By Ann Grove, Logical's President

Original post: 8/2/2017
Updated: 4/11/2019

​If you are looking for opportunities to keep your finger on the pulse of security, podcasts fit the bill. Here are some of our favorite security podcasts, in alphabetical order.

1. Brakeing Down Security sample topics include conferences, software bloat, containerization, and technology culture. Hosts Bryan Brake, Brian Boettcher, and Amanda Berlin broadcast every week or two.  
2. The Crypto-Gram Security Podcast is Bruce Schneier's newsletter, read by Dan Henage. Schneier covers news and books that are often overlooked by others.
3. Cyber Security Interviews for insights into the minds of security thought leaders and the direction of the industry.
4. The Cyberwire podcast lineup includes a daily 20-minute podcast covering news about cyberspace and commentary.
5. The Defensive Security Podcast is a deep dive into recent cyber security breaches with Jerry Bell and Andrew Kalat. 
6. The Down the Security Rabbithole Podcast provides "a business-first approach" to security hacks, risks, and threats.
7. Hackable? by McAfee promises "a front row seat to explore where we’re susceptible in our daily routines, without even realizing it." (A recommendation from valued Cornelius George.) 
8. ITSPmagazine discusses security within the context of IT, privacy, and society.
9. Malicious Life by Cybereason tells the unknown stories of the history of cybersecurity, with comments and reflections by real hackers, security experts, journalists, and politicians
10. Paul's Security Weekly (aka Paul Dotcom), in play since about 2005, features security nerds talking shop. Check out the team's other shows at that link: Enterprise Security Weekly, Hack Naked News, Business Security Weekly, Secure Digital Life, Tradecraft Security Weekly, and Application Security Weekly.
11. Risky Business, hosted by Patrick Gray since 2007. Security luminaries provide commentary.
12. SANS Internet Storm Center StormCast, security threat updates in 10 minutes or less for the TL;DR crowd.
13. The Secure Developer covers application security, security tools for developers, and development best practices. Guy Podjarny, CEO at Snyk, launched this podcast in 2016.
14. Security Now! with Steve Gibson and Leo Laporte in part focuses on the evolution vulns and security with a smattering of news and trends. On the air since 2005.
15. The 7-minute Security Podcast has been talking about pentesting, blue teaming, and building a career in security since 2004. Bonus: Check out host Brian Johnson's  original song, CryptoLocker'd, inspired by a client experience in 2017.
16. The Silver Bullet Security Podcast with Gary McGraw is published once a month since 2006. He shuffles in interviews with government officials and academians in addition to security aficionados, and discusses topics such as encryption, robot problems, and securing cities.
17. The Social-Engineer Podcast is about the risks humans create in interacting with technology. 
18. The Southern Fried Security Podcast, with more than 200 episodes,  is a view of security from the C suite and upper management. 
19. The Unsupervised Learning Podcast features host Daniel Miessler providing perspective on the impact of technology and security developments. It's Daniel's summary of 20 hours of reading each week. 

Let us know if you have any podcasts to add! 


About Ann

​Ann Grove, president of Logical, is Logical’s lead consultant. Logical's clients include security and compliance vendors as well as penetration test consultants. 

By Ann Grove, Logical's President

Note from Ann: I wrote a draft of this article in 2012 and just stumbled across it today. Still true!
 
Whatever you are bringing to the market, you really don’t need to create a brand … because whatever you want to brand, even if it is "brand new," already has some brand attributes.
 
A brand is simply the feelings or themes associated with an item or experience. When people think of you, your company, or your products or services, they probably already have some adjectives in mind. That is a brand.
 
What can have a brand? Practically any noun has a brand. Your dog, cockroaches, a bridge you travel, your mother-in-law, the governor, and Homeland Security, to name a few. Each evokes a certain connotation when mentioned. Even some experiences such as sky diving have a brand.
 
Examples:

• An employee says, “That team is difficult to work with.” That team’s brand includes the theme “not helpful.”


• A user says, “Rather than improve my efficiency, this piece of software is making me less productive.” That software product’s brand includes the theme “not intuitive” or “buggy.”


• An employee who has a great reputation for getting things done. That person’s brand includes the theme “productive.”

So what about a completely new company, product, or service? Surely that doesn’t have a brand, right? Well, brand attributes are transferable. For instance, customers could hear about a new offering and say: “I am not going to buy that because once you sign a contract with that type of offering or company, you don’t get the promised support.” A new company takes on additional attributes from its founders.
 
So really your goal in a branding exercise is to better manage or even change your brand’s themes and messages and also to differentiate your brand so that it is distinguishable from other brands. You want to influence the picture that pop’s into people’s heads when they think of your brand. That’s not always as simple as adjusting your messaging; in fact often, especially with mature brands, upleveling brand perception requires a dedicated effort to deliver that delightful customer experience the brand already aspires to.
 
Yes, it can be hard work. But since the market consistently moves to commoditize every product and service to create a race to the bottom for costs and fees, brand management and brand differentiation are absolutely necessary for brand success.
 
Other thoughts
 
Here are some related topics I might hit in future articles:

• Branding is about perception, not reality.
• Be willing to hear about negative things people say about your brand, so you can address them.
• Brand magic: Be who you say you are.
• Why do some brands succeed in the short-term and fail in the long-term?

About Ann
 
Ann has been writing about branding since at least 2007 when she created a job hunter boot camp, titled “Personal Marketing 101: The Brand Called You.” She would love to work with you on your next white paper project or any other compliance or security documentation you need.  Reach Ann using the Contact page.  

True story: I once helped a client go from winning an average of one out of 10 Requests for Proposal (RFPs) to winning 12 out of 15. In other words, they went from a 10% win ratio to 75%. For my three crazy months with them, we won won won.
 
Another success: a different client had an existing customer that issued an RFP specifically written to my client’s perceived weaknesses. After reviewing our response, the customer canceled the RFP and continued retaining my client.
 
More typically, I help organizations that have a 10 to 15% win ratio; together we increase the win ratio to 35 to 50%.
 
A good foundation
 
Of course, these organizations have a good foundation to build on. They typically have an understanding of their own strengths and the strengths of competitors, a system to identify opportunities, and a system to make good go-no go decisions to ensure they aren’t shooting blind. They also have some great, willing client references. Still the win ratio doesn’t align with these strengths.
 
Incorrect focus
 
The most common problem that depresses an organization's win ratio is that it values holding down expenses more than it values increasing sales. It saves money by not hiring a skilled RFP writer or perhaps not hiring enough of them or not deploying technologies that allow a team to scale. Therefore, a significant portion of RFP responsibilities fall to others such as sales, business development, administrative, and technical personnel. Although some organizations believe that sales and business development professionals are well positioned for proposal development because they are intimately familiar with clients and sales messaging, these people are talkers, not writers. Because the gold is still in the phone for the most part, let’s keep those people talking and find someone else to do the writing. But don’t look to technical and administrative parties to pick up the slack; they are unlikely to get exceptional results due to the burdens of their primary (sometimes billable) roles.
 
Some bad math
 
The irony is that making do in this case doesn’t actually make sense mathematically. How much is an organization saving if the lack of a solid proposal generation infrastructure is keeping the win ratio at 10 to 15% instead of 35 to 50%? Besides suppressing revenue, this approach holds down the average deal size, significantly limits the number of RFPs an organization can pursue, and distracts the organization.
 
Win more often
 
Even without a dedicated writer, it is possible to win more often by doing what that top-notch writer would do. He or she would help the proposer differentiate and stand apart from competitors based on factors in addition to price.
 
Think about the RFP process – it is designed to create a level playing field so that the buyer can compare apples to apples. An RFP demands a structured response that drives buyers and proposers to view offerings as commodities with a heavy emphasis on price. In fact, the RFP system is founded on the belief that all offerings are roughly equivalent.
 
The only way to combat this push toward commoditization is differentiation. The winning offer stands out from the pack, demonstrating that the winner is proposing not merely an apple but a superior fruit. The response points out how the buyer will not be well served by an apple. This doesn’t eliminate consideration of price but it does demote its importance by placing it within the context of other factors. I’m not talking about using slippery sales language. I’m talking about helping the buyer understand its true needs. For instance, my responses often include follow-up questions that the buyer may want to put to short-listed vendors, to deepen the buyer’s understanding of proposed offerings.
 
Conclusion
 
Let’s get to the bottom line. What is required to win more often? An organization begins winning more when it realizes that the RFP response and any short-list presentation are opportunities to address the requirements hidden behind the stated RFP requirements.
 
About Ann
 
Ann Grove, president of Logical Writing Solution, Inc., helps security teams and security vendors with all sorts of communication including RFP responses, proposals, and statements of work. She also helps enterprises with security policies and documentation. Learn more at https://www.logicalwriters.com or call Ann at +1.717.891.3282. 

By Ann Grove, Logical's President

We can expect major shifts in the common practice of requiring potential buyers to provide personal information in exchange for access to white papers and webinars as regulators begin enforcing the EU’s General Data Protection Regulation (GDPR) which became effective in May 2018.

The GDPR decision against Google today directly relates to these lead generation practices.

The French GDPR regulator (CNIL) found that Google users were automatically opted in to have their data tracked for the purpose of delivering personalized ads because the opt-in checkbox was ticked on by default; the default should have been a clear checkbox to indicate opt out. In addition, the blanket consent should have been split into multiple checkboxes so that a user would consent separately for each use of the private information, CNIL found.

“This sanction is particularly detrimental to Google as it directly challenges its business model and will, in all likelihood, require them to deeply modify their provision of services,” Sonia Cissé, Managing Associate at Linklaters, a law firm, told Reuters (https://www.reuters.com/article/us-google-privacy-france/france-fines-google-57-million-for-european-privacy-rule-breach-idUSKCN1PF208).

Many Business-to-Business marketers employ practices similar to Google for “gating” content and so may likewise soon find themselves reworking their business models. Gating is the process of requiring users to submit private contact information in order to gain access to high-value content such as white papers and webinars.
​
Potential GDPR problems with gating include:

• A registration form should not require the user to enter contact information without informing the user how that information will be used.
• A registration form should not feature a locked opt-in checkbox that is ticked on by default -OR- feature an opt-in checkbox that is ticked on by default that may be deselected. The default should be a clear checkbox indicating opt out, according to the Google decision.
• A registration form should not contain a single opt-in checkbox when the user is consenting to multiple uses of the information and/or different types of processing. For instance, some GDPR advocates theorize that at least two checkboxes would be required if the user agrees to receive requested content by email and receive future marketing emails. Checkboxes should be granular. Vague or blanket consent is not adequate, according to the Google decision.

In addition, certain conditions render consent invalid under GDPR. For instance, consent is invalid when private information is not realistically needed to deliver a service. This seems this would directly apply to gating. The UK Information Commissioner’s Office’s Guide to GDPR explains that organizations should “avoid making consent to processing a precondition of a service.”

Since GDPR enforcement is relatively new, the exact impact on gating is unclear. However, it is clear that by focusing on the collection and use of private information, GDPR regulators are taking a markedly different approach from US privacy regulators who focus fines almost exclusively on breaches.

In part to avoid GDPR risk, some organizations such as ChartMogul have discontinued using gating for now (https://blog.chartmogul.com/gated-content/).

About Ann
Ann Grove, a Certified Information Privacy Professional, writes about security and privacy for vendors and consultancies. She also helps enterprises develop policies and procedures and documents workflows for security and compliance. Please ask Ann if you would like to republish this article.
​​

Many marketers consider white papers the leading tool for influencing buyers, and yet they are difficult and expensive to create and sometimes fail to capture buyer attention. If you want a successful white paper, I offer these thoughts on what you SHOULDN’T do. If you don’t believe me, do some testing.
​
Without further adieu, top reasons white papers fail:

1. Your paper fails to deliver value. It is too salesy. It lacks substance, is poorly written, or is inaccurate. This is the Number 1 complaint I hear and quite honestly it makes people angry. The reader considers the white paper a contract: they give you their attention to read it and you deliver some sort of value in the form of knowledge. If you don’t deliver as expected, they are unlikely to do business with you and unlikely to download your future papers. Nobody likes to be tricked into wasting their time as a sales target.
2. You make it too difficult to obtain the paper. (a) You require too much information to register. The more information you require on your registration form, the less likely people are to complete the transaction. Name and email address are all that are truly required. People are going to drop off when you start requiring telephone number, place of employment, etc. (b) You block gmail and other free email domains. I saw this the other day on a webinar registration form for Amy Porterfield who supports course entrepreneurs, and I was baffled that someone with that audience would block gmail addresses. Legitimate buyers sometimes use free email domains. For instance, sometimes a buyer will need to research a purchase but is not authorized to represent the organization. Also, sometimes in these days of spam and malware, a legitimate buyer prefers not to put their company email at risk. Do you really want to turn them away at the door? By the way, if the goal is to prevent spam registration, consider adding a CAPTCHA test to detect a human or add a custom profile question such as “Are you a robot?”
3. Your paper's title is too long.  Literally, the shorter the title, the better it generally performs, assuming it is still descriptive. Try questions and active language. Focus on outcome. If you have too much information, put it into a subhead. Paper title is an easy candidate for A/B testing.
4. You are talking to the wrong audience. If you are targeting the C suite, you need to talk about business problems instead of technology problems. If you are targeting technical folks, you better be air tight on technical facts. You can sometimes appeal to both audiences by having a business-oriented introduction and conclusion (for those who flip to the end) and a well written technical section in the middle. If you play it well, the tech audience will hand your paper up and the managers will hand your paper down.
5. You don’t have the social media or sales maturity to adequately distribute and promote the piece.  
6. This is your first and only white paper. If so, people are not used to looking to you for thought leadership. Try producing a couple more and also produce several related blog pieces per paper to boost traffic and build authority.
7. Your paper lacks visual appeal. Try adding an infographic. See if icons are effective for you; some people say the use of icons is on its way out, but iconography is currently alive and well so consider it. Also, while many in marketing look down upon stock photography, testing shows that people still respond to a person looking directly into the camera so test that with your audience too. Testing eliminates the need for guessing. Get to know your audience and do what works.
8. There is no apparent call to action or next step. Ideally, you should include a call to action to move the reader deeper into the sales cycle, from awareness to prospect to client. A call to action can prompt the reader to get the next white paper, webinar, or resource such as templates, for instance. I prefer to put the call on a page following the conclusion, so the ask is separate from the valued content. You can get away with a weak or missing call to action if your main distribution channel is your sales force, because they will naturally follow up and escort the prospect to the next step.
9. You chose the wrong writer or failed to provide your writer with the right support. The writer must be someone who isn’t afraid to get in the weeds with independent research and a technical collaborator to create quality content. Don’t assume that someone who can write blog posts can also write white papers. Likewise, a white paper editor may be a willing writer but lacking in some skills. Sure, give your resource a chance but provide a coach or have a better-suited resource on call in case things don't work out.
10. Reader’s choice. What would you add?

 
About Ann

Ann Grove is often Logical’s lead consultant. She is known for producing security and compliance white papers that resonate with the C suite.  In January 2019, Ann started a Facebook group, White Paper Mastery, for white paper enthusiasts.