Pragmatic CSO Podcast #12 - The Business Plan
Submitted by Mike Rothman on Wed, 2008-05-07 10:24.
This week we get back into the Pragmatic CSO methodology, and jump into Section 2: Building Your Pragmatic Security Environment. The first step in S2 is Step 4 or Building Your Security Business Plan. Why do we need a business plan anyway? What's the point?
All is revealed in podcast #12. Well OK, not all - but I lay the groundwork on why the business plan is probably the most important of the 12 steps and what goes into building it. Over the next 2 months or so, we'll be delving deeply into the business plan and the associated efforts to "sell" the strategy to the senior team.
So, buckle up as we take off for the next leg of the P-CSO journey.
Running time: 5:52
Intro music is Jungle and I sign off with Acquiese from Oasis'
Masterplan album. Since the security business plan is YOUR Masterplan,
I thought that was appropriate.
Direct Download: 12_Pragmatic_CSO_Podcast_12.mp3
Subscribe
in a reader
Photo Credit: Peter J. Bury - IRC
Pragmatic CSO Podcast now on iTunes
Submitted by Mike Rothman on Tue, 2008-01-29 07:21.
Now you can take the P-CSO on your iPod with you. This is great news, so now I can haunt you in your car, on an airplane, or even when you are running. Although since all of the podcasts are 6-7 minutes, it wouldn't be much of a run I guess.
To get the podcast, click this link and then it should direct you to iTunes to subscribe to the podcast. Screenshot of what you should see is below.
Read the Buying Security Products eBook - Get the Daily Incite Newsletter FREE!
Submitted by Mike Rothman on Mon, 2006-03-13 03:59.
::
- Are you looking for some "real-world" advice on the best way to buy the right security product at the right time for the right price?
- Could you benefit from getting information from an "insider" who has worked with hundreds of customers and also spent 8 years as a vendor enabling his sales force to "close more deals"?
- Have you ever felt like a passenger during a sales process, instead of driving the procurement to ensure the correct product was chosen?
- Would your life be easier if you could find a "hands-on" step-by-step approach to managing the buying process?
If you answered YES to any of these questions, then you should get our Buying Security Products eBook and Daily Incite Newsletter Combo Package.
Click here to learn more. Or look for the Daily Incite logo on the right sidebar and fill out the form now.
A Quick Guide To Security Incite
Welcome to Security Incite. To streamline your visit, here are some thoughts on what to do first:
- Subscribe to The Daily Incite - a hard-hitting analysis of the information security business that shows up in your inbox a couple of times a week. The Daily Incite will give you the information that you need to stay on top of the dynamic security industry. All you need to do is look for the Daily Incite logo on the right sidebar, fill out the form, and you are done. You'll also receive the Buying Security Products eBook as an added-bonus for your subscription.
- Read the Security Incite Rants blog - RSS types can get the Daily Incite and other assorted ramblings via the blog feed. The goal of the Rants blog is to inform, educate, and provide a unique (and at times controversial) perspective on the information security business. There is a lot of noise out there and most folks have a hard time figuring out what is important. Click on the RSS link in the right sidebar to add the feed to your reader.
- Check out the Pragmatic CSO - Mike's 12-step program is focused on making security relevant within the context of business. Sign up for the P-CSO newsletter and you can get "5 tips to being a better CSO."
- Listen to Pragmatic CSO Podcasts - If you are the podcast type, Mike does a (sort of) weekly podcast digging into security philosophy and the Pragmatic CSO methodology.
- Experience Security Mike's Guide to Internet Security - It's pretty nasty out there on the Internet, and there are some fairly simple (and cheap) techniques you could use to better protect yourself. You probably know all this stuff already, but your friends and family certainly don't. Security Mike's Guide is focused on helping consumers protect their computers, so they can protect their identities and their kids.
- Learn about Security Incite - If you hit the "About SI," you'll learn more specifics about what Security Incite is, and more importantly, what it's not. You can also learn a bit about our President, Mike Rothman.
- Learn how we can help you - The other tabs (End Users, Vendors, Press) will bring you to a page specifically for you. Here you can learn how we help folks just like you.
- Read the 2008 Security Incites - That's right, we busted out the crystal ball and have made our annual prognostications about where the security market is going. Read the "Incites" and let us know what you think. You can also read the Days of Incite series to get a more detail analysis of each of the Incites.
Why do I blog?
Submitted by Mike Rothman on Mon, 2006-06-12 16:14.
Sometimes it's good to take a step back and really examine why you do the things you do every day. I wake up and start tooling away on The Daily Incite. Then the rest of the day tends to be split between research, advisory, vendor briefings, and writing. But in seeing the media storm around Robert Scoble's departure from Microsoft and seeing Guy Kawasaki's frequent ramblings about how important it is to be highly ranked, it makes me ask why I do this? Do I care whether I ever reach the A list? What the hell is the A list anyway?
After giving it some thought, I've come up with a couple of reasons, but they all get back to the same thing - blogging helps to build my business by building my brand. Ultimately, it always gets back to economics. If it doesn't, then congratulations - you are one of the few that works because you love what you do, not because you have to. If you don't love what you do and you don't have to do it, then you should get your head examined. But I digress. As fortunate as I've been, I still get up every morning and try to get something done to make sure I can keep the lights on.
But there is more to it than just building my brand. I love to write. I love to share my opinions. My ego loves to be considered an "authority" on information security. Most of all, I understand that I was out of the analyst game for 8 years. More people know me as a VP Marketing than as an analyst. I didn't realize I had to reinvent myself, but that's exactly what I'm doing. So I have to make my bones and earn your trust. I do that by adding value and by being right, with no real expectation of money changing hands. At least not yet...
If there is one thing that I've learned over the years, it's to respect the virtuous circle of doing the right thing. I don't charge for access to my opinions. I don't force folks to subscribe before I share my thinking or take a vendor briefing. Don't laugh, but in the early days of IT research - writing was your main product. Paper research notes sent to customers every couple of weeks. And for this they would pay $20,000 a year. And I hear about other analyst not talking to vendors or even more ridiculous - not providing any feedback if the vendor is not a subscriber. Sorry, that's doing the wrong thing.
Ultimately I want to make a difference. By not pulling any punches or sugar coating what I believe to be the truth, I'm doing the right thing. There are lots of folks that are happy to take your money and tell you what you want to hear. I'm not one of them. I am hopeful that folks read my stuff and it helps them do their job better. I do The Daily Incite to keep folks current in the unbelievably fast paced security market. Based on the feedback I get pretty much daily - it's working. I'll keep writing as long as folks are interested in reading.
In turn, when there is an opportunity to work together, maybe my readers will think of me first. Whether it's subscribing to my end user service when an appropriate project crops up. Or on the vendor side - doing an external speaking engagement or some strategy/messaging consulting. My hope is that if I do the right thing, everyone else will too.
It's also been drummed into my head over the years that "hope is not a strategy." I've only said that about a million times to people I've worked with over the years. So, I don't expect by cranking out blog posts, the phone will ring and people will just send me money. But I'm not ready to discuss my plans for world domination just yet, but suffice it to say - I spend time thinking about that too.
After giving it some thought, I've come up with a couple of reasons, but they all get back to the same thing - blogging helps to build my business by building my brand. Ultimately, it always gets back to economics. If it doesn't, then congratulations - you are one of the few that works because you love what you do, not because you have to. If you don't love what you do and you don't have to do it, then you should get your head examined. But I digress. As fortunate as I've been, I still get up every morning and try to get something done to make sure I can keep the lights on.
But there is more to it than just building my brand. I love to write. I love to share my opinions. My ego loves to be considered an "authority" on information security. Most of all, I understand that I was out of the analyst game for 8 years. More people know me as a VP Marketing than as an analyst. I didn't realize I had to reinvent myself, but that's exactly what I'm doing. So I have to make my bones and earn your trust. I do that by adding value and by being right, with no real expectation of money changing hands. At least not yet...
If there is one thing that I've learned over the years, it's to respect the virtuous circle of doing the right thing. I don't charge for access to my opinions. I don't force folks to subscribe before I share my thinking or take a vendor briefing. Don't laugh, but in the early days of IT research - writing was your main product. Paper research notes sent to customers every couple of weeks. And for this they would pay $20,000 a year. And I hear about other analyst not talking to vendors or even more ridiculous - not providing any feedback if the vendor is not a subscriber. Sorry, that's doing the wrong thing.
Ultimately I want to make a difference. By not pulling any punches or sugar coating what I believe to be the truth, I'm doing the right thing. There are lots of folks that are happy to take your money and tell you what you want to hear. I'm not one of them. I am hopeful that folks read my stuff and it helps them do their job better. I do The Daily Incite to keep folks current in the unbelievably fast paced security market. Based on the feedback I get pretty much daily - it's working. I'll keep writing as long as folks are interested in reading.
In turn, when there is an opportunity to work together, maybe my readers will think of me first. Whether it's subscribing to my end user service when an appropriate project crops up. Or on the vendor side - doing an external speaking engagement or some strategy/messaging consulting. My hope is that if I do the right thing, everyone else will too.
It's also been drummed into my head over the years that "hope is not a strategy." I've only said that about a million times to people I've worked with over the years. So, I don't expect by cranking out blog posts, the phone will ring and people will just send me money. But I'm not ready to discuss my plans for world domination just yet, but suffice it to say - I spend time thinking about that too.
Recent comments
5 days 8 hours ago
5 days 11 hours ago
1 week 12 hours ago
1 week 5 days ago
1 week 5 days ago
3 weeks 5 days ago
3 weeks 5 days ago
3 weeks 6 days ago
4 weeks 4 days ago
5 weeks 6 days ago