I used a Yiddish word that I learned from my Grandmother - naches.  As I have gotten older I have developed a deeper admiration and respect for the inherent wisdom that my Grandmother brought to life and the many things I learned from her.  I remember being younger and thinking she was a little bit meshuguna as she would say. But as I now realize she was crazy as a fox and I hope I can be only half as intuitively smart as she was.  She had an intuitive grasp of people and life that cannot be learned in books.  People who think I am outgoing and loud would think me quiet and shy in comparison to her. But enough about my grandma, let me get on with the story. 

One of the phrases she used to use that I would laugh at was, "my grandson, you never know whose tomorrow it will be".  I was never quite sure what that meant, but had enough of the general gist that I didn't question her.  Today again I heard my Grandmother talking to me and saying that very phrase.  I had contacted an old business partner of mine who I had not spoken to in 3 or 4 years. I knew he had season tickets to the Yankees and wanted to buy a couple of tickets to take my sons to the Stadium in this its last year.  My old partner "Bob" called me back this morning, very early not realizing I was out in California.  Of course I asked how he was and he replied that he had been diagnosed with pancreatic cancer a while ago. He has undergone surgery and is receiving chemo at Sloan-Kettering Memorial, but the prognosis is not good.  Bob is just a few years older than me and his youngest child is just 10 years old.  I have known Bob for 20 years.  He was always the kind of guy who did the right thing.  A good family guy, he grew up like I did on the Long Island-Queens border in NY from working class parents. He worked hard and bought a house in Westchester County for  his wife, children and he.  He lived the American dream, working hard and passing on to his children the best of what he knew. What are you supposed to say to someone who tells you this?  Are there any words that provide comfort?  Is going to a frigging Yankee game relevant here?  Of course you try to be brave for their sake.  You say things like "they are doing so much with that disease now.  Keep your head up, attitude is important."  Maybe most of all, I will pray for you. How cruel is fate that this good, decent human being has been chosen to suffer from this death sentence of a disease at such a young age?  Of course Bob is not alone. Unfortunately I know too many good people who have been stricken with terminal illnesses well before their time here should be done.

I was speaking to a friend/family member the other day about the breakup of his marriage and I told him life is rarely what we think it is going to be.  Making lemonade out of lemons seems to be the ultimate and eternal human condition. It also drives home my grandmother's inherent intelligence.  You never know whose tomorrow it will be.  I get it now, you never know for whom the bell tolls.  All we can do is enjoy the good moments that God, fate or whatever grants us, because in an instant that can all be taken away and our lives changed forever.  Bob is in my prayers and I hope for a miracle for him and others who have to face similar challenges. Lesson to you all enjoy the moment, cause you never do know whose tomorrow it will be.

Read an interesting article by Sean Michael Kerner today in eSecurityplanet.com.  Sean talks about the fact that both Juniper and Nortel are both OEM'ing the Q1's Radar product to help them compete against Cisco's MARS solution.  Of course Juniper and Nortel compete against each other and the logical question is how can they compete against each other with both offering an OEM of the same product.  I thought the answer by both the Juniper and Nortel folks were great and shows the strength of an OEM strategy, much like we have pursued here at StillSecure. 

Sean says that technology vendors who need to fill a need in their product line can build, buy or partner to fill that need.  It is right on.  But as Sanjay Kapoor at Juniper points out, Juniper takes the Q1 product as a starting point and builds functionality on top of that.  Nortel's Shmulik Nehama makes another point about competitors OEM'ng the same product when he says, "... this validates our choice of technology and choice of partner".  A great point.  If one of your competitors have vetted the solution and picked it over the competition, there is probably a good reason they did so. If your own analysis shows that this solution is superior, you should not "settle" for second best because a competitor is using it as well.  I think you look at how you can add value over and above the base solution.  If you are going to compete with Cisco, you are going to need the best product you can have.  Not choosing the best product because someone else has is just not a smart move! 

At StillSecure we have OEM partners in the same situation and they have arrived at the same conclusion.  Of course we have had some folks who did not OEM our solutions because of this, but at the end of the day, they wind up with a solution that is at best second rate.  Moral of the story, pick the best product you can.

Below is an article I wrote yesterday after reading an article in Wired Magazine about the Air Force policy on blogs. As a result of publishing my article, I have been contacted by a bunch of different folks on both sides of this issue.  Some commented on my blog, others wrote me privately and others I spoke to on the phone.  As a result of these interactions, I realize that it is not so much about the censorship of information contained in blogs, but the potential for security lapses and information being put out that could result in service personnel getting hurt or killed.  That is serious business for sure.  So in that context, I understand the reasoning.  I don't think it has anything to do with whether people work hard or not in the military, the only reasons for this is operational security, safety of life and limb of our brave service personnel and the success of the mission.

That being said on reflection, I think this is a great thing about being in the US and blogging.  I had a chance to speak my mind and put it out there for people to see.  Other folks had a chance to comment and vent thier opinions.  As a result, I was educated about some issues I had overlooked or not given proper weight.  Now I can post this to correct my position and go on.

Does this make me a flip-flopper?  Maybe it does, but I think it makes me wiser as well.  I think part of being a good blogger is listening to what others say and being big enough to admit if you were wrong.  So I stand corrected!

Whenever I read about China censoring internet access to its citizens, forcing Google and Yahoo to not show certain sites, I smile a smug, holier than thou smile and shake my head about how a government can do that to its people and get away with it. Why would those people put up with it?  So I must say "in a day that will live in infamy" I was very chagrined to read this article in Wired by Noah Shactman, reporting that just about any site with the word blog in it is banned from our troops in the Air Force.  From what I understand this is limited to the Air Force and not our other armed services.

I use the term our troops, not their troops, because this isn't some foreign, totalitarian country or despotic dictatorship we are talking about, where the troops have to be watched so they don't cross over to the other side.  These are the men and woman who put their butts on the line, risking their lives every day for us all to enjoy the freedom to read any damn site on the internet we want to.  The irony of these very same front line heroes who provide the blanket of freedom that we all sleep under, not being able to read any blog they feel like is not lost on me and should not be lost on you either!  If they are smart enough and good enough to protect our country they should be smart enough to be allowed to choose what they want to read on line and should have the freedom to read news and commentaries on blogs as they see fit.

The idea that we are censoring the news our service men and woman can read disturbs me on many levels. Besides what it says about a lack of trust in our troops, it also disturbs me that someone actually says "they can still access news sources that are "primary, official-use sources," said Maj. Henry Schott, A5 for Air Force Network Operations. "Basically ... if it's a place like The New York Times, an established, reputable media outlet, then it's fairly cut and dry that that's a good source, an authorized source,"  Who decides what primary, official-use sources?  It gets worse, "Often, we block first and then review exceptions," said Tech. Sgt. Christopher DeWitt, a Cyber Command spokesman. Shoot first and ask questions later, huh?  The arrogance of this galls me. If you told me this was some North Korean General or Politburo member from the old Soviet Union, I could see it in a second.  But spokespeople of the US Air Force?  Where have we gone wrong?

Some make the argument that blogs are not really media outlets. Can the people making policy at the Air Force be that naive?  Others say that there is so much BS on blogs that Air Force folks are "baited" into commenting and possibly giving away operational security information.  That sounds to me like a social engineering problem, not a blog problem.

Yeah, I know there is a war on.  Are we afraid our Air Force men and woman are going to all go to some Arabic-Al Queda web sites and be brainwashed?  Is their some terrorist worm they will get by going to a web site that spouts ideas different than "primary, official-use sources?  What scares the Air Force so much that they would take such action?  If you feel like I do about this, lets do something about it.  Lets write to the Secretary of Defense, Joint Chiefs of Staff, Congressmen, Senators, whoever, but lets return freedom of the press and freedom of speech to our troops who put their lives on the line so we can enjoy those rights!

Authors note: So based on some of the comments I have received from military types, I feel compelled to clarify. I get that the element of surprise could be lost by service members posting on blogs.  That could be lost by talking on cell phones too, instant messaging or email for that matter.  What I strongly disagree with is the blanket characterization that blogs are not newsworthy and censoring those points of view from service men and women.

Also this is not an anti-American or anti-Bush thing, so please don't wrap yourself in the flag on this.  To me it is plain and simple freedom of press and speech.  Have a no comment policy, but let people read what people say and don't tell people what are good sources of news and what are bad sources of news.

A couple of weeks ago Parag Khanna had an article in the NY Sunday Times Magazine called "Waving Goodbye to Hegemony". I thought this was one of the most important and enlightening articles I have read in years.  For me it crystallized up my own thoughts about what is going on in the crazy world we all live in. The gist of the article is that over the first decade of the 21st century we have seen a fundamental shift in the distribution of power in the world.  While we were busy fighting a crusade, the so called peace dividend of the post-cold war "new world order" never materialized and the unipolar American hegemony that was going to bring peace, prosperity and democracy to the world never materialized.  Instead we find ourselves increasingly in a multi-polar world with two budding new superpowers (could Europe and China really be new?) - the European Union and China, competing very successfully, filling the vacuum we have left in many parts of the world.  There has been no lessening of violence or new golden age of mankind. Instead it seems like more of the same old, with the peoples of the world vying for more and more scarce resources.  The only thing for sure is certainly we are all interconnected economically more than ever.  This presents its own unique challenges and strategies. Who knows how the rest of this century will play out and whether or not it will be another "American Century" or not.  My blog is also not the right forum to explore my feelings on this topic either.

However, while reading an article in InfoWorld by Galen Gruman today on whether it is "Time to dump Windows", I was struck by the parallels (no pun intended with the Mac VM program which enables so much Mac adoption) between Microsoft and the US.  Like the US, about 10 or 15 years ago Microsoft was officially declared a monopoly.  It was the one true superpower of IT. Yeah, Larry Ellison and Scott McNealy could tweak Bill's nose and drive fast cars, boats and planes, but lets face it they were midgets compared to the Redmond giants.  Microsoft rolled over competition like Lotus, Wordperfect and Netscape the way we did Mexico in the US-Mexican war. They even invested in Apple to prop them up as a potential rival like the US did in setting up banana republics. By the late 90's did anyone in the mainstream dare to speak out in public about Microsoft being potentially vulnerable and competing with them? Quite the contrary, companies who found out that Microsoft was entering their space would roll over and die.  I didn't think I would live to see in my lifetime so much talk of Microsoft being a dinosaur and not able to compete.

But as I wrote about last week, it seems articles like Grumans are the topic du jour. It is quite fashionable to say that Microsoft's time as the undisputed alpha dog may be drawing to a close.  They are under attack via the SaaS/Web 2.0 space from Google (and who knows what a Google dominated world looks like, it could be the frying pan to the fryer), their OS monopoly is being eroded like a bite out of the apple everday by shiny silver laptops and sleek wide screen monitors.  On the server front, Linux continues to capture share. The specter of thin clients running some java based non-windows OS still hangs out there.  The list goes on and on.

So is it the sunset of the American dynasty and Microsofts?  I think not.  As I wrote earlier, rumors of their demise are pre-mature. Yes, all things change and one company or country (or political party or sports team for that matter) cannot dominate forever.  But just because viable competitors come to the fore, does not mean that great companies or countries shrivel up and die.  In fact good competition can drive these old dogs to learn new tricks and become greater than ever.  I for one would not vote against either Microsoft or the US in the coming years continuing their pre-eminent positions in the world.

by a severe toothache. I went to the dentist last week and don't understand why he didn't just pull it then.  Actually the story is that he advised an implant that is not covered by insurance and costs 2,000 dollars plus the crown and such.  On top of this he said they had to order the implant and I had to come back with someone to drive me.  So they made my appointment for the 22nd.  What was I thinking, that I could walk around with a toothache for 2 weeks!

I flew to Colorado Sunday night and by Monday morning my face was swollen.  On the way back to Florida and getting this tooth pulled tomorrow, implant or not.  There is no pain worse than a tooth ache! I think I am going to file this one under rootkits.

When it comes to Microsoft, I am not alone in wondering what is next.  With Bill Gates retiring (click here for a great video on Bills retirement), more people using Macs then ever and almost universal grumbling about Vista, how will Microsoft retain its dominance and fight off Google and the rest of the pack? I read an article today that gives us some insight into how. It talks about Microsoft's plans for video ads on the shopping carts you use at the supermarket.

When I first saw this article my first thought was, "great, just what we need, more ads in our lives". So this is what they were going to do with the aQuantive technology they paid 6 billion for? But the more I read, the more impressed I was. Yes the serving of ads is a vital piece of this technology, but it goes far beyond that.  It starts with you registering your supermarket loyalty or discount card on the web.  Then you can actually type up your grocery lists on the web.  When you get to the market and get your smart cart (a whole new meaning of shopping cart and e-commerce), you swipe your card and your grocery list is automatically displayed on the carts console.  The carts have RFID technology that will allow it to sense when you are near any items on your list and alert you.  As you put the items into your cart, you scan them you are given a running tally and the items are marked off of your list.  Checkout is a breeze at that point. You just swipe your credit card and off you go. Pretty damn cool if you ask me!

The ads will be targeted based upon where you are in the market and your past buying habits.  Yes, it is a little big brother and the potential to bombard with ads could make this whole thing to annoying to use.  But I think the potential to revolutionize the way we shop in the supermarket is amazing.  The ShopRite supermarket on the East Coast is going to test the system soon.  Next time I am up in the area I may check it out myself!

Lt Gen Steven Boutelle was the CIO (or G-6 in Army speak) for the US Army for the past few years.  As such, Gen Boutelle led IT modernization and upgrading of the Army's network.  As is often the case with our military, Gen Boutelle who just retired, today started his new gig as VP of the Global Government Solutions Group at Cisco!  Now I know what you are saying: "Whoa, what is this"?  The guy who was in charge of buying all of the network and security gear goes to Cisco right after retirement and will be back selling Cisco to his friends in the government? What is wrong with that picture?  Well before you go to far, you should know that Cisco did not announce the hiring of Gen Boutelle until shortly after the Senate confirmed his successor.  Well, that makes me feel better.  At least they didn't announce his hiring before someone was appointed taking his place, but I wonder when they actually hired him, not when they announced it.  But that and the whole idea of retired government employees selling into the government can be the subject of another blog, another day.

All of the above was reported by the way, in this article on GCN.  It seems from the article that Gen Boutelle is very excited about one of his tasks which is leading Cisco's internet routing in space initiative or IRIS (you have to love military acronyms, but I thought eEye already had that one).  Supposedly by using IP routing on space communications you can get a 7 to 10 times bump in throughput.  That is nothing to sneeze at and could have huge implications beyond just military uses.  Cisco has already used a modified a router on a NASA satellite in 2003 and is expecting to have a router it will put into orbit (didn't know Cisco had orbital launch vehicles) in the 2nd quarter of 2009.  This could open the floodgates to a major shift to IP based communication in the satellite industry.  

Can you picture William Shatner (surprised Cisco has not hired him too) right now saying., "Space, the final IP frontier.  This is the voyage of the self-defending network, going where no router has gone before."

Amazon? Best Buy? Comp USA? Maybe some other hi-tech gadget store?  Well if you said Wal-Mart you are in the majority it appears.  Believe it or not the Bentonville machine was the leading retailer for flash drives and flash cards in the US. I guess why shouldn't hi tech items be any different than anything else that you can sell.  Can it be long before Wal-Mart becomes the leading retailer of computers as well?  Just another sign that the apocalypse is upon us.

According to this article in the NY Times some good old fashioned "irrational exuberance" has returned to the world of tech valuations.  I say, welcome back and please stay as long as you can.  Looking back at the first dot com bubble, I tend to think of them as the "good old days", you know when dollars were dimes and everyone and anyone had a chance at quick millions.  It was sort of like a game of hot potato.  As long as you didn't get caught with the potato in your hand when the music stopped, you were fine.
What leads Brad Stone and Matt Richtel to think that we are seeing a resurgence of dot com mania?  Well from the chart to the left you can see some of the values associated with some tech companies that don't seem to have the revenue to justify the lofty values.  One thing I learned early on is that something is worth, only what someone is willing to pay for it.  So in spite of the fact that Facebook probably has something like 1/32nd of Yahoo's revenue, it could be valued at half of what Yahoo! is, if someone is willing to pay them for it. Same for Google.  How can it be worth more than IBM?  Hey if someone is willing to put the money up, it is worth it. Same goes for some of the other examples in the article.

I don't buy into the religous "it is a new paradigm" story based upon the unlimited potential of the net.  Frankly I have heard that before in tech and in real estate for that matter as well. I am jaded enough to know that what the market giveth, the market taketh away.  Just as in the first dot com bubble, the housing/mtg boom and other boom/bust cycles, this latest one will also pass.  My advice to anyone in the middle of it is to ride it for everything it is worth and just make sure when the music stops, you are not the one holding the hot potato.

My bud Michael Farnum has an interesting, yet naive post up about using friends as business contacts being potentially dangerous.  I think Michael being new to the "sales game" shows that he has a lot to learn about networking (I don't mean ethernet either), friendship and business. Michael's point is that when you "use" a friend to get into a potential new customer account, you run the risk of damaging the friendship if things don't go well.  My reply in short is, "nothing ventured, nothing gained", Michael.  But lets dig deeper.

I think there is a ton of business done through friends and acquaintances making introductions. In fact it is the norm rather than the exception. I also think it says a lot about you and your friends expectations around your friendship if you think that the fact that your companies products or services didn't work as planned would kill your friendship.  In sales this is a classic example of sales reluctance.  Many unsuccessful sales people suffer from sales reluctance and not wanting to risk a friendship is only one type of it.  Here is a chart inspired George Dudley, the founder of Behavior Science Press.  It is his dirty dozen of sales reluctance as explained by Sales Champions:

The Twelve Faces of Sales Call
Reluctance®

Michael, you fall under the separationist category.  You are losing 3 new accounts every month!  What is interesting, is if the friends contact you, then it is OK to go in and try to "help" them.  What happens if it goes south from there?  Is your friendship OK because they came to you?  What difference does it make who came to whom.  If both parties recognize you are trying to help and doing your best, there should not be any long term effects to the friendship. Don't worry Michael there is still hope for you yet.

What about the rest of you?  Do you recognize any of your own traits in this chart?  Are any of these holding you back from success?  Don't think it is just selling products either.  Remember in one way or another we are all always selling.

Steve Tobak, of Invisor Consulting, LLC, over on his C/Net News Blog has a great article up on selling.  While I don't usually push the Zig Ziglar or Jeffrey Gitomer stuff, something about this article rang true to me.  Steve started out talking about the stereotypical negative image of sales people as being pushy with no self-respect.  But then he makes a good point.  All of us in one way or another have to sell at one time or another. And importantly, we also need to be successful in selling, when we do it.  Steve uses a term my grandmother used to say about children.  Selling isn't a bad thing, it "is misunderstood". My grandma used to say there were no bad children, they were just misunderstood. Selling according to Steve is capitalism in its purest form.  So here according to Steve Tobak are his 10 rules to help you sell more effectively:

1. Be knowledgeable. Also, be prepared. Know your material cold, and that includes knowing how you stack up against the competition and anticipating what may come up. Knowledge and preparation also facilitate effective selling by helping you feel more confident and
   less nervous.
2. Be yourself. If you try to be someone else, or something you're not, you'll fail. Just don't even go there. If you think you're lacking something critical to sell effectively, then learn it or get it. Or maybe you're just on the wrong track. But don't fake it.
3. Be honest. If you believe in yourself, your ideas, your product, whatever, you'll do just fine. Also be forthright, don't beat around the bush. Strategic positioning is one thing--a good thing--but bullshit or dishonesty is bad news.
4. Be persistent. Also, be patient. That doesn't mean don't take no for an answer. Sometimes it's best to give up the battle to win the war. Have faith in yourself, the rest of the universe, and karma. Things really do work out for the best. And if they don't, worrying about it won't make a difference.
5. Be concise. Be crisp, focused, pithy. Don't be verbose, annoying, time consuming, selfish, or a pain in the ass. Don't abuse the audience's or the customer's time and patience. Goes hand-in-hand with being respectful.
6. Be creative. Also be open, collaborative, flexible, a problem solver. The concept of value proposition is based primarily on solving a tough problem better than others can. If it was easy, they wouldn't need you or your product.
7. Be respectful. Respect the audience's or the customer's and right to make their own decision. Be respectful of your competition, as well. Crisply state your selling points, then stop and wait for questions. If you lose, be gracious and you'll win the next time. Don't be arrogant.
8. Be there. Answer the phone, show up, make yourself available, whatever it takes. Also, be present, in the moment, in real time. Interact. Take it one step at a time and trust the process. Don't fire off an e-mail or a phone call and then go into hiding.
9. Be brave. We all have fears. Be afraid. Not only is it normal, it's a critical survival skill. Courage is being scared, recognizing your fear, facing your fear, and doing the right thing anyway. Don't try to block fear; you can't, at least not without creating bigger problems.
10. Shut up and listen. Selling is not about talking, it's about listening. When you listen, you hear what your customer or whoever is looking for. Then you can tailor your responses appropriately and, if you're on the ball, make a connection.

I have never seen these put quite like this, but I like it. Maybe it can help you sell, no matter what it is you are selling!  Thanks to Steve for sharing.

Somehow I remembered that today is the two year birthday of this blog.  What a long, strange trip it has been.  What started out as something of an ego-driven joke has become a major part of my life.  Below is a reprint from my first blog article, the usual "Welcome to my blog":

October 01, 2005

Welcome to my Blog

Hello and welcome to my blog! If by chance you have stumbled across this site, my name is Alan Shimel. I am the dad of 6 year old Landon and 4 year old Bradley.  My wife, Bonnie and I have been together for almost 20 years, 16 of those married!  I am the Chief Strategy Officer at StillSecure, a Louisville, CO based provider of a suite of network security software.  I live in Boca Raton, Fl, having moved here almost 4 years ago from Long Island, NY.  Pretty much everything you read on this site will have something to do with one or more of the people, places and things mentioned above.  Working for a company near Boulder, CO and living in Boca I think gives me a unique view of things, as you could not get two more different, yet similar places. It keeps me balanced I guess, though I spend an awful lot of time on the road across the US anyway.  Well I hope you will stop by and monitor the site and hopefully I will post something worth your time.

I guess with reading "The World is Flat" I am thinking about the whole outsourcing thing a lot more and how America can compete in a flat world. Dave Rosenberg over on the Open Sources blog has an interesting article that I think helps illustrate my view on this. The article notes that Wipro, the giant Indian outsourcing firm plans to open a software design center in Atlanta and will hire about 500 programmers over the next three years.  Dave talks about possible cultural differences that will make it interesting and challenging.  I don't think it will be any more challenging than Toyota or any of the other foreign car manufacturers opening plants and building cars here in America.  They will find the American worker not as lazy or ugly as advertised.  They will find them incredibly productive given the right incentives and environment.  Enough so that it makes sense for them to bring jobs here. Now you can say that Wipro, Toyota, etc are foreign companies and so they are profiting from the fruits of American labor.  But are they any more foreign than "American" companies? I think not. I think where the plants and offices are built and where people are earning good livings is what counts.

In fact I think this is the future of all of this outsourcing. Yes there are short terms differences in labor costs versus productivity as many former developing companies join the flat world.  But just as the Japanese found out, when workers who may be envious or contemptuous of our decadent lifestyle get a taste of the good life, they become not very different that Americans.  They want big cars, iPods, cell phones, good things for their families and a nice place to live and learn. Then they want to take off to take some time to smell the flowers and enjoy the good life.  Soon the advantage that had capital moving there begins to wane.  I think the relative costs begin to come into balance and the many advantages of the American labor force who have dealt with working through the "good times" come into play. 

That is not to say that we have some inalienable right for high paying jobs to automatically come here.  It means that we still have many advantages to leverage and that we should not fear other countries becoming more developed.  That makes them bigger consumers for our products and makes each of them a "little bit American" themselves.  It is a brave new flat world that we live in and in which our children will grow up in.  However, it is one full of opportunity for more people than ever before including us here in the USA.

Like most of you, I had a great holiday weekend.  Spending time with Bonnie and the kids, swimming, bowling, movies, BBQ, tennis, etc. Watching a little bit of the Jerry Lewis MDA telethon (another big year for Jerry's kids, I hope it will lead to some breakthroughs). You could get real used to three day weekends couldn't you?  Sitting down tonight to finish editing this weeks podcast, I was thinking a bit about the idea of holiday weekends.  It seems that Memorial Day weekend and Labor Day weekend have become the bookends to the beginning and end of Summer.  On Memorial Day, I think most of us get it that it is about a day of remembrance for all of those who have given life and limb so that we may live free.  I am not sure how many of us actually take the time to reflect on that during Memorial Day though.  But I would venture that more of us do that, than take a moment to reflect on the true meaning of Labor Day.

For those who may not know Labor Day was set aside as a national holiday in 1894 to commemorate the organized labor movement in this country.  Through ups and downs, depressions and boom, the American labor movement thrived. In its heyday in the 50' nearly one half of all US workers  belonged to unions.  Of course that seems now like ancient history and no one can argue that labor unions have as much influence or relevance as they once did.  I remember being younger and many older folks arguing passionately about the good or evil of unions.  You don't hear that much anymore. Instead, maybe the holiday should celebrate the American worker who strives to be more productive and competitive in this new flat world (check out Friedman's book in the left column) we must all live in. 

In any event it sure is nice to have the long weekend, no matter how you feel about labor unions, American workers or anything else.  If you are interested in more on the topic, former Clinton Secretary of Labor, Robert Reich has a good blog article up on this subject. I also found an interesting article along these same lines from the Kansas City Star's, KansasCity.com.  Maybe next Labor Day or before, you can take a moment to think about America's laborers and what the labor unions meant to the people of this country.

According to this article in ComputerWorld, the analysts at Burton Group think that within the next two to three years we are going to pass an inflection point where wireless network technology will actually start replacing traditional ethernet switches. In fact they think once that point is reached, we will see a rapid shift away from wired to wireless. Of course driving this is, increased mobility of users, ease of deployment and reduced cost of deployment. 

I disagree.  I think wireless has a place in the LAN but don't see it just replacing the wired network.  I think security concerns, especially DOS attacks are a factor to be considered. But by far is I think the drive to 10GB ethernet and beyond.  Wired technology seems to increase bandwidth and speed at a rate that keeps it ahead of the transmission rates of wireless.  With applications that will use this increased bandwidth (video, voice and data or triple play as they call it) proliferating, it will continue to provide an advantage to wired infrastructure.  So I guess I would not be selling my stock in Foundry, Extreme HP ProCurve, etc just yet.

"In focusing on the larger enterprise clients, which can require substantial resources, we had been forced to take our eyes off the ball a little bit from the ability to keep focusing on the larger marketplace, be it medium-sized businesses or [smaller] organizations," he said. "So we had a little bit of struggle in being able to address the lion's share of opportunities out there and that deflated a little bit of the momentum."  - Kamal Arafeh, CEO eEye Security

So says Kamal Arafeh, CEO of eEye Security in this article by Bill Brenner on Search Security.  I think Bill's article tries to paint a picture of small security companies struggling for viability and stability and winds up spreading a little FUD around dealing with stand alone private security companies.  I think this does a disservice to the many private security companies out there who are doing a good job on executing against their business plan and providing their customers great value and more innovation and responsiveness than some of the monolithic competition.  However, as I said in the article, any company - public or private, big or small who says they could not be the potential target of an acquisition by another company is not in touch with reality.  That is a fact of the world we live in today.

With that out of the way, lets look at what Kamal says.  The problem he outlines is one that many companies face.  There are so many markets, each with their own distinct needs. How can one company possibly have the resources to give each their due.  A recent look at our own sales efforts showed that we were selling to large enterprises, SME, SMB, federal markets, state government, VARs and resellers, OEM customers, inside sales, outside sales, direct, indirect, etc.

No company can be everything to everyone.  So what to do?  Do you cut out some markets?  If so, which ones?  That is the tough part.  Obviously the answer is to go through and see where you are getting the most traction, which markets offer the greatest return and what your investment has been in each of these markets.  After all is said and done, the tough choices have to be made.  There will always be room for second guessing, but I think you make your choices and then full speed ahead on execution.  At the end of the day more companies fail because of a lack of execution, then fail for picking the wrong markets to pursue.

The seduction of the big deal

One thing to be careful for is the seduction of the big deal. I think this is what happened to eEye and is what Kamal is talking about.  It has happened to others before.  It is very easy to become enamored by the big numbers of one big deal. It seems a lot easier closing one very big deal, then many smaller ones.  However, this could be deceptive. Often that big deal has hair attached that drives you to unnatural acts and to do things that are not repeatable or desirable to the market at large.  It also makes you more susceptible to the whims of just one customer and too dependent on that one revenue source.  As counter-intuitive as it may seem, it may be better to spread it around and have many smaller customers rather than one big one.  My philosophy is that if what I am building for a customer is not useful to other customers, it is probably not worth doing.

Anyway, enough rambling on this.  There are lots of great security companies out there who execute every day of the week.  There is also the never ending practice of making your business better going on all the time.  I think Bill's article takes a snapshot in time of this process but it should not dissuade anyone from dealing with independent security vendors.