Marcel Brunel spoke at the AlienVault Sales Kickoff (SKO) in Austin this week. His talk was “Influencing Behavior and Impacting Results – People Working Together”, around the SKO theme of “Band Together.” He focused on collaboration and cooperation among team members, highlighting how sales is changing to be less blindly competitive and more obsessive on satisfying people’s goals, challenges and needs. Marcel made the very interesting point that empathy is the skill for the 21st century.
Marcel described the 3 personae of every person:
- Underlying (natural, the real you, perhaps at a barbecue drinking a beer
- Everyday (the conscious you, behaving appropriately in front of executives and colleagues)
- Over-extended (you under stress – where you show your “true colors”
This was key to his talk, as it’s easy to work well as a team when everything’s fine, but it’s when you are under stress that your teamwork may be challenged. He encouraged our team to know that there will be bad days, and to “Embrace The Suck.” With Marcel’s background as a Army Ranger, he speaks from experience and has to work through many difficult situations in his life.
Top behaviors of high performing teams are:
High performing teams collaborate rather than competing and doing whatever it takes to win little battles, even at the expense of other team members. There’s a culture of One Team, and the team operates as a meritocracy, where talent and hard work is rewarded and recognized by the whole team.
There was also a customer and MSSP partner panel at SKO, which was moderated by Justin Endres and included Danny Santiago (City of Lewiston), Kevin Geil (NY ORDA), and Grant Leonard and Tony Simone from Castra Consulting. It was a fun panel, with discussions ranging from justifying infosec investments, to tuning and reducing false positives, to compliance auditing to their findings using the AlienVault USM product. Some key notes:
- Even if you have executive support for infosec, in practice it can get put on the back burner when circumstances dictate. You need to provide continuous reminders for management on the importance of infosec to keep it from being de-prioritized. The example: if you get in a car accident, you are a very cautious driver – for a while. Then you might go back to barreling down the highway at 80 MPH.
- If you ever have free time between exploring security incidents AUTOMATE as much as you can to help you in the future
- Use the ticketing system built into USM when handling security issues – it’s useful in its own right, but also a great way to keep information for future reference for the next person to look or even yourself – “tickets never forget.”
- Customers just after compliance can have a “checkbox” mentality and they typically just need reports to justify them passing certification. In addition, most auditors aren’t technical at all, so don’t count on passing an audit meaning you are secure. Also, third parties, like vendors, can throw a monkey wrench in your compliance efforts.
- It’s surprising to small companies, that “as small as we are, a bad guy found us” when describing a recent targeted attack. As Tony says, “If there’s money flowing through your business, you are a target.”
- Score your assets! You need to pay attention to what’s important to you.