Trainer Communications’ PR and marketing professionals were, again, all over the RSA Conference, myself included. This year was especially exciting as the amount of client’s we were representing there increased 300 percent over 2009 and this year we conducted two surveys for our clients PacketMotion and Brocade and helped our client Secure Passage out with social media activities management and execution. In general, I’d estimate that Trainer’s increased RSAC presence and that of its clients is a great indication that, despite the slow pace of the improving economy, the IT security industry remains strong and continues to grow.

Angela Griffo’s crew did a bang-up job with the Brocade survey, I found some of the results to be especially interesting, especially the one on whom within enterprises security pros are the most concerned about spying on behalf of. I thought for sure that IT security folks would have a major concern that foreign government spies were after technological advancements, after all, the Constitution of the People’s Republic of China is riddled with amendments that almost say “economic advancement at all costs.” But not so, the vast majority of infosec pros surveyed, 41 percent, stated that they were more concerned that there might be internal spies working for competitors. Check out the conclusion:

A result that I found to be equally intriguing was the one that asked whether or not security policies were being enforced. Seventy percent of respondents said “yes,” but this made me wonder exactly how effective or comprehensive the “enforced” policies really are, especially in light of the use of social networks in the workplace and personal devices being used to access networks. If you check out this video we put together for PacketMotion, you’ll notice that eBay’s Information Security Chief of Staff points out that mobile devices are something everyone has and uses for work these days.

Click here to view the embedded video.

Back to the enforcement question, here’s the total results of the question:

I know I am behind a week on my “What is the Cloud? Film at 11 Post,” but that’s coming soon, I promise. Things are really picking up at Trainer and I have little to no time to blog lately, but I am starting to carve out room.

]]> http://www.securityheavy.com/2010/03/rsac-2010-survey-says-competitors-biggest-spy-threat/feed/ 0 http://www.securityheavy.com/2010/03/rsac-2010-defining-the-cloud-film-at-11/ http://www.securityheavy.com/2010/03/rsac-2010-defining-the-cloud-film-at-11/#comments Fri, 05 Mar 2010 22:55:18 +0000 Blogger in Chief http://www.securityheavy.com/?p=679 Posted by Joe Franscella, 3-5-2010:

Again, I had an excellent, educational experience at the RSA Conference. I run into editors, bloggers and analysts I know from time to time at the show and always ask them the same question, anything new, exciting or cutting-edge? Invariably, I get yes and no responses but this year I think I heard more say they were excited about the fact that innovation is starting to creep back into the game. At around 11 Tuesday night, I ran into Richard Stiennon crossing Howard Street, he was with an MSP friend of his and during our brief conversation he mentioned a few of the more “interesting” vendors he had come across. I look forward to reading his complete thoughts on them when he publishes.

Again, I had the privilege or shooting video during the Executive Women’s Forum party at the W Wednesday night. This year I had the chance to interview three of some of the world’s most well known players in the Cloud and Cloud security game. On camera, each were asked what is the Cloud and can it be secured? The answers were stunning, I got back a technical, business and metaphoric description — I’m pleased to be able to say that my hours of research have paid off as the definitions weren’t far from my own conclusions I had made prior to talking with them. Next week, I will be posting the video.

Rake Narang of Info Security Product’s Guide visited two Trainer Communication’s clients’ booths at RSA, Secure Passage and PacketMotion. Each did an excellent job at quickly and comprehensively telling their company’s stories:

Posted by Joe Franscella, 2-25-2010:

RSA Conference 2010 is here, only a few days away at least. Many in the PR trenches are busy psycho-dialing in hopes of scheduling that one last, or in some cases first, meeting with a journalist or analyst so you can prove your worth to your clients. If you have a big name to throw around with some big news coming out at the show then you may be hitting the jackpot, however, if you have small clients that don’t command recognition just based on their name brand, you may be running into some high, high, I mean high, hurdles.

If you have a small client and you were smart about it, you set them up to do mostly prebriefings with news breaking this week, I see some of this going on and it is clearly paying off. If, however, your are chartered with booking the all-coveted show briefing and you are having bad luck, don’t despair, you may be able to interest at least a few writers or analysts — if you know what they’re after and you know how to approach them.

In an attempt to better understand what might secure (no pun intended) a briefing with a security writer or analyst at the world’s biggest security trade show, I reached out to a wide audience and asked them what their pet RSAC pitching peeves are and what might make for an interesting pitch and potentially secure a meeting. Responses were similar all around — “tell me something new, something I don’t already know and something that is effecting the industry on a wide scale; don’t bother me with follow-up calls, understand what I write and for God’s sake, understand the difference between news and marketing — I do.”

Judge for yourself by some of these responses, are you following the rules?

Seth Rosenblatt, CNET Download.com, http://download.cnet.com/download-blog/?tag=rb_content;overviewHead:

The best thing any PR rep can do is research. Far too few actually spend the 30 seconds of Googling required to learn who covers which beats, and this is incredibly important in the complex field of security. Do all political reporters cover the White House?

Kelly Jackson Higgins, Dark Reading, www.darkreading.com:

Peeve: When they bundle all of their security clients together into one email/pitch.

What works: Tell me something I don’t already know, or have something truly innovative to share.

Ira Victor, The CyberJungle Live 10a-noon Pacific, Saturdays at www.kkoh.com, Podcast anytime: www.TheCyberJungle.com:

Peeve: PR people pitching products rather than true hard news stories

What works: Learn about our program, and pitch us stories that would be newsworthy for our audience

Martin McKeay, Network Security Blog and Podcast, http://www.mckeay.net, http://netsecpodcast.com:

Peeve: PR hacks who call and call and call and never leave a message or sending an email.  If you want to talk to me, leave me a message and I’ll get back to you if I’m interested.

What works: Take the time to do your research and make sure it’s something to I’m going to be at least related to what I do.

Dr. Anton Chuvakin, http://www.chuvakin.org, http://www.securitywarrior.org:

Peeve: Blind and uneducated pitches like “Need PCI-DSS compliancy? We can help!” They are my #1 pet peeve since they are both dumb and mistargeted.

What works: New, hot technology that falls under the category of things that I care about worked the best.

Deb Radcliff, Freelancer (SC Magazine/Network World, Online Crime Bites), http://derad.typepad.com/:

Peeve: A pr person I really like just sent the stupidist note.  “I have a lot of clients at RSA. So tell me your schedule and I’ll book them into your schedule.”

What works: Have some relevant market information, be in the pulse, and don’t just try to tell me a 4.0 is better than the 3.5. The other best thing, really try to align the client with the interests you know about the writer. Some try to shove these folks down the throat just for facetime no matter there’s a match or not there.

Jennifer Leggio, ZDNet | Social Business, Quick’n'Dirty Podcast, http://blogs.zdnet.com/feeds/?tag=trunk;content:

Peeve: Based on the pitches I am receiving it is clear that many PR people are not reading my bio or my blog. I’m getting pitches for data center hardware when what I cover is security relative to social networking. Not to mention, I work for a security vendor in my day job and I’ve had my company’s competitors send me pitches assuming that I would honor an embargo, even though I have no past relationship with the PR person. It’s both shocking and disappointing how many companies are sending proprietary news like that.

What works: Simple – make it relative to what I cover.

Sharon J. Watson, Senior Producer, Security Squared, http://www.experteditorial.net/securitysquared/:

Peeve: Agency reps—and they are always from agencies—who clearly didn’t bother to look at Security Squared in any depth to find out what info we cover or for whom we cover it, so they pitch products/companies that clearly don’t fit our profile (and the pitches are always generic).

What works: Tell me how your announcement fits our coverage profile and then tell me you have a consultant, analyst or user/beta tester I can talk with to vet your whiz-bang statements.

Mike Rothman, Analyst & President, Securosis, www.securosis.com:

#1 peeve is PR folks sending me bulk e-mail merge notes trying to get time with me. Oh, kind of like this message.

More seriously:

1) #1 peeve is someone that doesn’t take the time to understand what I cover and just sends me a blast email. No I don’t care about line encryptors and I’m not going to take a briefing at RSA about it.

2) #2 peeve is PR flacks trying to get me interested in their client/company 3 weeks before a show. Last time I checked, the year was 365 weeks and this is a relationship business. If I haven’t heard of you, the likelihood that I’ll take a briefing at a show like RSA (where I have maybe 20 meetings slots the entire week) is nil. So start building the relationship in the other 362 weeks of the year and then maybe we’ll get some time at RSA.

3) To be clear, there is nothing a PR hack can do to get me interested and to take a meeting. I make my own list of companies I’d be willing to meet with about 6 weeks ahead of the show. Then I tier it. I reach out to the folks I feel I need to see there (top tier). Then if someone else on the list approaches me, I’ll probably take the meeting. If you aren’t on the list, you’ve got no chance to get on my calendar.

To wrap up, the personal touch is always best received. Read my blog, follow my research and then make your pitch TO ME. Not some blast email. That ends up in the circular bin immediately.

Ellen Messmer, Sr. Editor, Network World, www.networkworld.com:

Peeve: Assuming there’s a lot of time to meet

What works: Make it clear why the news is important

Mirko Zorz, Editor in Chief, Help Net Security – www.net-security.org (IN)SECURE Magazine  – www.insecuremag.com:

Peeve: What annoys me the most is a *long* pitch consisting of several paragraphs informing me of news I’m very well aware of, as every member of the press should be. Such essays usually contain hideously exaggerated terms such as “leading, unprecedented, best-of-breed, industry defining” to describe the generally very obscure company I should be running to talk with because they someone named Pam told me there are a lot of breaches and that’s a problem. Wow, really?

What works: They should actually read the publications they’re pitching to, find how they do cover events such as RSA and what topics they focus on. These kind of pitches are always short, informative and make my decision easy.

PRs that have in the business for a while should learn how to develop a relationship with the people they’re pitching to. Some of the great ones have been sending me material for years and when it’s coming from them I know it’s worth publishing. They know what I’m looking for because they took the time to find out. It makes both our lives much easier as less time is wasted on unnecessary e-mails.

Rake Narang, editor-in-chief for Info Security Products Guide, http://www.infosecurityproductsguide.com/:

Peeve: I travel a lot and therefore prefer emails to voicemails. As we approach nearer to any major shows every year, I find that tons of voice messages are left for me. That’s the time I do not have time to listen to voicemails as my pre-event meetings and interviews have already begun and therefore I am probably not even available in my office. There’s no way that I will actually have time to listen to all those mostly 10+ minute voice messages.

What works: I am always open to new product announcements. Three things that I love most are products, products, products. If your initial message can summarize some recent attacks or security threats and how your new product can help, then I am already listening. I read all emails sent to me and anyone can approach me directly.

Nick Selby, Managing Director, Trident Risk Management, http://tridentrm.com:

Peeve: RSA is the busiest time of an analyst’s year; there are literally dozens of companies trying to get face time, and we’re looking forward to finding out lots of new information. The problem is, all companies think that RSA is, like, the best time ever to announce a new whatsit. So in addition to trying to meet up and see what’s happening in general, the flacks are all trying to get us juiced about some dumb-ass gimmick they’ve come up with to cut through the noise of RSA. Hello? The NOISE of RSA is why we go to RSA. All these announcements are distracting. What, you’re  so desperate for validation that you think that putting “RSA Conference 2010” in the lede of your press release will make customers say, ‘Oh boy! That product must be really good – they announced it at a conference they paid to be in!’ I don’t think so.

What works: If you truly want me to get excited, give me an embargoed release before the show so I can see whether I care. Don’t flatter yourself that you’re letting the cat out of the bag – no one cares about your drama unless you do more than $250m in business each year and even then it’s not like, you know, national security stuff (no matter how you try to play up that your CTO used to work for the CIA or went to MIT *yawn). Speak ENGLISH in your press releases (Nick Patience at The 451 Group famously said, “I know you have an end-to-end solution…But is it tightly integrated?”).

That is all.

Scott Crawford, Enterprise Management Associates, http://www.enterprisemanagement.com/:

Actually, this seems to have improved quite a bit in the last few years.  There seems to be greater understanding that we simply cannot respond to every request to meet (so don’t take it personally if we don’t). PR pros should also recognize that analysts aren’t journalists. Attention-getting is a non-starter. Our job is to highlight actual value, and we recognize we have to be thorough in covering a broad market, so we will take note. But give us the facts and make them digestible because if you don’t, we will do it for you. If I see that and I have an interest in your area, I will get back to you. We are interested more in the impact of a vendor offering on the market, on customers, and – most importantly – on real issues. Does a “solution” actually solve something? If not, that’s one of my “round file” words.

Again, it’s a question of bandwidth and interest. We simply can’t respond to all requests, nor will we react to every item of “news.” The PR biz in general should recognize that the signal-to-noise ratio is quite high around and before conferences, so they should weigh the risk that an announcement will actually get lost in that noise.  It would be best if 1) they know what we’re currently focused on & likely to respond to, and 2) if it’s actually news. You will help yourself by checking out what we’ve said recently: Twitter, firm websites and blogs should be checked. News really should be news. Product re-branding or incremental version releases aren’t. Innovation is, of course, but that’s a rare thing. Capitalizing on hype will likely get you tuned out, unless the client had already established credibility in the topic or area of concern and has a realistic take on an issue. Saying that a client is now all about <insert hypy topic here>, regardless what they may have claimed to have been all about before, will get you ignored.

Overall: Recognize that you’re doing your client a truly valuable service. Innovators aren’t necessarily communicators. Help your clients understand trends and how they really can address actual problems. Attention-getting gimmicks and manufacturing “news” just to get a client noticed mean you aren’t really invested in doing your homework for your clients. Have some self esteem. Don’t be a “hack, be a professional and do the legwork to know what the real issues are in your industry, so you can help your clients be better perceived for offering real value, and to help them perform better in fact. That’s a real service.

RSA Conference 2010 is here, that’s especially true if you’re in PR and you have an information security client that’s contracted with you to raise awareness for them at the show among media and bloggers. If you’re representing McAfee, Symantec, Cisco, RSA (EMC’s security division) or another mega IT security powerhouse, stop reading — you should be able to attract big ink and electrons based on their size alone. These companies have so many thousands of international customers and so many people dependent on their latest versions that journalists and bloggers owe it their loyal readers to keep them informed on their latest moves.

If, however, like most of us, you have a smaller client with news that is worthy of coverage but not necessarily able to compete with the biggies, don’t despair, there’s ample opportunity to get your clients the coverage they deserve and need.

If you are representing one of the smaller players in the market, there are a few steps you can take to secure them coverage, when pitching for a briefing remember to:

• Develop a story around your clients’ news that relates to common trends that will rise out of the conference. Does your clients’ news fit in with the cloud, social networking, Web 2.0, application vulnerabilities, the next wave of viruses, Obama’s plans for cybersecurity, protection of digital healthcare records?
• Start reaching out for briefings now, you may not be able to get what you’d otherwise like to during the actual show, but you may be able to do a fair amount of phone briefings leading up to it, thus ensuring that your client is part of roundups and other show-related features that publish.
• Consider making your announcements a week before the show. Breaking news leading up to the conference provides press and bloggers with an opportunity to write about developments outside of those they need to cover at the show itself. Enabling them to provide a wider variety of news and information to their readers while at the same time alleviating pressure on them to have to try and cover everything the week of the show may be of help to them.
• “Cyberthreats,” “Cybersecurity,” “Cyber-this and Cyber-that.” Remember, telling a writer that you clients’ new version and its features responds to cyberthreats, is a little ambiguous at best. When talking to the media and bloggers, specify the threat it defends against, “My client’s new feature was used by company Such-and-Such to thwart Conflicker, here’s how …,” is valid information that the information security community can actually use to improve the security environment — news a blogger or journalist could actually attract readers with.
• Consider responding to the RSA blogs. Chances are journalists and bloggers covering the show will, at some point, review at least some of these and possibly formulate ideas — if you’re client is on the ball with being part of these then you just might earn them a little play.
• Know what the journalist or blogger you are reaching out to covers; understand their beats. I know, I know — this little bit of direction can be as ambiguous as my thoughts on the use of the term “Cyberthreats.” What I mean by this, is that you should know a few basics prior to your approach: 1.) do they cover product announcements? 2.) do the vast majority of their articles include customer interviews? 3.) are they primarily focused on keeping up with the latest threats? 4.) are they channel-focused or vendor-focused? 5.) do you see any direct or inferred theme or pattern in their last five to six published articles? 6.) Do they rely on hard facts and information that comes out of surveys and other studies? If you have answers to these questions, then you’ll know what to bring them.

Hopefully, these tidbits of information will help you secure some of the coverage you’re on the hook for. They’re by no means full proof but they are based on what I’ve learned through experience over the past few conferences. Watch for my soon-to-publish survey results of journalists’ and bloggers’ top peeves when it comes to pitching them for RSA briefings.

The start of January marked my second anniversary at Trainer Communications. On that day, I tweeted:

I meant it, too. There’s a lot of great things that go on at Trainer Communications. Aside from working with an excellent bunch of PR, communications and marketing pros, Trainer’s commitment to Metrics Matter™ (the agreement made between Trainer and clients on the amount of press coverage that will be achieved for each initiative) and entrepreneurial spirit fosters the perfect environment for me — one where results are key and creativity and initiative are rewarded.

Prior to coming to Trainer, I had been the managing editor of a Central Valley (CA) newspaper and founder and general manager of a communications and advertising consultancy that produced a weekly cable network television show covering sports and recreation activities. During the 26 episodes, I leaned to do everything it took to produce a weekly show, which included but by no means was limited to — securing sponsors, filming, editing, voice over, production, coordination with the cable company for scheduling and technical matters, and receiving praises with humility and scorn with professionalism. Need to produce a weekly cable television show? Let’s talk.

One of the things I wanted to carry into my PR and communications work for clients and Trainer was my ability to produce video — something I am glad to say I’ve had a chance to do. Through the course of my Trainer career, I’ve produce videos for former clients, current clients and Trainer, some of which you can check out here:

Solidifying my satisfaction over the past two years at Trainer were two key events, 1.) Helping our firm to win a national Videographer’s Award of Distinction for production of a Web 2.0 news video, and, 2.) Being named as one of the leads of Trainer’s Video Practice in our 2009 yearend release. Check it out:

I am looking forward to another year with Trainer (and many more after that), to building the video practice and to continuing to help lead client accounts successfully. Next up: RSA Conference 2010, here we come!