Heading to San Francisco for the RSA Conference? The largest event for IT security pros offers education, social networking and... well, numerous cocktail receptions. If you’ve attended before, you know what a whirlwind RSA becomes, and you understand the overwhelming desire to take a breather between endless meetings and scheduled events.
For that reason, Schwartz MSL is sponsoring-- for the second year in a row-- the Disaster Recovery Breakfast hosted by Securosis. It's being held on Thursday, March 1 from 8-11 a.m. at Jillian's in the Metreon (pretty much right across the street from the Moscone Center).
No need to worry if 8 a.m. is too early for your liking, or if you need to head out before the end--there are no speakers to listen to or materials to read–so come and go as you please. Relax, grab some food, and even pick up some "recovery" items to start your day off right.
We look forward to meeting some new people and seeing some friendly faces.
If interested in joining please send a quick RSVP email to rsvp@securosis.com.
(Editor's Note: This post was written by Lauren Bocskocsky, member of the Schwartz MSL IT security practice.)
The July 15 deadline for RSA Conference 2012 speaking submissions is only a few weeks away. Senior Content Coordinator of RSA Conference Jeanne Friedman was nice enough to chat with me on the phone to get the scoop on the submission process. While many of us listened to the RSA Conference speaking submission webcast, there were a few things that I wanted to clarify.
Question: Can you explain what a track is? Can a speaker be in more than one track? Answer: A track is a certain category for a program. For example, “Hackers and Threats” is a track. For the first round of judging it does not matter what the topic is. For the second round submissions are placed into a category or track. There are 12 to 14 tracks.
Question: What is the least popular track? The most popular? Answer: The least popular track is “War Stories.” This track involves lessons learned sessions. “Professional development” is also small as well as “Mobile Application.” The most popular tracks always seem to be “Strategy and Architecture,” “Cloud,” “Hackers and Threats,” and “Identity Management.”
Question: Who are the judges? Answer: The judges are from outside vendors and are CISOs, lawyers, or experts in a particular field.
Question: What levels of submissions are most competitive? Answer: Intermediate has the most entries. For advanced it depends on the topic.
Question: How many submissions is too many? Answer: There is no specific number, however three good submissions in very different topics is best. Judges do not like to see the same speaker submitting multiple submissions because they like to give everyone a chance.
Question: Do you have to submit a pre-packaged panel or can you submit a panelist? Answer: You must submit a full panel. A good tip is to look around the agency to see if speakers can team up from different clients.
Question: You spoke about submitting an optional video. How “optional” is the optional video? Answer: It is optional. If a client has a speaker series, and they have poor ratings from previous conferences it is a great way to show the judges the speaker has improved. For new speakers it is a great way to show the judges how charismatic they are--to make the judges remember them. A tip for the video: use the three minutes to explain what you will talk about in your session.
Question: Following up on that, has the added video ever hurt a submission? Answer: The video has never hurt a submission. However, it can change a judge’s opinion in the submitter's favor.
Security PR pros are facing a hard deadline of July 15, when RSA Conference 2012 speaking submissions are due. As you may recall from last week, I highlighted sins for submitting speaking abstracts to the RSA Conference. In today’s post, I will finish up the series sins and discuss a few more tips.
7 Sins of Submitting (cont.):
5. Submit a session based on pure speculation and no evidence -- Without evidence, speakers will lose credibility with their audience. The presenter must be able to explain the actual implementation of what they are speaking about.
6. Submit a session that is completely inconsistent with the speaker’s bio or experience -- The judges are very conscious of the presenter’s title to ensure the session will not be too high level. They understand that acquisitions are happening frequently, so if the presenter has a marketing title you may want to consider teaming them up with someone more technical.
6a. Submit little detail on your session except your bio and title- Sessions are picked based on merit, and if your submission is not interesting it will be rejected regardless of how impressive the spokesperson's title or bio may be.
7. Submit a panel with people that never actually agreed to be on your panel -- RSA noted that this happens every year. If you cannot confirm that every person on the panel will participate by the July 15 entry deadline, the submission with be rejected. To ensure a complete entry (including all speaker bios and confirmation), lock in the speakers early, especially when working across time zones.
Bonus Sin: The RSA Conference organizers urge vendors to avoid delegation of submission writing to marketing agencies. Now, Schwartz teams help their clients create RSA speaking abstracts all the time, and many of the abstracts we have worked on are accepted. I think the point of the conference organizers in bringing up this sin is to note how oftentimes a marketing organization or agency does not have the depth on a given topic necessary to complete a submission. The submission must be comprehensive, and oftentimes if the agency is left to compelte it, the shallowness of the submission comes through. In addition, if the presenter or presenters write their own abstracts, the writing will be more passionate.
At Schwartz, we have established a successful process of guiding our clients as they create their submissions, and often, as noted above, we write submissions or portions of submissions. Our process, however, is set up to avoid the pitfall that the conference organizers are worried about. The process ensures that the passion of each submission shines through and that the presenters contribute to the abstracts.
ULITMATE Mortal Sin: Don’t submit -- 2011 had a large number of first time speakers. Since the selection process is purely merit based, RSA encourages speakers at all levels to submit.
After the webcast opened up for questions, I found one question to be particularly interesting.
What is the likelihood of new speakers being accepted over past speakers?
Answer: The judges consider a few checkpoints when judging submissions. First, the judges look at the short abstract to see if they're compelling. Then if the short abstract catches their attention they move to the long abstract to see if the presenter can deliver upon what they say in their short abstract. The third important factor is the presenter’s bio. Does it match the session? Finally the last piece of information the judges consider is if the speaker has presented at RSA Conferences in the past.
If the speaker received good presentation scores at previous RSA Conferences, then it will help the submission. However, it reflects poorly on the submission if the speaker has poor scores.
Look out for my next blog post where I conduct a follow-up Q&A with Jeanne Friedman, senior content manager of RSA Conference.
July 15 may seem far away, but as highlighted by the presenters during the the RSA 2012 speaking submission webcast, this deadline will come up quickly. In addition to announcing that its call for papers is officially open, RSA held a webcast yesterday to answer some common questions about the submission process and to share some tips for getting accepted.
While many husbands and wives are relieved that the conference is avoiding Valentine’s Day this year, Jeanne Friedman, senior content manager of RSA Conference, noted one of the most important pieces of information right at the beginning of the webcast. Unlike last year, there will be NO extension on this year’s July 15 deadline. Friedman also advised to get your submission in early and not to wait until the last day to submit.
Among the many useful bits of information of the webcast, I found it particularly helpful to know how the selection process works and what the judges are looking for in a submission.
Here are a few things the judges look for: • A submission to be unique and compelling • A submission to pull from experience to share best practices and case studies • A submission to be geared towards security professionals with 9+ years of experience
Once a speaking session is submitted to one of the 23 topics, all the submissions go through a first round of judgment to weed out incomplete abstracts and submissions that are deemed, “product pitches.” The submissions are then placed into a track, or specific focus area, where two-three judges are assigned to review all abstracts for the final round.
In order to ensure a strong submission, Program Committee Chair Hugh Thompson and Friedman came up with “The 7 Mortal Sins and Wins of submitting (for RSA Conference).” In this section they clearly defined the do and don’ts of a good speaking submission. Below I have included the top reasons for rejection and the first three of the seven Mortal Sins.
Reasons for Rejection: • Incomplete submission • The submission is a sales pitch • The presentation is too basic • The long abstract did not include enough information • Multiple submissions on the same topic • If the presenter’s title does not match his bio (i.e. a technical presentation with a VP of marketing presenting) • If the presenter received poor speaker ratings in 2010
7 Sins of Submitting:
Ignore the long abstract- Do not copy and paste the short abstract into the long abstract. In addition to adding good detail to the long abstract it is recommended that speakers outline what they plan to cover in their session.
Submit a sales pitch- This could be considered by the judges a “mortal sin” and an easy way for your submission to get rejected. The delegates that attend the sessions are very sensitive to sales pitches and are most interested in a case study that provides insight and best practices on a topic.
Submit a superficial talk- If the talk is too high level speakers will lose credibility with the delegates. When creating a submission, speakers should ask themselves what specific insights they have to share on the topic they are submitting.
Be boring, bland or unoriginal- Keep in mind that the judges are real people and that they want to be captivated and entertained while learning something new. Remember that the judges have to read hundreds of applications and they want something that will stand out from the rest.
By virtue of the strength of the Schwartz IT security PR practice, more than a dozen Schwartz practitioners were on the show floor at the Moscone Center during the week of Valentine's Day this year. We visited tradeshow booths, attended keynotes and observed the show from a high level.
A couple of Schwartz team members also covered the show from afar, noting trends that reporters and bloggers tracked in their own writing. Several weeks removed from RSA Conference, the IT Security PR practice group collaborated on an eBook written by Tiffany Darmetko, Katerina Korfias and me. We decided to quickly review what we observed at the show and also what key reporters and bloggers wrote about as they covered the conference.
Everywhere you turn, someone is using his or her smartphone. Whether you’re addicted to your BlackBerry or you can’t live without your iPhone, smartphones are taking over the mobile world. Browsing through mobile applications has become part of the smartphone culture; we look for an app that will make doing XYZ a little easier in our lives. However, unsuspecting consumers need to realize that mobile applications are one of the greatest threat vectors for smartphones.
“Smartphones are appealing to cybercriminals because they contain vast amounts of data and are always connected to the Internet,” said RSA panelist Joseph Opacki during one of the conference's Wednesday discussions on mobile security. While the smartphone works to make our lives easier, it’s also coincidentally making the life of a hacker easier, too. Mobile devices are garnering momentous attention from the cybercriminal community and now security experts understand why.
A director of cyber security intelligence at an IT services and solutions consulting firm, Adam Meyers, agreed that mobile web browsers and operating systems contain vulnerabilities that could be exploited for malicious purposes. Users may begin to encounter malware that exploits these weaknesses via drive-by-download on mobile web sites.
Among other things, one of the main reasons consumers are so addicted to their smartphones is unlimited accessibility to email. This is certainly something to think about the next time you’re scrolling through your inbox and see an email from an unknown sender. During a cyber espionage session at RSA on Thursday, Mikko Hypponen told audience members that, “Almost all targeted attacks happen via email, though some occur during the use of online chat services or web-based exploits. These emails are actually created and sent by attacks; they contain code to trigger exploits that open backdoors on affected systems.”
McAfee CTO George Kurtz made a valid point during his keynote while discussing malicious codes and whether security checkpoints will always stop them before any real damage is made. “If you download something from an app store, are you assuming it is okay? When do Apple or Google have time to go over three million apps with a fine tooth comb?” Based on these ideas, can we start see the world of mobile app scanning take off? Is this really the next step in the fight against targeted attacks?
WikiLeaks – It happened, now what? During yesterday’s “WikiLeaks: The Aftermath” panel, former Black Hat hacker and senior editor at Wired.com Kevin Poulsen claimed that WikiLeaks-style copy-cat sites are on the rise, but they’re taking a new direction. According to Poulsen, "Founder of WikiLeaks Julian Assange made exposing secret documents sexy.” Assange showed us just how much attention a disgruntled employee can cause and now organizations other than WikiLeaks are springing up to support the release of sensitive data.
Take, for example, the recent HBGary debacle. HBGary Federal was hacked by group Anonymous, which ended up publishing thousands of emails belong to company executives. But these aren’t just copying WikiLeaks--these are organizations that are developing technology to make their job easier by better transferring secured data.
When discussing WikiLeaks, the notion of a “cyber war” frequently comes into mind. Many are categorizing this recent attack as the leader that paved the way for a new era of cyber attacks to come in and cause massive damage to critical infrastructure. However, security experts debated this issue during a keynote yesterday. According to these experts, the public needs to fully understand what cyber war is and what it isn’t; the subject matter is perceived as black or white, with no room for gray in between.
Former U.S. Secretary of Homeland Security Michael Chertoff states, “I would consider something that destroys major systems an act of cyber warfare.” He also claimed that the U.S. government needs to work on establishing a more efficient structure of response to cyber attacks. In turn, this would require an increase in government IT security. “If people inside the government see something they don’t like, there needs to be a process for whistle blowing that protects the information in the right way,” said a former member of the U.S. National Security Council staff, Roger Cressey.
The WikiLeaks attacks are not just something of the past; hackers have seen the damage that was caused and that's only adding fuel to their fire. Groups are searching for ways to make their next big hit, especially on an organization that has no infrastructure and no funding. It’s a battle of the fittest, with the strong exploiting on the weak.
As we trek into the third day of RSA, we’re already noticing that many of our pre-RSA predictions are holding true – guess it’s our "sixth sense" for security trends. In an earlier post, my colleague Kristin Allaben suggested that in addition to cloud security, top themes at this year’s conference would include trends in government security and cyber warfare.
Yesterday’s highly anticipated Symantec keynote delivered by president and CEO Enrique Salem warned his audience that the worst of targeted cyber attacks is yet to come. A statement made by Salem left us, and surely the rest of the audience, feeling slightly unsettled referred to a recent, highly publicized targeted malware attack. “Stuxnet was the attack that moved the game from espionage to sabotage.” It seems as though the safety of our critical security infrastructure is at stake, especially with recent movements to the cloud and the replacing of PCs with smart devices. Is our growing adoption of virtualized environments ultimately letting down our protective barriers?
Art Coviello, EVP of EMC and president of RSA, doesn’t seem to think so and remains fairly optimistic. During his presentation, he claimed that virtualization is the silver lining in the cloud. Due in large part to a growing business demand, organizations are rapidly adopting cloud technologies. While this is great for the cloud industry, Coviello stated that it is causing growing concern for security practitioners who are in charge of governing and managing data in the cloud. Automation has become an essential part of enabling security in virtualized environments.
Rest assured though, there is light at the end of the tunnel. Coviello told audience members that the vendor community has been working to apply security principles to their solutions that will enable a secure, trusted cloud. Interestingly enough, we can expect to see predictive analytics being deployed in trusted cloud environments based on an understanding of normal states, user behaviors and transaction patterns.
Check back here tomorrow for additional coverage and highlights of this year’s RSA Conference. We’re interested to see if discussion will continue around security in the cloud or if something new will pop up.
With Schwartz representing almost two dozen security companies at RSA this year, we thought who would be better than our clients to share the latest security trends at the conference. Members of our digital marketing services team (which is already off to a highly successful year) spent the day at Moscone interviewing the brightest executives on the show floor. The results revealed that as we predicted cloud and mobile security are top of mind as companies explore new ways to control today’s blurry perimeter, but also uncovered a few surprising themes too….take a look.
The big news that came from this session surrounded the government’s plans to spend $20 billion on cloud security, at least according to the 2012 budget. Also from this discussion, there were four key areas identified as lacking in clarity when it comes to cloud adoption:
Security
Standards
Procurement
Governance
With these four areas in mind, cloud security has the appearance of remaining a consistent concern, especially when companies consider moving mission-critical applications to the cloud. To try to ease this fear, RSA announced that its Cloud Trust Authority would launch the beta of a cloud security platform later this year. The beta will offer combined identity management and compliance offerings, with the goal of providing a single, comprehensive set of protections for multiple cloud computing services.
Based on all the news we’ve heard surrounding the cloud, some key terms you will most definitely hear in presentations this week addressing this topic include:
Government
Trust
Risk
Security
Concern
Compliance
Regulation
Hesitation
Privacy
Data security
Mission-critical applications
Delivery methods
Confusion
Hack
Forensics
Malware
Cyber war is another hot topic and one with many concerns, especially since WikiLeaks and Stuxnet are fresh in our minds. There is a seemingly continuous stream of potential cyber war threats, though many people are unaware of how to define this phrase. To illustrate just how serious this concern is, RSA has attracted a number of high-level government representatives to speak. This year, Deputy Defense Secretary William Lynn III is presenting an opening-day keynote on the Pentagon’s cyber strategy.
Taking a quick look at new products, something to keep our eye on is the MasterCard “Display Card.” Although it looks and works the same as any other credit card, it is described as having a built-in display to enable cardholders to create a one-time password to enhance authentication. So we have to ask: is this going to protect cardholders from having their credit card information stolen when shopping online?
With keynotes and panel sessions ramping up today, be sure to check back here tomorrow for a recap on some of the hot discussion topics.
While most security companies are pushing new products on the eve of RSA, the Schwartz Communications team took a different approach to secure coverage for Cryptography Research. We pitched reporters for pre-show conversations to discuss the show and learn about CRI’s business, focusing on hiring challenges, and how this represents a significant issue for the security industry overall.
The strategy resulted in the following coverage, which ran yesterday on the front page of the San Francisco Chronicle’s Business Section.
The timing was great, and CRI now has a great piece to show off all week at RSA.
And so it begins--RSA 2011 officially kicks off today. With a “Giants Among Us” theme, the 20th Anniversary of RSA is dedicated to celebrating the industry’s pioneers. This includes a look at the legacy of the RSA algorithm, the history of cryptography and computer security, and a look ahead to the future of the industry.
We’ve highlighted some of the key themes we expect to see come from RSA, some of which seem to be a repeat from last year. Just taking a look at the keynote session titles, anyone can see that cloud security still reigns as an unresolved security topic from RSA 2010. And with Stuxnet making such a splash, especially with the latest news of Anonymous claiming control of the Stuxnet virus, government IT security will once again be a primary topic.
Some additional things to keep our eyes on over the course of the week include:
Government Information Security Today survey—Officials in local, state and federal governments who are charged with safeguarding IT were polled to determine their attitude when it comes to IT security leadership, vulnerabilities, regulations, budget challenges, skills and cloud computing. Data will be announced on Thursday in the session is entitled “Government Security: The State of the Union.”
Collective Defense for Internet Health—Described as a new type of computer “check-up,” Microsoft's corporate vice president for trustworthy computing, Scott Charney, has challenged users worldwide to develop collective defenses to help protect Internet citizens from online threats. He presented the idea that the approach to handling online security issues should be modeled after the one used to address sickness in humans. More information on this idea is outlined in Charney’s whitepaper. This idea is likely to be carried into discussions specific to government IT security.
RSA is literally days away and as companies prepare for the week-long event, we figured now would be a good time to touch upon some of the key trends we expect to see come from the show. This is based on an evaluation by Schwartz's IT Securty PR Practice Group.
Hacktivism—As this buzz word has essentially been thrown around since the Stuxnet attack, this is nothing new. Described as a technical attack coordinated by a third party, attackers are getting better at their means of attacks, for sure, and it generally seems to be politically motivated. Great example is what’s happening in Egypt. There was a call to action via Facebook and other social networking sites. This leads perfectly to the next idea: personalization of attacks.
Personalization of Attacks—We’ve heard it time and time again: People have a false sense of security when it comes to using social networking sites. This generally results in sharing too much personal information online. As 2011 progresses, we can expect an increase in personalization of attacks as a result of data mining via social networks.
Privacy—Perhaps not surprisingly, privacy was one of the most popular topics for RSA submissions this year. People are curious as to what their cloud providers are doing to ensure the privacy and security of their data. People want to know how secure/private their personal information is when accessing their bank accounts on their mobile devices. It all comes down to this: Despite an information overshare on social networking sites, people want their privacy, and they want it to be protected and respected. It’s possible that we could see some discussions regarding legislation focused on privacy controls and policies this year.
Cloud Security—Oh, the cloud. Between commercials that tout it as something all consumers should use and privacy concerns on the enterprise side, cloud security is not something that will take a back burner any time soon. We saw this at RSA last year; cloud security was by far one of the most frequent topics discussed. It will be interesting to see what the Cloud Security Alliance (CSA) has planned for us this year. They are meeting Monday (Schwartz IT security practice group member Heather Craft is attending).
Mobile Security—The proliferation of mobile devices has created a new target for the bad guys. Everyone seemingly has a smartphone and, let’s face it, the security of those devices is less than ideal. With more people utilizing these devices to bank online or to conduct various business matters, privacy and security become key issues (and when we look to the financial industry, in particular, compliance is introduced as another issue). We can expect lots of buzz around the emerging threats to mobile devices.
Cyber warfare—Similar to hacktivism, cyber warfare and cyberwar have risen as buzz words, frequently used with little to no understanding of what they really mean. It’s been used so frequently, in fact, that my parents have been using both of these phrases, and I wouldn’t classify them as “up with the latest technology.” With this in mind, we can expect discussions surrounding the definition of this phrase, as well as a getting a picture, so to speak, of what a real cyberwar would entail.
There is much confusion about many of these terms, for both the general public and the security industry as a whole. Of these terms, only a few have a clear definition, an issue that the cloud has struggled with since its inception (or at least since the introduction to the mainstream media). It will be interesting to see what companies will announce and promote while at RSA this year.
Keep your eye on the Tangled Web (@tangledweb) blog and be sure to check here first for a recap of news to come. I will be joined by colleague Nina Korfias in providing regular acconts of activity from the show.
The many of us who have contributed to the security PR programs at Schwartz appreciate the “no-bull” approach of Mike Rothman, Rich Mogull and Adrian Lane at Securosis. The tone at Securosis is legendary. Our clients find it helpful as they determine the messages that will resonate with prospects and partners. And reporters find their style both entertaining and informative.
Schwartz is teaming with Securosis to host a morning event during RSA 2011 on Thursday, February 17 from 8 until 11 a.m. at Jillian's Billiards Club of San Francisco. Called the "Recovery Breakfast," the event is meant to be a repose of sorts following a week of cocktail receptions and other RSA-related debauchery. For those attending RSA, we invite you to stop by. As noted in the official invite, no marketing will be allowed, just the chance to mingle, wake up and recover from the week's events. You can email rsvp@securosis.com if you are attending to help them get a good estimate of numbers.
The sponsorship of the Recovery Breakfast hints at more comprehensive discussions the analysts at Securosis and the tech PR pros at Schwartz are having about ways we can work together to benefit our mutual clients. Independent, objective Securosis content is a natural fit for content marketing programs that Schwartz is executing for its clients. Content marketing works well when it’s part of a broad communications and visibility strategy. Bringing Securosis content into these programs adds value and increases response.
In keeping with the no-bull nature of the breakfast, we won't discuss possible content marketing programs during the event. We are happy to arrange a separate time at RSA to discuss.
Our three-part RSA recap comes to a close today, but not before delving into one final strategy:
• Leveraging research for media homeruns
Reporters are fans of research and statistics. Not surprisingly, one influential security journalist said much of his RSA 2010 news coverage centered around various research reports released during the conference.
Announcing significant research at RSA can be a show stealer as evidenced by botnet security company and Schwartz client, Damballa. The company conducted an analysis of the Operation Aurora cyber attack that victimized Google and dozens of other businesses. In collaboration with Schwartz, Damballa rallied to complete its comprehensive research report, prepare the accompanying press materials, and set the media strategy in time to debut its findings at RSA 2010. As a result, Damballa reached key influencers, both at RSA and beyond, with media coverage in BusinessWeek, CNN Online, Forbes, USA Today, a host of prominent blogs, and considerable Twitter chatter, among the highlights.
Vendors like Damballa benefit from having a deep bench of specialized security experts on staff. To capitalize on research capabilities for PR purposes, the first step is to determine what, if any, research is currently being done in-house, is planned for the near future, or could possibly be started with brainstorming assistance from Schwartz.
In the absence of formalized research projects in the works, Schwartz has a laundry list of recommended ways for security companies to tap into their market and customer analysis potential in order to produce stats and data. The concept of vendor-commissioned, independently conducted surveys and studies is a topic for another day. But for the purposes of this post, I will say that, at minimum, security companies should encourage their employees who interface with customers to keep an ear out for any new or noteworthy customer inquiries that may indicate an emerging trend. This type of trend identification and analysis helps to fuel the oh-so-important PR thought leadership campaigns we formulate and execute for clients.
Regarding in-progress research projects, Schwartz works with clients to determine which details can be made public, and moreover, their degree of newsworthiness. Chances are there are interesting nuggets contained within that can be extracted and shared with media in a compelling way. We specialize in distilling down the subject matter to find and prioritize key points that will be most interesting to press and strategic to your business. Then, we advise clients on when, where and how to effectively communicate this information.
As we close the book on RSA 2010, let’s take a look back at five strategic aims that, with proper planning and tactical execution, can yield significant PR successes from the security industry’s marquee event.
Today we will cover two of the five: 1) Building a rapport, and 2) Supporting social media initiatives.
• Building a rapport
Developing strong press and analyst relationships takes time, but face-to-face meetings certainly help to expedite the process. The RSA Conference provides a unique opportunity for security vendors to gain exposure to the most influential media, analysts and bloggers that matter to their business—all under one roof over the course of four days.
The simplest of RSA PR strategies is this: Introduce your company to as many key contacts as possible. For those who made media face time a priority at RSA 2010, we at Schwartz spent the preceding months working diligently behind the scenes to arrange show floor meetings.
From a press perspective, the payoff often includes both immediate and long-term benefits. In some cases, instant visibility for vendors comes from meeting with reporters who publish articles during the event that summarize key trends, hot companies and interesting news.
Take, for example, the botnet security company and Schwartz client, Damballa. An in-person RSA meeting secured by Schwartz for Damballa with veteran security analyst and Forbes.com blogger Richard Stiennon led to the company’s recognition as one of only six security vendors on Stiennon’s Forbes Online Best of Show RSA Conference 2010 list.
Then there’s the lasting effect. It takes only a few minutes at RSA to shake hands with a reporter and run through your company’s areas of expertise and value proposition. The resulting increase in name recognition will help to catapult you towards the front of the reporter’s rolodex. The long-term goal is to get writers to turn to you for expert opinions when soliciting story comments from people they consider to be thought leaders on the topic at hand.
• Supporting social media initiatives
Social and traditional media strategies go hand-in-hand. In tandem with RSA press meetings, companies can use the event as a strategic platform to expand their influence using social media channels.
On a case by case basis, we at Schwartz advise our clients on the level of social media engagement that makes sense for them. Many of our B2B security client companies focus primarily on blogs and Twitter.
A well-managed corporate blog provides a great forum for demonstrating your thought leadership and innovation to customers, prospects, partners and press members alike. In and around RSA, blog content would likely include write-ups on your company’s own news, as well as commentary on, and analysis of, industry news and trends cropping up during the conference. With many of our clients, Schwartz is regularly involved in offering counsel related to content creation, as necessary.
To maximize corporate blogging efforts, the Schwartz team shares posts with targeted media contacts. By encouraging online writers to include a link to your company’s blog and reference its content within their RSA coverage, this in turn, drives traffic—including prospects—back to your company’s Web site.
Tweeting from RSA adds merit to your media strategy as well. As outlined in the Schwartz RSA PR tip sheet, Twitter can be used to make short observations about RSA and drive people to your blog posts. Busy reporters, in particular, benefit from Twitter updates as many of them are tied up covering keynote sessions and may not be able to allocate time for booth meetings with vendors.
Case in point: AppRiver. Leading up to RSA, Schwartz encouraged relevant media and analysts to follow secure messaging solutions provider AppRiver on Twitter. Impressed by the quality of AppRiver’s RSA-related tweets, an influential security journalist, Forbes’ @taylorbuley, recommended to his sizable follower base that they tune in to @AppRiver on Twitter. As few as 140 characters can have a big impact on cutting through the RSA clutter and landing you serious street cred too.
Okay, two down and three to go! Stay tuned for my next post on lead generation, leveraging research for media homeruns, and highlighting real-world implementations and benefits.
Kelly Jackson Higgins is senior editor at Dark Reading, an online publication covering IT security. Tim Whitman from Schwartz spotted Kelly on the show floor of the RSA Conference last week and asked her a few questions about the show.
Tim Whitman from Schwartz Communications caught Pete Lindstrom of Spire Security on the RSA 2010 trade show floor. Pete graciously agreed to share his thoughts about the conference.
This is it. The fifth and final day of the 2010 RSA Conference, and it’s been quite a ride. Looking back, it’s clear the cloud takes the gold as the most discussed item, although government presence and increasing cyberthreats picked up speed in the latter half of the week, placing each at a tie for silver, especially since they seem to go hand in hand. Tim Greene of NetworkWorldwrote a very thorough article that explores each of these topics in greater detail.
Taking a look at the conversations yesterday, many revolved around FBI Director Robert S. Mueller III’s speech regarding the increasing threat of cyberterrorism. In his speech, he presented the idea that hackers will continue to enhance their skills and will eventually combine cyberattacks with physical attacks. Along with warnings of foreign nations supporting radical group recruitment via the Internet, Mueller advised any company that finds itself to be a target or victim of a cyberattack to turn to the government for help, promising business confidentiality and safeguards to privacy.
Continuing down the path of government presence within the cybersecurity realm, there are also some (perhaps not too outlandish) beliefs that the U.S. is involved in a cyberwar…and we are losing. Cybersecurity Czar Howard Schmidt denied the existence of a cyberwar saying it’s a terrible concept and further explaining that it’s an environment where no one can win. To reiterate what has been discussed in previous posts, Schmidt’s priorities for the year include better end-user education (something most security professionals say over and over again is a key area of improvement), information sharing and better defense systems.
There was also talk yesterday of the real benefit of using end-to-end encryption within the credit card industry, increasing ID theft within the healthcare industry and fraud. Interestingly enough, there were also discussions of robotics and the changes this advancement would introduce to society.
For the final day at RSA, anticipate continued discussion of increasing cyberthreats, but be prepared for a slight twist on the conversation, as many sessions today will discuss cybersecurity trends, digital forensics, encryption and identity/access control.
For those of you traveling home this weekend, safe travels and we’ll see you next year.
Walking the floor of RSA 2010 in San Francisco is a lesson in over stimulation. As is the case with many other trade shows, vendors are constantly trying to grab your attention. The ways they capture your eye, and more importantly your time, vary.
The contest is a popular one. I saw live trivia game shows and a game where two contestants tried to grab and shove ping pong balls flying within a wind tunnel. I also saw the standard "give-us-your-business-card-for-a-drawing" offer. One vendor was giving away iPads. (I didn't know they were even available?)
When it comes down to it, though, the most attractive booths were those that gave away food and drink. I have to admit even the popcorn stand at one booth was very attractive (popcorn scent travels far). The Qualys (Schwartz client) booth, pictured below, had a full-length bar in the center of the booth, and from that location gave out a variety of concessions. Soda was available all day, and at certain times I spotted beer and sliders (those mini little hamburgers).
It's not a huge surprise that those vendors catering to our most basic needs receive the best response. How hamburgers relate to IT security? Well that's another question entirely, I guess.
The government. Microsoft. Cyber threats. The bulk of conversation at the RSA Conference yesterday focused on these three topics. Let’s take a minute to explore each one.
The Government—As I mentioned in yesterday’s post, federal employees are stepping up to the mic to discuss cybersecurity and awareness to better detect and prevent cyber attacks. Between Einstein, the increasing adoption of the cloud and the still vivid memories of Aurora, there's little doubt of the widespread need for better cyber security. According to White House Cybersecurity Coordinator Howard Schmidt, the U.S. is ill-prepared for a cyberwar.
Lawmakers are making an especially hard push to advance a comprehensive cybersecurity plan, especially now with the U.S. cyber czar position filled. Based on Schmidt’s presentation earlier this week, we know the government is gearing up for a few things to occur over the next year:
Widespread adoption of cloud computing
Significant improvements in cyber security
Better working relationships between law enforcement and the private sector to more effectively fight cyber crime
Instant response plan for cyber-emergencies
Better transparency in government
Although each of these plans are stated with good intentions, it will be important for our government to remember one of the many lessons taught at RSA this week: avoid the excess hype surrounding a cyber threat and/or attack. Why? Because many dangers surround an overhyped threat, especially when you consider many consumers don’t really understand cyber threats.
On a “fun” note, however, Janet Napolitano, the Secretary of the U.S. Department for Homeland Security (DHS), announced a competition to encourage the industry’s “best and brightest” to think of creative ways to better enhance the security of computer systems and cyber networks. Known as the National Cybersecurity Awareness Campaign Challenge, ideas will be accepted through April 30, 2010. Winners will receive DHS funding to better promote the idea to a wider audience.
Microsoft—Scott Charney, Microsoft corporate VP for Trustworthy Computing, made a bold move yesterday, stating that the industry should consider taxing every PC user to better fund the fight against cyber crime. Needless to say, this was met with a variety of responses across the blogosphere and a flurry of activity on Twitter. Richi Jennings at Computerworld selected a few “gems” that he blogged about today in Computerworld’s IT Blogwatch.
Cyber Threats—As I stated above, many consumers do not understand cyber threats. Social networking enhances this misunderstanding as more and more people provide increasingly intimate details about their life on these websites. By providing potentially sensitive information, people make it easier for cyber criminals to better focus their attacks, making their attacks more successful.
For Day 4 at RSA, anticipate more discussion on cyber threats--what to do to prevent them, best tips on what to do when you’ve been hit, etc. We’ll also see some additional discussion regarding security standards and, per usual, discussion of the cloud.
Cybercrime is a threat to both enterprises and consumers; it appears that no one is immune from an attack. As cybercriminals become more sophisticated, targeting their victims based on information obtained from social networking sites, it’s no surprise that cybercrime instills fear into many, especially as enterprises encourage the use of social networking as they learn how to use it to their advantage.
However, a strong word of caution was issued during a panel at the RSA Conference yesterday--security professionals were advised to be wary of the intensity with which they discuss threats. It is important that they find a balance between explaining the risks as well as the probability of an attack. Although some of the hype can encourage companies to re-evaluate their existing security practices, it could cause more harm than good. For example: the threat of stolen IDs, credentials and other sensitive data has many executives rethinking the approach to the cloud.
Once again, we saw the cloud take center stage as many conversations yesterday focused on the security of the cloud (and we can expect the same for today with a quick look at the daily schedule). With many people believing the cloud lacks sufficient security, they turn to the industry with expectations that security pros will “fix it.” Keep in mind, however, that fears and concerns of data security in the cloud are nothing new; this has been a primary reason for delays in adopting cloud computing for some time.
RSA President Art Coviello said in his keynote yesterday that the industry faces one of the greatest challenges: securing the cloud. He explained, “Cloud computing can allow more energy and investment to be directed to a real innovative and competitive advantage, but the one thing that’s holding it back is security.” He also named some key areas that should be prioritized as the industry takes on this task:
Who gets access to what and gaining visibility in the cloud
Compliance
Insider risk
Privileged user control
Workflow
A final thought: With cloud computing seemingly the way of the future, there’s little doubt that the government will be included in this new trend. We’ve already seen some significant federal movement toward the cloud, as I mention in a previous post, but at RSA, this is taken to another level. A number of federal employees within the cybersecurity arena are stepping up to the mic to lead various discussions on how law enforcement and the private sector need to work together to fight cybercrime.
Unveiled yesterday was Einstein, the National Security Agency’s Homeland Security program to protect the U.S. from cyber attacks. The still-in-progress, more robust second version of the program is described as being “designed to look for indicators of cyber attacks by digging into all Internet communications, including the contents of emails.” Knowing hackers and cyber criminals view this industry as a business, it will be interesting to see what this leads to as hackers turn to their version of R&D to enhance their operations.
For several years, SC Magazine's annual award ceremony at the RSA Conference has been a place to see and be seen. Last night, more than 400 IT security industry luminaries packed the Grand Ballroom at the InterContinental Hotel in San Francisco for the awards gala.
I had the honor of presenting an SC Magazine Award for "Best Security Company" to IBM.
With awards across more than 30 categories, last night's event no doubt sent many PR professionals scrambling to write press releases once the accolades were announced. Winning an SC Magazine Award always boosts the enthusiasm around the winners because respected awards such as these provide nice proof points for prospects, partners and investors. Winning them is an important objective for IT security PR teams. Further, attending the SC Magazine awards ceremony itself is in many ways a rite of passage for growing IT security companies.
I answered many questions last night about the SC Magazine Award submission process, the importance of the awards, etc. No doubt members of the Schwartz security practice will write much on the topic in this space in the future.
As was expected, much of the news from yesterday's RSA Conference focuses on the cloud, and specifically, the Cloud Security Alliance (CSA)’s four-hour summit. Kelly Jackson Higgins of Dark Reading wrote an article summarizing the summit and the CSA’s top seven threats to the cloud. An interesting point that came from this discussion is that data security still remains one of the key concerns for companies using the cloud. This begs the question: what type of encryption are you using and do you know how it works?
Some other news from yesterday includes an interesting tidbit on compliance. PCI and HIPAA are just two of the many compliance mandates that companies need to be aware of and abide by. The medical industry is increasingly turning to IT, emphasizing the importance of information security in compliance. Bill Brennerdiscusses the results of a survey illustrating that 41 percent of companies would fail a PCI audit. This makes one wonder: is a true, compliance-focused security solution available?
Today, we can expect a slight change in the focus of conversation. The cloud will still take center stage for most of the day as keynote sessions explore the security of the cloud. But with additional keynote sessions, seminars and panels aiming to discuss the Internet, virtualization and data breaches, we can expect an increase in the amount of coverage around the increasing sophistication of cyber threats and attacks, including specific mention of Advanced Persistent Threats (APTs).
Last night, the expo portion of RSA 2010 kicked off with a reception. I walked the floor and snapped a couple of pictures. [Full disclosure: The companies pictured are current Schwartz clients.]
Today is Monday, March 1, day one of the 2010 RSA Conference. The bustle of activity today is quite diverse as exhibiting vendors work hard to get their booths ready, some security professionals prepare for today’s seminars and other vendors begin to announce new offerings and products.
As I mentioned in an earlier post, there is much anticipation of news surrounding the cloud. Just this morning, there have been a number of announcements regarding new cloud offerings and products promising better malware detection and e-mail security.
Interestingly enough, we’re also seeing significant discussion of the cloud’s presence within the government. Matt Hines, an eWeek blogger, wrote an article this past weekend explaining that the government voice will “echo loudly” at RSA this year. Hines explained that in White House Cybersecurity Coordinator Howard Schmidt’s recent press conference, he stated that the coordination of federal cyber security efforts will be a leading priority. Following the recent “Aurora” attacks on Google, the combination of cyber crime and the availability of the cloud for federal institutions will encourage many discussions to look at the cloud’s impact on business productivity as well as data security.
As we turn our attention to RSA sessions, the cloud appears to be a key topic of discussion today. The four-hour Cloud Security Alliance Summit, beginning at 9:00 a.m. PT, will provide key information from industry experts about the state of cloud security. Cloud discussion continues early tomorrow with the first RSA keynote at 8:00 a.m. PT discussing Safety in the Cloud.
On another note, keep an eye on Adobe and Google. Knowing that a number of tomorrow’s sessions will focus on the latest types of cyber threats (such as the Advanced Persistence Threat, or APT, for short) and best practices to avoid falling victim to those threats, it will be interesting to see how these sessions tie-in the latest flaws with Adobe and how companies can better protect their networks with increasingly determined and more sophisticated attackers.
Just a few days away from the start of RSA 2010, it’s a good time to take a step back from the bustle of preparations and review some key trends that will likely be the focus of every conversation at the Moscone Center.
Just by perusing the titles of each of the sessions, it’s no mystery that majority of conversations will focus on the cloud, data security, compliance and end-user education. Jon Oltsik stated in a recent blog post on Network World that he believes security spending and compliance will be top of mind.
The security analysts at Securosis believe that compliance, cloud security and cyber crime will be primary discussion topics.
I had the opportunity to listen in on the annual pre- RSA Conference call today, where analysts Chris Christiansen of IDC, Khalid Kark of Forrester Research and Scott Crawford of Enterprise Management Associates each shared areas they think will most likely be key trends. They are summarized below.
Data security and the Cloud -- Crawford addressed data security within the realm of the cloud. Since the cloud was significantly hyped up throughout much of 2009, it’s not hard to believe that the cloud is a big topic at RSA this year. But with varying definitions, confusion as to what the cloud is and the disputes regarding the establishment of guidelines for compliance and data security within the cloud, it brings about a big question: Who owns the data? This makes one wonder if the next big threat to enterprises will involve data ransom. Anticipate all conversations to involve the cloud in varying degrees.
Social Media + Targeted Attacks = ??? -- We are all aware of the increasing sophistication of malware and various other cyber attacks. Simultaneously, we’re aware of the increasing presence of social media in our everyday lives. We constantly see updates from friends, colleagues and clients. So how is this relevant to security?
Christiansen borrowed a quote from Oscar Wilde that ties this all together: “There’s so little useless information.” Any publicly exposed information is relevant to someone, somewhere, and ironically for those so willing to share, is available for a price. Expect these conversations to revolve around the increasing sophistication of cyber crimes, advanced persistent threats (APT) and other new threat models and new attack targets (i.e. smartphone applications).
Social Media and the Enterprise -- According to Kark, organizations need to learn how to leverage social media and Web 2.0 to their advantage, while also being wary of the threat aspect that surrounds it. As Kark stated, “It’s a freight train coming and we need to learn how to deal with it.” Expect conversations on this topic to explore implementing social media guidelines for companies of all sizes.
End-user Education -- Majority of security professionals will frequently reiterate the importance of end-user education. But in a time of social media, when every ounce of information becomes a potential hook to an unsuspecting victim, an appropriate statement to keep in mind is: A company is only as strong (and secure) as its weakest link. Expect to find yourself in conversations discussing increased spending on employee security training.
So in summary, there are four overarching trends to expect at RSA this year, according to the analyts and early online coverage:
* Cloud computing/SaaS security and compliance * Data security and ownership * Next generation attacks to the enterprise * Education and security spending
It will be interesting to see how each theme plays out when the curtain goes up.
Posted by Kristin Forte Allaben on February 24, 2010 at 1:54 PM
| TrackBack (0)
An interesting fact about our resident female Tangled Web bloggers - We're all blushing brides-to-be. So, in honor of the upcoming nuptials for Tiffany, Kristin and myself, this post is dedicated to one of the most important relationships for security vendors – the customer relationship.
Earlier this month the Schwartz Security Practice group created a tip sheet outlining ways to increase exposure among media and analysts at RSA. We often advise our clients to plan well in advance to determine if there is a strategic way to align a major news announcement with the conference. However, this is often the “best-case scenario” situation. In the absence of hard news, leveraging customers and having a contact at the show is a great way to generate media attention and deliver reporters information that is compelling, timely and could ultimately lead to great coverage in the future.
The vendor/customer relationship starts with popping the question: "Will you go to RSA with me?" No bling necessary, but covering travel, accommodations and an event pass is another story. That said, bringing a customer to RSA is an investment. A few tips and tricks to make this engagement valuable to people on both sides of the aisle:
-- Evaluate the relationship. Is this customer new or tried and true? While customer win announcements don’t generally receive a significant amount of press coverage, reporters would be interested to hear why a customer chose a specific product or service. This is an opportunity for vendors to provide a product update briefing to reporters through the customer interview, outlining an industry need and discussing differentiators. Don’t expect coverage immediately, but giving reporters access to customers goes a long way and will leave them wanting, and willing to wait for more. On the other hand, bringing a long-term customer to the show, especially if they can talk ROI, is media gold.
-- Consider vertical publications. Reporters’ time at RSA is limited, essentially running from booth to booth, attending sessions, catching up with industry pals and so on. It’s sometimes difficult to secure meetings with reporters from security publications. But those aren’t the only reporters and editors in attendance. An article that appears in a vertical publication – BankInfoSecurity, let’s say – may reach an even more direct audience if selling into financial institutions. A customer in that same industry will be compelling because they can speak to security issues specific to their line of business.
-- Maximize time with booth presentations. Customers’ schedules and their level of activity at RSA or in any media opportunities should be discussed and planned ahead of time. Understandably, talking with reporters about a cool new security application that he or she uses isn’t necessarily a customers’ top priority. When working with our clients on plans with a customer for RSA, this is important to keep in mind. Instead of filling an entire day – or four days – with interview after interview, scheduling a more formal presentation, which could be delivered at a booth, could drive traffic of not only attendees, (customer peers) but media as well. Integrate customers into booth sales demos or work with them to show a real life example of a technology in place.
-- Take advantage of the time you have with customers. More and more we are seeing reporters and editors looking for additional content for their sites and blogs. Consider recording video of a customer’s presentation or describing the company’s IT security strategy. We suggest that clients use video content on their own Web sites as well, which they can also distribute to a few key media targets. Also, when we join media interviews, we’re always taking notes. The information the customer reveals could trigger ideas for pitches down the line or could be the basis for drafting a case study.
-- Don’t forget to show a little love, in addition to being mindful of time. An obvious tip here, but showing appreciation for the time a customer spent at RSA is well…appreciated. If any coverage appears, send a hand-written thank you note, along with a copy of the article (perhaps even a framed copy).
Want more advice on building out a PR strategy for RSA – check out our webinar, featuring Schwartz's Ross Levanto and Tim Whitman and their special guest, Matt Hines of Core Security and eWeek Security Watch blogger.
Just two weeks to go until the floors of the Moscone Center in San Francisco will serve as the center of the IT security universe.
From a PR perspective, members of the Schwartz Security Practice have been in contact with reporters for weeks, on the phone and via Twitter and other channels, to learn what stories are trending well as we head into the conference.
Schwartz wants to help the many IT security vendors out there who are getting ready for the big show. We created a tip sheet, downloadable for free form the Schwartz website, which outlines five tips to maximize the PR value of RSA.
Las week, we also hosted a webinar to discuss other RSA PR strategies, and we invited former full-time journalist (who still contributes to the eWeek Security Watch blog) Matt Hines to share his insight in our discussion. The webinar was recorded and is available on the Schwartz website.
Finally, I encourage you to visit this blog during the week of RSA. Tangled Web will be publishing daily "trending" reports that show which stories are creating the buzz at the show, and we will provide updates from the show floor.
As security PR practitioners, we at Schwartz are focused on increasing mindshare and market share for our clients through a number of avenues—one of these is an awards program.
Tailored to meet each client’s specific objectives, we assemble an annual calendar of award opportunities, ranging from industry awards to corporate, customer-focused, technology, local market awards, and more. Then, we track nomination deadlines and collaborate with clients to produce and submit strong entry materials.
When it comes to IT security-specific honors, the SC Magazine Awards are a top priority for most enterprise security technology companies who value recognition from SC Magazine as important validation from one of the industry’s top trade publications. Celebrating their 13th anniversary, the SC Awards highlight noteworthy achievements of professionals, companies and products that, according to the publication, “help fend off the myriad of security threats confronted in today's corporate world.” Throughout the years, the Schwartz Security Practice has produced a long track record of winning assists.
This year’s field of SC Award finalists awaits the 2010 winner announcements, which will be made on March 2 during RSA Conference week. An award win surely complements sound RSA PR strategies, such as those discussed in our recently held webinar. To obtain a copy of the RSA PR webinar, please contact securitypractice@schwartz-pr.com.
As a sponsor of the SC Awards Dinner & Presentation, Schwartz Communications would like to say congratulations and best of luck to all 2010 SC Award finalists. If you are planning to attend the March 2 awards dinner, we look forward to seeing you there! You’re sure to spot our colleague Ross Levanto on stage as a presenter.
Check back for continued RSA updates, along with SC Awards gala photos of the Schwartz RSA PR team and clients all dressed up in our formal wear.
