Evolved Thinking

The Year of our Lord 2011 is a tough one to box in.

Is it the death or birth of innovation (Steve Jobs and the vision he left behind vs. the birth of Amazon’s Jeff Bezos as Steve Jobs Jr.)? Or, the year that the world woke up by laying down in parks across our great land, taking the occasional walk around to find a TV camera — that is until Christmas and the cold weather rolled in? OR … just more of the same good, bad and ugly. The words Sandusky, Casey Anthony, and  Republican Idiot Droids like Bachmann, Perry Overdrive and painfully vocal news readers who should find a new script like Megyn Kelly left a dent in my brain that will be hard to hammer out in the coming year.

Only the Lord himself knows for sure, but one thing I do know, 2011 did a lot to activate my senses in a good way. I’ll boil it down to my Top 5 — one for each of my senses collectively and individually overloaded.

Enjoy! Numbers 2 through 5 are actually safe to do yourself. #1, well, take a look. Happy New Year! I hope we actually connect in human form in 2012!
Cheers.

1. Sight. “I couldn’t believe my eyes.”
Garrett McNamara’s Monster Ride

2. Sound. “Pure Ear Candy.”
Blitzen Trapper — American Goldwing + Furr (yeah, I know only AG came out this year, but both were good to me in 2011)

Singles:

Lonely Boy – The Black Keys

Ain’t Fit to Live Here — Graveyard

Face to the Floor — Chevelle

The Ruminent Band — Fruit Bats

If I Had a Gun … Noel Gallagher’s High Flying Birds

Holocene – Bon Iver

Head is a Flame (Cool With It) — Portugal, The Man

The Suburbs — Arcade Fire

Get it Daddy — Sleeper Agent

Is And Is And Is — White Denim

Pumped Up Kicks — Foster the People

The Kooks — F*** the World off

Moves Like Jaggar — Maroon 5 (Admit it … this song is like crack on ecstasy!)

And … the Welcome back Award goes to Brian Jonestown Massacre after I finally heard them this year in the Boardwalk Empire intro with “Straight Up and Down.” Yes!

3. Smell. A Tie: Paul Mitchell Awapuhi Shampoo & Jonathan Antin’s Silky Dirt (R) hair product. These provide a complete Jedi Nose Trick at the start of every day that fools my brain momentarily into thinking I live somewhere warm and tropical.

4. Touch. The Kindle Fire — Finally! Something that responds well when I poke or swipe at it — and keeps coming back for more! It is worth every damn penny for that reason alone.

5. Taste: The Beef Brisket Flatbread w/ Onion Rings Tongue-gasm from Eat This! in Portland, Oregon 

EAT THIS! Even better now that it's loaded it with Onion Rings!

Seriously … no, SERIOUSLY … so good you make happy noises with every bite.

To an equally activating 2012.

Happy New Year!

Mark

This post is inspired by the word “Flow” — in all of its glory. Get your flow on with Queens of the Stone Age’s Go With the Flow while you meet your new marketing savant — ConBroChill.

Every five years or so, marketing gurus repackage the discipline of garnering influence, attention and brand loyalty into something that drives new ways to engage people to take action. Look no further than the growing allegiance to social media tools like Twitter, LinkedIn, Facebook, YouTube and Foursquare as a sign that Big Idea marketing from the mountaintop is giving way to crowdsourcing your way to a Compelling Idea.

My friends, we are on the cusp of another such evolution in marketing. For lack of a better term, I’ll float one for consideration – Bro-cial Media. The pillars of Bro-cial Media are simple:

• Don’t just know your audience. Be your audience.
• Feed your audience with content that makes them hungry for more
• Deliver content in a medium your audience likes to consume

The big brains at Nonbox, an integrated marketing firm in Portland, Ore., recently introduced me to a sports marketing client of theirs that is letting it flow in more ways than one: Connor Martin and his alter ego ConBroChill. Nonbox partners were quick to point out that Martin is responsible for creating a  strong  reverse-mentoring relationship with the agency on bootstrap digital marketing efforts that attract active followers.  Nonbox, in turn, is delivering its deep reservoir of sports marketing connections to Martin as they advise him on the opportunities his gregarious personality and sun-drenched good looks are bringing to the surface.

This former pro lacrosse star born and raised in the Northwest is more than a flowing mane (aka The Flow), with a penchant for the bombastic and a persona that’s part MTV’s Puck Rainey and part Jason Mewes of Jay and Silent Bob fame. This wholesome kid next door is a bonafide digital media sensation.

With YouTube creations constructed using his dad’s video camera, Connor Martin/ConBroChill brings as many as 500,000 like-minded sports enthusiasts to him with every  three- to five-minute dispatch. This popularity has created a product-pitching hotbed for CBro and his sponsors, as well as opened the door to him as an arena anthem creator…
and a current spate of possible television projects that could propel him into being a household name.

So what does this Bro-make-good story have to do with you, Mr./Mrs. CMO?

It’s time to quit looking for ways to make a Facebook profile relevant for your company or clients. It’s time to quit pushing Twitter messages out that trumpet how cool you are. Retire big idea thinking for a moment and go Bro-cial.

Here are five tips for integrating Bro-cial Media into your marketing mix as a company or for your clients:

1. Develop a persona for your brand. You may not be ConBroChill, but you are somebody. If you don’t know who you are — Ask your coveted audience.
2. Live where your prospects, fans, and competitors live. Is it YouTube? Is it LinkedIn? Is it in technology or industry forums or trade pubs? Don’t waste time building communities from scratch. Find out where your Bros are already hanging out.
3. Don’t be a witness. Be an activist! Participate. Engage with your bros and give them reasons to want to hang with you.
4. Be fresh – in attitude and in your content. Have an edge that reflects your persona  in everything you deliver and bring things to your bros that elicit action. Don’t just create for the sake of freshness.
5. Encourage frequent  interaction with your bros to stay current. Don’t pontificate in a vacuum. Unvalidated clever ideas from you or your marketing cohorts may make you laugh or feel empowered, but if they miss the mark you could end up with something like this flop:  Motrin Moms Mishap from Johnson & Johnson.

It’s time to welcome your new marketing muse to the table. His name is Connor Martin.

This blog post inspired by Welcome to the Machine by Pink Floyd. Refurbished from Dec. 21, 2010 post for @TripwireInc

Someone recently posed this question to me and a few cohorts here at Tripwire, the IT security company where I work:

What are your Top 5 IT Security Events for 2010?
At first, I responded with RSA, Blackhat, Infosecurity Europe,  B-Sides, etc., then realized the question attempted to get at incidents or interesting developments in the last year. That task proved to be much harder.

Any time I’ve been asked to cobble together a list of “Top anythings”,  it has always been  akin to “What are your Top 5 bands or movies?” By that, I mean,  they usually change George Costanza-style  on the drive home (video) (ohhhhh, I should’ve said < Insert obscure, uber-hip band name here>).

With that in mind, here are my Top 5 IT Security Stories/Incidents worthy of consideration in no particular order, with a detailed rationale for each of my choices. Agree? Disagree? Think of one on the drive home? Fire away in the comment section.-ME

The “Stuxnet Effect” on Cyber Security
In 2010, “Stuxnet”

1. Captured media and global governmental attention because it was the first high-profile case of a dramatic shifting of war from on-the-ground to the cyber world. While the republics of  Georgia and Estonia had illustrated this shift first in 2007, the Stuxnet attack in the Spring/Summer of 2010 brought the new battlefield home to the U.S. Government because it attacked Command and Control (SCADA) systems responsible for regulating the energy grid.
2. Showed, through its combination of four  Zero-day attacks  that very talented, coordinated and probably state-financed groups can wreak global havoc on really old equipment. Some energy grid systems are 50-80 years old and rife with vulnerabilities that are ripe for  current attack methods or modern advancements in  malware development.
3. Taught an important lesson: If you are a target of  this type of attack, it will happen and it is next to impossible to prevent.
4. The countermeasure for high profile targeted attacks such as these is to return to the basics of info and system security:
   1. Protect (monitor all systems around the clock for up-to-date patches and configurations across the entire IT infrastructure)
   2. Detect patterns of behavior that are suspicious using a correlation of suspect log events, system changes and near real-time alerting of configuration errors that attackers exploit
   3. Resolve compromises as fast as possible with the ability to find the breach and return systems to a secure state by combining a pre- and post-breach cyber forensics program and automating the system baselining process.
5. Another key lesson with Stuxnet that will hopefully have a lasting impact was the realization that an attack of this kind in one place is a global event that will require a global response and the cooperation of governments and businesses around the world.

Security & Compliance in The Cloud
Much like the concept of cyberwar in the Stuxnet example, “The Cloud” is here to stay. Your first clue is “The” in “The Cloud.” It’s kinda like Madonna, Cher, Prince or The Hoff. (No, not that “Hoff” ). Love ‘em or hate ‘em, once they’ve attained “The” status,  they’re not going anywhere. Why?

1. The Cloud  is largely perceived by business users as a lower cost, environmentally responsible alternative to cash- and energy-sucking server farms that are holding an exponentially growing deluge of data that exceeded the storage available in 2007 (See image).
2. Large cloud providers like Amazon have rushed to become PCI compliant in an effort to protect sensitive data, namely cardholder data, but the cautionary tale here is that providers, particularly small and medium businesses using The Cloud to cut corners and save money have to realize that they have a responsibility to secure their own systems and sensitive data as well or it can be compromised where it lives in their environment and on user systems
3. One other critical issue that security experts point to is that by storing sensitive data in one place, and sometimes in a shared environment with other companies, they have unintentionally created a very rich singular target for a patient, deliberate and well financed cyber crime organizations.
   
4. The key, and this is certainly true of where Tripwire is working to address security in the cloud, is to monitor the critical systems, infrastructure and sensitive data stored with cloud service providers, alert on high-risk behaviors in the public, private and hybrid cloud environments and resolve anomalies on demand to guard against cyber attacks of this kind.

Cyber forensics as an emerging industry

OK…I have to admit, I see a David Caruso spin-off here in our future, complete with aviator shades, IT-flavored one liners (“His Java Script didn’t have a happy ending”) and a screaming Who song (in my Top 5, btw).  Not sure if that’s a good thing or a bad thing,  but that digression aside, for me, the driving factors behind cyber forensics are:

1.    Rapid evolution of attack methods and malware have created the need to approach threat detection beyond the old signature-based model of known vulnerabilities to real-time behavioral analysis of anomalies  in an IT environment across systems, files and security controls already in place (firewalls, anti-virus, security policy frameworks like CIS, etc.).

2.    A desire to be proactive on IT security rather than reactive to breaches. Cyber forensics enables pre-breach analysis that can identify risks  and in most cases guard against a breach.  In addition, it improves incident response by delivering post-breach analysis for reporting purposes and identifies how sensitive data or systems were compromised to harden the environment against future attacks.

3.    Technology advancements that enable real-time, continuous monitoring, alerts based on suspicious occurrences and automated, intelligent resolution: Tripwire’s behavioral approach to detecting threats includes monitoring the IT ecosystem around the clock for incidents that weaken a company’s security posture, correlating suspicious log events and suspicious file changes in near real time to identify threats faster and on-demand remediation of any configuration errors in the environment that contributed to the breach.

SMBs taking a big-boy beating on the cyber attack front

1. Recent reports are pointing to a growing trend that cyber attackers are seeing the complex traps being set for them in the enterprise space with seven layers of security defense, complete with firewalls, IDS, IPS, Access management, threat behavior analysis via the correlation of file changes and suspicious log events, etc., and opting  to go for the easy pickings in the education, nonprofit and SMB sectors.
2. In complex DDoS attacks or  sophisticated botnets, these easier-to-access servers and machines are being used to attack larger targets en masse or providing simple, unfettered access to the sensitive data available and letting attackers collect data from a multitude of weakly guarded targets Examples include Zeus and its financial account access-stealing malware that continues to plague non-enterprise organizations.
3. While an IT budget vs. mission or security budget vs. headcount seesaw will always be at play in these cash-strapped and often technically challenged environments, it’s important to keep hammering on the fact that attackers see them as the path of least resistance for obtaining social security numbers, health records, financial accounts and/or an entire zombie army of machines poised to do their dirty work because  they are mostly likely  misconfigured  or poorly managed. All security do-gooders need to band together in the years to come to stem this rising tide.

Recent news feeding my fire on this trend:

Education sector most affected by malware

AmeriCorps Security Breach

SMB Cloud Is A Hacker’s Paradise

Cyber Criminals Now Target SMB Bank Accounts

Security industry consolidation
Point solutions like Arcsight (now a part of HP) and even larger security luminaries like McAfee (now a part of Intel) got gobbled up by larger mega corps to build out their portfolio in the white-hot security space.  In fact, according to my fingers and toes, in the last 5 years alone, 26 smaller companies Tripwire used to compete with head-t0-head are now part of the machine. In my view, this changes the landscape in two ways:

1. Security solution buyers will be tentative in buying yet another technology to throw into their security mix and seek out comprehensive security suites to address a multitude of their security and compliance challenges related to protecting sensitive data and critical systems.
2. Security solution providers, in their efforts to meet this buyer desire and address a complex threat landscape, will find themselves partnering with former adversaries to create super solutions in the security space built on providing better visibility into true threats, real-time detection and rapid resolution to avoid cataclysmic breaches with massive data losses.

I can hear you all now. What about Aurora? (Ohhhhh! Jerk Store!) What about WikiLeaks? What about…? Share your wisdom and defend it in the comments section below.

I hope you had an incident-free holiday. Welcome to 2011.

Wow! 77 days ago I had something to say. Now, I can’t think of anything worthwhile to write about. Hey…look at that? I just wrote something. Cool. See you again in 77 days, or less if I get frustrated by something.

Until then, I just finished John Lennon’s final interview in Rolling Stone. Buy the magazine and read it. Here’s a link to some audio of the interview that gave me chills.

Choice blip.fm cuts below

Beautiful Boy

Watching the Wheels

Happy Christmas

Working Class Hero

To peace, love and understanding. RIP JWL…And happy holidays everybody in my corner. To a 2011 that brings happiness and good fortune to the people with big hearts.
ME