January 5, 2007 - #1

Welcome, welcome to Fantasy Island.

I am your guide, Mike Rothman, and I'm going to take you on a fantastic journey to the promised land of security. Your users will get it, your senior managers will support it, and best of all you'll even have time to play golf.

Actually, Fantasy Island was one of my favorite shows growing up. I remember staying up late on Saturdays to be taken to this mysterious world where the most miraculous things would happen. The "guests" would learn an important lesson and then the sea plane would take off, forcing me to wait for the next week when a new gaggle of guests would arrive.

So, what does that have to do with the Pragmatic CSO? The big lesson in Fantasy Island was that YOU had the power to fix whatever problems you had. That power was in YOU the entire time. Mr. Roarke just provided a venue so you could discover that power.

Likewise, every CSO has the power to impact great, positive change within their organization. Hopefully you've read the Pragmatic CSO Introduction at this point, so you are familiar with the "reasons to secure." That's why we do what we do. That is the prize. That's what we need to keep focused on, every day.

The power is within YOU. Yes, it's a lot of hard work. Yes, there will be ups and downs. Achievements and setbacks. Hopefully two steps forward, one step back. But you can do it. The Pragmatic CSO can show you how.

In this week's issue:

• This week's P-CSO Tip: Present Thyself
• Pragmatic CSO: The Book (like paper and dead trees and all)
• P-CSO FAQ: Who is Mike, the Pragmatic CSO?
• P-CSO FAQ: Why $97?
• P-CSO in the blogosphere: What they are saying!

This week's P-CSO Tip

Present Thyself

One of the key skills you will develop as a Pragmatic CSO is presentation skills. At first, especially for folks that are not experienced, the idea of getting up in front of anyone is horrifying. I remember the first time I had to do it, back in college. I was nervous, but prepared - and I did fine. Now some 20 years later, presenting to a crowd is one of the things I like best.

So how do you become a presentation master? A lot of those steps are laid out in the book, but in two words: Preparation and Practice.

You must be prepared. You have to know your stuff inside and out, backwards and forward. Seriously. The fastest way to lose credibility is to blow an easy question. That doesn't mean you have to know everything. It's OK to say you don't know and you'll get an answer. But you get maybe one of those passes during each pitch. Pull that card too many times, and you are perceived to be a boob.

You must practice. I've been doing presentations for 20 years, and I practice extensively. Not in the "traditional" sense, where you get in front of the mirror and croon to the alley cats. But I work through every slide mentally and envision what I'm going to say. Novices should take notes and have talking points. Again, if you stumble all over your words, you'll be perceived as a boob.

The objective is to not be a boob. So prepare and practice and then pitch. It's not that hard, once you get the hang of it.

Pragmatic CSO: The Book

Like every entrepreneur, I am learning every day. I launched the book on Tuesday and by Friday I know a lot more than I did before. Actually, I launched the PDF on Tuesday - and I heard LOUD and CLEAR that you want a BOOK.

Ask and ye shall receive!

I'm happy to announce that by Monday at the latest, you will be able to buy the book. I feel bad for all the dead trees that will result, but not that bad. It's my wife that is really the tree hugger.

I'm spending this afternoon laying the book out for print and will put in my initial order. I should be able to start shipping them out by mid-week. So by this time next week, you can have a piping hot, right off the presses, paperback version of the Pragmatic CSO.

Thank you for the feedback and your suggestions.

P-CSO FAQ: Who is Mike?

I have gotten some questions about this "Mike" character in the book. Who is he? Does he exist? Did he really spend $97 on the book? Were there models for the character? Why is he named after you?

The answers are pretty straightforward. Mike, the Pragmatic CSO, is a fictional character. For those of you a little slow on the uptake, that means he doesn't exist. Well, not really. Mike is a representation (some would say a caricature) of the thousands of CSOs and security professionals I've met through the years. Both the good traits, and not so good traits.

Mike is my muse throughout the book. By having a point of reference, in terms of hearing about Mike's experience going through the process, it will make it easier for you to understand how the process can apply to your organization.

I understand naming him after my favorite person (ME, of course) can be a bit confusing. But Mike is Mike. He has no last name. Kind of like Bono, but not. If I ever refer to myself in text, I will spell out my last name. So Mike is the Pragmatic CSO. Mike Rothman is, well Mike Rothman.

P-CSO FAQ: Why $97?

There were also some questions about the pricing. Isn't $97 expensive for a book? One blogger even called the price "astounding." I like my ability to surprise my audience at any given time.

If this was a mass market paperback, selling at Borders or Barnes & Noble, then $97 is expensive. But I did a lot of research into training in other business, most notably sales and marketing and $97 is a standard price.

How much does it cost you to go to a SANS conference? Right, more than $97.

But because I say there is a good value, that doesn't mean it's true. Let's look at some of the other options. You can buy ISO 27001 and model your security program after that. That will cost you about $103. And they only accept Swiss Francs, so those drachmas aren't very useful. It comes in PDF too.

Other research firms charge you $495 or so for each of their reports, if you can buy them. Or you can subscribe for $30,000 a year, and that's the entry level pricing. Even Network Computing has technology reports that they sell for $495.

So maybe it's just me, but I think "cost-effective" is the term that should come to mind. My target audience is security professional for a mid-sized business and your business should be buying the book for you. It's a lot cheaper than a traditional training course, but the coffee kind of sucks.

P-CSO in the blogosphere

I'm happy to say a number of folks covered the P-CSO launch on their blogs. Here is a little smattering of the coverage:

• Alan Shimel: "I think the Pragmatic CSO will go down as a milestone in the security management arena." Link here.
  
  
• Mike Murray: "But, having read it, it's far beyond good." Link here.
  
• Michael Farnum: "I highly recommend this book to CSOs and security managers of any type." Link here.
  
• Andy, ITGuy: "What I have read so far has been entertaining and educational." Link here.

• Martin McKeay doesn't like the 12-steps (here). My friend, if I could have gotten it done in 6 steps - I would have. But he does think there is value: "His comments on why we secure the network was worth the time spent reading all by itself, everything else is icing on the cake."

But as with everything, there have been some that have critical comments.

• Arthur at Emergent Chaos thinks the price is "astounding" (here). See my explanation above. He also wondered a bit if he could meet Mike, the Pragmatic CSO at RSA. Maybe I'll get a life size poster of Mike, and then Arthur can have a conversation with him. Of course, Arthur only read the introduction, so he's got about 8% of the story.

Keep the comments coming. Both good and bad.