ITguru_logo

Join IT Security Guru’s first webinar on: “If there are so many vulnerabilities, why isn’t the world on fire?”  Presented by editor Dan Raywood with guests including some of information security’s biggest names – Lewis Henderson, Conrad Constantine, and Cris Thomas.  Join us at 3pm on Wednesday 30th July for a lively debate on the state of security when it comes to insecure applications and platforms, and help you realise both how to manage vulnerabilities and fix what our speakers deem to be the most critical flaws first.

Click here to register now for the webinar.

celebration toast with champagne

 

We are hosting our first round table lunch following on from the IT security Analyst & CISO Forum events.  Joining us at the lunch will be 10+ CISOs, all drawn from the FTSE 500 as well as government departments and charities, together with representatives from the sponsoring vendor company and IT Security Guru, who will discuss information security pain points under the Chatham House Rule.  We will then go on to discuss other current concerns of the CISOs and share intelligence on how they are dealing with them. The first roundtable lunch takes place on Wednesday 17th September 2014, 12:00 – 14:00, at Gordon Ramsey’s Savoy Grill in a private dining room at The Savoy, Strand, London WC2R 0EU and is sponsored by Imperva.  Because Amichai Shulman their CTO is flying over from Israel to present at the lunch we already have far more CISOs than anticipated, which is a nice way to start.

Each lunch will reflect the theme that’s chosen by the sponsoring company and will give you a great opportunity to get the topics you want to talk about discussed amongst the UK’s top security practitioners.

Drop us a line if you’d like more information on sponsoring this event as a vendor or attending as a CISO, we can begin organising it today!

Contact Gemma Harris – gemma@eskenzipr.com  – Tel: 0207 183 2842

We’re delighted to announce that the IT security guru is now available to produce product reviews which are written by the UK’s leading reviewer Dave Mitchell.  Dave has the largest IT security testing lab in the UK and is well respected for the reviews he’s been doing for a few decades for SC magazine, Network Computing, Computing Security and IT Pro.

IT security guru will be charging just £999 for each review which will be heavily promoted throughout the Guru website and published in the Guru newsletter which goes to 3000 IT security professionals. Plus you will also have the rights to distribute the review as a pdf.

The review will based on a score card around:

  • Value
  • Performance
  • Features
  • Ease of Use
  • Support
  • And an overall score

He will also have an editor’s choice recommended by the Guru for:

  • Enterprise
  • SMB
  • Mid Range
  • Best in Class.

He will need a minimum of a month to review the product and we would need to decide when you want to have it published. We’ll support it with graphs and make it look nice for the review.

You can see our first review which was carried out by Dave Mitchell for AppRiver here.

If you are interested in a review in the www.itsecurityguru.org please contact Yvonne at Yvonne@eskenzipr.com or 0207 1832 832.

Black_Hat_-_USA

 

This will be the third year we’ve suffered the ridiculous 120 degree heat in Vegas to visit Black Hat.  However, it’s not too much of a sacrifice as it’s such a cool show –  how could we possibly not be there?  It gives us a great chance to meet up with all of our clients and to find out what’s really happening in the IT security industry.

If you’ve got a stand there here are some suggestions how to make it work for you:

  • Stand-out from the crowd by having huge lettering on your stand that tells the visitor exactly what you do.  Why does no one ever do that?
  • Have some fun give-aways that will have a long shelf life that people will remember you by.  Only give them away once you’ve gauged whether the person will make a great customer!
  • Don’t swipe people for the sake of it – have a conversation and only take their details if they are going to be a solid lead.
  • Don’t get so pissed the night before that you can’t function the two days that you need to!
  • Use it as an opportunity to network and speak to your competitors, partners and as many potential customers as possible.
  • Do attend as many parties as you can – networking is what it’s all about – and don’t get too pissed!!! I know it’s tempting but in the heat and standing up for 10 hours it isn’t a great feeling!
  • Make sure that everyone on your stand is alert, smart and active – everyone that walks past is a potential lead.
  • This isn’t a show made up of students wasting your time – they may look it but they aren’t – milk every lead.
  • Hand out literature, give-aways and a smile at every opportunity.
  • Most of all enjoy and come home with lots of prospects.

We’ll be there so if you see us say hi!

hacker

 

Have you ever fancied writing a short story?  Here’s your chance.  We’re putting together a book of short stories based on thrilling IT security scenarios.

The sole essence would be to push home the idea that IT security is a real threat with the intention of making people sit up and think about the ramification of what they see in the press, what they do themselves and hopefully build IT security awareness and good practices.

I’d like every short story to be written by an IT security professional who can allow their imagination to run riot.  I’m hoping for around 1000 – 2000 words on a fictional tale of woe.  After each section I’d like the vendor company to offer hints and tips on how to make sure this scenario will never come to fruition.

Apart from producing a book that’s a thoroughly riveting read we’re also hoping to donate all proceeds from the book, once it’s been illustrated, to the White Hat Charity – who support ChildLine and the NSPCC.

GET SAFE ONLINE will promote it to their 1m readers and also the CISO community has also promised to promote it to their end-users and stake-holders.  We also will be pushing it out through various publications including www.itsecurityguru.org

We’ll be choosing stories on their merit – so if you’d like to send us a short synopsis we’ll have a read and come back to you with our thoughts.  The stories need to be finished by 1st September and we’re hoping to distribute the book during October which is IT security awareness month.

Please email your submissions to Yvonne@eskenzipr.com

This summer saw Eskenzi host it’s eighth IT Security analyst and CISO forum and once again, it was a huge success.

This was my first time at the event and it was really good to see some of the biggest names in the sector come together to not only share ideas, but also pass their judgement upon the various sponsoring vendors. I was given the opportunity to shoot videos with the analysts and ask a series of questions, these videos which are now on the website www.itsecurityguru.org

The main crux of the first day was around the analysts meeting the vendors, and after a social soiree the second day saw these vendors, analysts and some of the leading CISOs and security managers get the opportunity to ask and answer questions from the assembled group. In fact it was less a grilling, and more the industry’s finest coming together on a giant roundtable – with the CISOs honestly bearing all, niggles, challenges and concerns.

Many of the analysts fly over especially from the US to attend this event and for many it is the only event they go to where they don’t charge, as they find that the vendors and end-user meetings are totally invaluable and mould their future reports and thought-processes.

For many of the vendors who participated it was great to see so many CTOs also fly over from the US, who literally get to meet all the analysts they need to, in one place all at one time.

Those analysts I got the chance to speak to told me how valuable the event was to them, and for the vendors who took the time to invest in the event, they got an valuable insight into what the analysts think and what their customers want.

If you are finding that your analyst relations are lacking somewhat, look to get involved next year.

Elsewhere we have been busy getting out and about; I was delighted to be invited to international conferences hosted by EEMA in Vienna, by Queens University Belfast’s Centre for Secure IT and in September I’ll be among the speakers at the UK’s hacker event 44con.

- By Dan Raywood

bug picture

So what bugs really bite at CISOs?

  1. Malware bugs
  2. Those Hacker buggers
  3. Their staff
  4. Or lack of staff
  5. State on state bugs

Actually, what really gets their goat is No.2, the staff who continually mess everything up for them, and then No. 3, the lack of trained, skilled staff who know how to stop the stupid people screwing up their systems.

How do I know this? Because once a year Eskenzi PR organises the IT security analyst & CISO forum where we get a room full of very outspoken CISOs who really don’t hold back when it comes to sharing their thoughts, bug-bears and irritations with their peers.  A few select vendors are invited to hear from the community who buy their wares and we also fly in a dozen of the world’s top analysts who learn from these heated and honest exchanges.

Looking in from where I sit, I’d have thought they would be most worried about all the external threats tirelessly trying to get in their networks from every angle.  However, these breaches and bugs are not what get these guys riled up; that’s par the course – something they expect and can almost prepare for.  What they all share is a real frustration in that they can find the technology to prevent the breaches and bugs, but their users turn it all on its head with their stupidity – and it’s a problem that doesn’t seem to want to go away.

One comment I especially liked was “you can’t take the IdioT out of the user” – it’s what they do with the data that’s the biggest problem!  Another observation came from an impressive female CISO who said that 100% of computer crime involves people.  Obvious, but she’s right and it makes you think!

Okay – here’s the lesson: we must learn to respect the data we use on a daily basis. That means wherever it is and whenever we’re using it, we need to consider whether it is valuable and, if it falls into the wrong hands, what harm could it do to ourselves, the customer and of course the company?

However, one eminent venture capitalist who attended our event cited a recent Economist article that stated that stock prices are often unaffected by breaches, which starts to make me really confused – what’s it all about if you can suffer a major breach and then it doesn’t really affect the company –  why bother?  Maybe that’s why CISOs are so relaxed about external threats!

But it does cost money to sort out the mess that users make when they infect a system by opening an infected email or uploading infected data from a contaminated USB.

Apart from being hugely frustrated by their internal staff, which was definitely shared by all concerned, it seems that the second really big pain point is the lack of skilled people in IT security.  There just isn’t the quality or quantity and, when you do find someone, they just don’t know how to communicate to get their message across.  There was a common thread in the discussion, where they felt that when they did find the right people with the right skills they then couldn’t fit in with the culture of the company.  The big question is how do you turn geeks into people’s people in order to get the funds for IT security from the board?  One very smart CISO, (although saying that all the CISOs that attend our event are the smart ones that take a real effort in collaborating and pushing the boundaries) gets a digital agency to help with his messaging and visuals so that when he has that very small window of opportunity to talk to the board, they quickly get it!

They all believe that, in order to get things done in IT security, you’ve got to become a good communicator – which means investing in training to communicate well so you can be compelling and convincing.  You need to talk to the board in the language they understand and that goes for the users themselves.

Another smart suggestion to get skilled people to push the IT security message was from a CISO who had employed the CEO’s PA to come and work for him, as she knew exactly the culture of the company and how to get around everyone to get them to listen. She knew politically who to push and who to ask to get things done.  So employing internally and drawing talent from other parts of the company was definitely a method that had worked for this particular CISO.

Everyone thought that a framework of the right questions that the board should ask the CISOs was a good way to go, and badly needed.

I suppose the conclusion to the day was that no matter what happens out there, the CISO’s biggest concern is to keep their own houses in order; and that means training their staff to respect the data they deal with and getting them the right employees who know how to communicate to help them to do this.

Yvonne Eskenzi Yvonne@eskenzipr.com

ebay

 

We’re at a time where Cybersecurity is internationally one of the most important factors for individuals as well as companies alike. Yet data breaches are happening with a higher frequency and making headline news at an alarming pace; this makes our job incredibly exciting and allows us to provide media coverage for our clients at an exponential rate.

Recently, eBay – one of the largest online retailers worldwide – was the victim of a large scale data breach that came to light at the end of last week, revealing the credentials of around 233m users had been accessed. Although no financial information had been obtained by the hackers, information such as encrypted passwords, customer names, dates of birth, and contact details had been affected.
Our coverage highlights from the news included:

-          The Telegraph (AppRiver, Voltage)

-          The Guardian (AppRiver)

-          Sky News (ESET, Tripwire)

-          BBC News (ESET)

-          ITV News (ESETtwice!)

-          The Independent (Voltage)

-          The Mirror (IT Security Guru)

-          International Business Times (Tripwire)

-          Yahoo Finance (Bromium)

-          SC Magazine (ESET, AppRiver)

-          IT Security Guru (ESET, Tripwire)

-          V3 (Tripwire, Sestus, Voltage)

-          Tech Week Europe (Voltage, Tripwire)

-          CIR (AppRiver, Sestus)

-          Techworld (Sestus)

-          Nulzsec (ESET)

-          Information Security Buzz (ESET)

-          Security FAQs (ESET)

We’re thrilled that our clients are so cooperative and available for media opportunities such as these that move so rapidly. This has been a brilliant week and one that we’re happy to boast just a little about!

 

yvonne blo

 

As I write this blog I can’t quite believe that for every week in the past 8 weeks Eskenzi has won a new client. However, as my mother just told me “I hope you haven’t mentioned this to anyone as you’ll sound ever so boastful!”  Now isn’t that so typically English and why can’t I shout from the roof tops about this achievement , it’s taken almost 20 years to get here and we are in PR after all, so who else is going to blow our trumpet if we don’t do it for ourselves!

It’s a weird old world running a PR business and I suppose for Neil and myself this sudden growth comes down to a change in attitude and circumstance. After 17 years of happily running a small boutique agency from our home, with 8 people trekking through our house every day it was our kids who finally suggested that it was time to move out and “leave home”.  Buying our huge warehouse in Barnet and renovating it before moving in exactly this same week last year I suppose was the turning point for our growth.  It’s given us 2,500sq ft of light, flexible creative space which we’ve been able to fill with the most wonderful people – now our staff can come and go like they never could when we worked from home plus we can employ interns, apprentices and really top notch people who can cut the mustard as we have the space to accommodate them.

Leaving the Infosecurity account was also one of the best things we’ve ever done after 17 long years of managing the PR – gosh that’s been emancipating.  It meant for the first time this year Infosec was a joy – without the burden of trying to get 300 press into the press office and trying to appease 350 exhibitors, not to mention Reed themselves.  Instead we opted to do our own PR around the show including organising 145 press and analyst interviews for our clients, arrange a best practices workshop for the heads of marketing for all our clients, host a speed dating press lunch for 25 press and organise an Eskenzi party for 100 people including analysts, press, CISOs, bloggers and CEOs on the first night! Oh and I almost forgot the IT security guru headed by the wonderful Dan Raywood, also meant taking numerous videos, blogs, write copy and sponsor B-sides all during Infosecurity too!

Reflecting on the last year it’s been the best ever and I really can’t thank the most wonderful team we’ve ever had for making it so. That success is also most definitely down to the type of clients that we have on board all of which are dynamic, fun, innovative and interesting.  PR is very much a two way process so we choose our clients carefully as much as it takes them to choose us – so the 8 most recent clients to Eskenzi we welcome you on board and very much look forward to working with you and building your brands not only in the UK but for many in Germany, France and even in the US – welcome Alert Logic, Bromium, ESET, Pirean, Proofpoint, RedSeal, Sestus, Silent Circle.  So enough trumpet blowing – the reality is it’s time to get down to some real work!

sorry, I don’t speak ….

 

Infosecurity is just a few days away and, as is traditional, at Eskenzi we’ve been ‘persuading’ journalists to meet with our IT experts. With that in mind, we thought it a good idea to draw up the rules of engagement to make sure you leave the right impression.

 

Here are our ‘top ten’ tips when getting ready to brief a journalist:

 

Rule 1: Decide what YOU want from the press briefing

There will be those that think briefing the press is purely about getting your words printed. While column inches are important, not every briefing will – nor should it, lead to immediate coverage. Infosecurity, and shows like it, are the perfect environment to meet with journalists and establish your position as a thought leader – so it that’s what you want from the briefing, make sure that’s what the journalist takes away from the discussion.

 

Rule 2: Read the briefing pack

If you’re meeting a journalist, and your agency has done its job well, you should have a lovely thick briefing document full of critical clues about the personalities you will meet. Take the time to digest this information and plan what you will tell the people you’re meeting. Knowing a bit about the journalist, and the readership they’re writing for, can save a lot of embarrassment when you’re sitting in front of them.

 

Rule 3: Don’t speak in tongues

While you might know what an AV is, how DDoS attacks work, what makes a succinct ACL, or even what IDS can tell you – the person across the table may not. Establish right at the start the level of understanding the journalist possesses and then use the appropriate language.

 

While on this point – avoid ‘buzzwords’. Everyone claims to have revolutionised something and levelled the playing field. Unless you’re planning a game of ‘cliché bingo’, let’s not talk about game changers.

 

Rule 4: Tailor your pitch

Remember to consider the audience the journalist is writing for and tell him things that will interest his readers. There’s no point telling The Telegraph why CISOs need to take a layered approach to enterprise security. Similarly, The Register isn’t going to thank you for filling him in on the features of an app that will track best before dates of food in a fridge and simplify the working person’s life.

 

Rule 5: Prepare your points

This leads me to the next point – decide what the key take-aways from each briefing are and make sure you get these across. Typically exhibitions are busy for all concerned, with each briefing only likely to last 30 minutes. Be realistic about what you can adequately cover in this timeframe. For example, rather than try and tell the journalist about 60 different threat variants in detail, explore ‘themes’ and determine which are of interest, with a view to arranging follow up interviews after the show.

 

Before we move on – and especially if you have any first briefings with a particular journalist, be prepared to open with a bit about your company and what it does. If you’ve never quite mastered your ‘elevator pitch’, now is the time. A 20 minute introduction isn’t going to leave a lot of time for anything else.

 

Rule 6: Ask what the journalist wants/needs from the briefing

This isn’t a one sided relationship as you both need to get something from the discussion. The journalist obviously has heard something about you that’s piqued their interest, so ask what it is and then make sure you cover it. It’s also good to end, or even start, the conversation by asking the journalist what stories they’re working on to see if any fit your area of expertise.

 

Rule 7: Don’t say anything you’re not prepared to read

While you can say something is ‘off the record’, you’re really leaving it to trust by divulging juicy gossip. And though I’d never say it to their face, there’s more than one journalist I wouldn’t trust alone with my grandma. If you don’t want to tell a journalist something, then don’t. If they try to draw you further on a subject that you’re uncomfortable with, politely decline. There’s no law that says you have to answer their questions.

 

Similarly, and even though it’s obvious I’m still going to say it, don’t say anything that could be considered defamatory about another person or organisation – unless you can 100% prove the statement. After all, no-one want’s an expensive lawsuit.

 

Rule 8: If you don’t know about it, then don’t talk about it

If you’re asked a question and you either don’t understand, or it’s a subject that you have little to no experience of, then say so. Like in every day life, there’s more respect for someone’s honesty about their limitations than obvious blustering and the horrendous smell of BS.

 

Rule 9: Don’t Rant

There are a few journalists who court controversy and use an aggressive approach – don’t lose your cool. If it’s going really badly, end the conversation and walk away making sure you take your dignity with you.

 

While on this subject, every PR person I know has at least one experience of a hijacked briefing that’s been used as an opportunity to tell a journalist ‘what they think of them’. I strongly advise anyone and everyone against this approach. Not only can it ruin the agency’s relationship with the journalist, which they won’t thank you for, but it’s unlikely to be a successful tactic to building a strong working partnership in the future! If you don’t like them – don’t brief them.

 

Rule 10: Relax and have fun

Life’s too short – so enjoy the conversations but don’t get too stressed if it doesn’t quite go to plan. Tomorrow’s another day, next year’s another show, and guaranteed at some point in the future there’ll be the chance for another briefing.

 

Happy Infosec everyone.

 

- Dulcie McLerie -

Follow

Get every new post delivered to your Inbox.