This post repurposed and amended from a recent dispatch on Infosec Island.

Coming soon, either “Social Media is my Job Pimp” or “The Mobile Security Arms Race” Feel free to vote in the comments below. And now, without further ado…More than 88 Lines:

For those of you without an insatiable addiction to 80s punk, goth and new wave, the title of this post is inspired by the ’80s classic by The Nails — 88 Lines about 44 Women.  This song was the first thing that came to mind when the folks at Infosec Island asked me to join their band of security crazies as a regular contributor.

Flattered to be sure, given that I’ve only begun to cut my baby teeth in this space as a former vendor marketing hack.

Now, before you stop reading, one thing you should know is that my background (visit me on LinkedIn) has trained me all too well to take the tangled mess of Cyber, rootkit detection and eradication, Application (In)Security, common exploits, etc. and turn it into something that end-users actually understand and want to avoid.

With that in mind…and with your indulgence…here are my observations after nine whole months in the IT security sector–  88 lines about less than 44 weeks in Infosec. Let’s start with my Top 5, which, given my tendency to drone on, may end up being 88 lines.

1. From Week 1 to present, you have all sufficiently scared the holy hell out of me with how real, lucrative and mostly unavoidable cybercrime/cyberwar/cyber espionage is for targeted companies and people. Good show!

Any thoughts on taking your act on the road to senior citizen homes, community-sponsored events on online safety, schools, etc? Layer 8 (aka people for the uninitiated) needs you! It’s time to take what you know to the street and quit telling each other what you already know.

I’ll offer myself up as your first community leader in my hometown of Portland, Oregon… I’ll just need your brains and a help with a curriculum that makes sense. Help me help you!

I know millions of people even more ignorant than I on the perils of Internet stupidity. And they need to be reminded daily, not once a year in a thin public service announcement or press release by DHS during Cyber Security Awareness Week.

2. Information security isn’t about you. It’s about protecting the weak from the valley of darkness. Be the Shepherd, not the self-congratulating rancher. You can be smart, revered and successful without being a prick.

Call up your alma mater and offer your skills or consulting advice for free. Help a newbie gain his stripes in the industry (thanks @falconsview @jackdaniel @BrianHonan @DeathwishDuck @Wh1t3Rabbit @TripwireInc @andrewsmhay @briankrebs and so many others!).

Celebrate the fact that somebody actually respects you enough to ask for your guidance. And then give it away…freely.

3. I love that people in the IT security community are so far out in front on the usage of social media tools like Twitter to not only engage with each other, but use it as a means of revealing new threats, testing theories and furthering the global #infosec community.

I know the medium is also used for evil on the social engineering front, but those leveraging it for good will prevail. Expose the shitheels at the speed of “Send.”

4. Cloud computing has got to be the dumbest, most innocuous name for something so vital and potentially dangerous.

Can we please call it what it is: A Digital Data Trailer Park susceptible to methed-out dudes breaking in to steal your valuables, with more-than-occasional, seemingly targeted, natural disasters that may put you in the bread line and delivering a nagging, persistent gut ache and brain traffic  that circles the unanswerable question “Is my valuable data secure?”

C’mon you’re doing this to save $. Is it worth it? Are you sure?

5. And this is probably the most crystal clear and personal observation over the last 40+ weeks in infosec.

Like security itself …it’s a never-ending journey that unearths painful truths, nerve-wracking challenges to your beliefs and confidence, and it keeps its clutches in you with the lure of fighting the good fight or making an obscene amount of money and wreaking a new kind of havoc on the world if you’re donning the black hat.

Damn you, Infosec. I’m hooked. A reluctant data security junky with a dangerous amount of semi-informed knowledge, eager to fight alongside you. I’m not going anywhere.

For better or worse. I’ll be taking what you know and sharing it with the computer users getting pummeled by their own laziness or uninformed mistakes… until further notice.

Until next time.

@MarkAEvertz

This blog post inspired by Welcome to the Machine by Pink Floyd. Refurbished from Dec. 21, 2010 post for @TripwireInc

Someone recently posed this question to me and a few cohorts here at Tripwire, the IT security company where I work:

What are your Top 5 IT Security Events for 2010?
At first, I responded with RSA, Blackhat, Infosecurity Europe,  B-Sides, etc., then realized the question attempted to get at incidents or interesting developments in the last year. That task proved to be much harder.

Any time I’ve been asked to cobble together a list of “Top anythings”,  it has always been  akin to “What are your Top 5 bands or movies?” By that, I mean,  they usually change George Costanza-style  on the drive home (video) (ohhhhh, I should’ve said < Insert obscure, uber-hip band name here>).

With that in mind, here are my Top 5 IT Security Stories/Incidents worthy of consideration in no particular order, with a detailed rationale for each of my choices. Agree? Disagree? Think of one on the drive home? Fire away in the comment section.-ME

The “Stuxnet Effect” on Cyber Security
In 2010, “Stuxnet”

1. Captured media and global governmental attention because it was the first high-profile case of a dramatic shifting of war from on-the-ground to the cyber world. While the republics of  Georgia and Estonia had illustrated this shift first in 2007, the Stuxnet attack in the Spring/Summer of 2010 brought the new battlefield home to the U.S. Government because it attacked Command and Control (SCADA) systems responsible for regulating the energy grid.
2. Showed, through its combination of four  Zero-day attacks  that very talented, coordinated and probably state-financed groups can wreak global havoc on really old equipment. Some energy grid systems are 50-80 years old and rife with vulnerabilities that are ripe for  current attack methods or modern advancements in  malware development.
3. Taught an important lesson: If you are a target of  this type of attack, it will happen and it is next to impossible to prevent.
4. The countermeasure for high profile targeted attacks such as these is to return to the basics of info and system security:
   1. Protect (monitor all systems around the clock for up-to-date patches and configurations across the entire IT infrastructure)
   2. Detect patterns of behavior that are suspicious using a correlation of suspect log events, system changes and near real-time alerting of configuration errors that attackers exploit
   3. Resolve compromises as fast as possible with the ability to find the breach and return systems to a secure state by combining a pre- and post-breach cyber forensics program and automating the system baselining process.
5. Another key lesson with Stuxnet that will hopefully have a lasting impact was the realization that an attack of this kind in one place is a global event that will require a global response and the cooperation of governments and businesses around the world.

Security & Compliance in The Cloud
Much like the concept of cyberwar in the Stuxnet example, “The Cloud” is here to stay. Your first clue is “The” in “The Cloud.” It’s kinda like Madonna, Cher, Prince or The Hoff. (No, not that “Hoff” ). Love ‘em or hate ‘em, once they’ve attained “The” status,  they’re not going anywhere. Why?

1. The Cloud  is largely perceived by business users as a lower cost, environmentally responsible alternative to cash- and energy-sucking server farms that are holding an exponentially growing deluge of data that exceeded the storage available in 2007 (See image).
2. Large cloud providers like Amazon have rushed to become PCI compliant in an effort to protect sensitive data, namely cardholder data, but the cautionary tale here is that providers, particularly small and medium businesses using The Cloud to cut corners and save money have to realize that they have a responsibility to secure their own systems and sensitive data as well or it can be compromised where it lives in their environment and on user systems
3. One other critical issue that security experts point to is that by storing sensitive data in one place, and sometimes in a shared environment with other companies, they have unintentionally created a very rich singular target for a patient, deliberate and well financed cyber crime organizations.
   
4. The key, and this is certainly true of where Tripwire is working to address security in the cloud, is to monitor the critical systems, infrastructure and sensitive data stored with cloud service providers, alert on high-risk behaviors in the public, private and hybrid cloud environments and resolve anomalies on demand to guard against cyber attacks of this kind.

Cyber forensics as an emerging industry

OK…I have to admit, I see a David Caruso spin-off here in our future, complete with aviator shades, IT-flavored one liners (“His Java Script didn’t have a happy ending”) and a screaming Who song (in my Top 5, btw).  Not sure if that’s a good thing or a bad thing,  but that digression aside, for me, the driving factors behind cyber forensics are:

1.    Rapid evolution of attack methods and malware have created the need to approach threat detection beyond the old signature-based model of known vulnerabilities to real-time behavioral analysis of anomalies  in an IT environment across systems, files and security controls already in place (firewalls, anti-virus, security policy frameworks like CIS, etc.).

2.    A desire to be proactive on IT security rather than reactive to breaches. Cyber forensics enables pre-breach analysis that can identify risks  and in most cases guard against a breach.  In addition, it improves incident response by delivering post-breach analysis for reporting purposes and identifies how sensitive data or systems were compromised to harden the environment against future attacks.

3.    Technology advancements that enable real-time, continuous monitoring, alerts based on suspicious occurrences and automated, intelligent resolution: Tripwire’s behavioral approach to detecting threats includes monitoring the IT ecosystem around the clock for incidents that weaken a company’s security posture, correlating suspicious log events and suspicious file changes in near real time to identify threats faster and on-demand remediation of any configuration errors in the environment that contributed to the breach.

SMBs taking a big-boy beating on the cyber attack front

1. Recent reports are pointing to a growing trend that cyber attackers are seeing the complex traps being set for them in the enterprise space with seven layers of security defense, complete with firewalls, IDS, IPS, Access management, threat behavior analysis via the correlation of file changes and suspicious log events, etc., and opting  to go for the easy pickings in the education, nonprofit and SMB sectors.
2. In complex DDoS attacks or  sophisticated botnets, these easier-to-access servers and machines are being used to attack larger targets en masse or providing simple, unfettered access to the sensitive data available and letting attackers collect data from a multitude of weakly guarded targets Examples include Zeus and its financial account access-stealing malware that continues to plague non-enterprise organizations.
3. While an IT budget vs. mission or security budget vs. headcount seesaw will always be at play in these cash-strapped and often technically challenged environments, it’s important to keep hammering on the fact that attackers see them as the path of least resistance for obtaining social security numbers, health records, financial accounts and/or an entire zombie army of machines poised to do their dirty work because  they are mostly likely  misconfigured  or poorly managed. All security do-gooders need to band together in the years to come to stem this rising tide.

Recent news feeding my fire on this trend:

Education sector most affected by malware

AmeriCorps Security Breach

SMB Cloud Is A Hacker’s Paradise

Cyber Criminals Now Target SMB Bank Accounts

Security industry consolidation
Point solutions like Arcsight (now a part of HP) and even larger security luminaries like McAfee (now a part of Intel) got gobbled up by larger mega corps to build out their portfolio in the white-hot security space.  In fact, according to my fingers and toes, in the last 5 years alone, 26 smaller companies Tripwire used to compete with head-t0-head are now part of the machine. In my view, this changes the landscape in two ways:

1. Security solution buyers will be tentative in buying yet another technology to throw into their security mix and seek out comprehensive security suites to address a multitude of their security and compliance challenges related to protecting sensitive data and critical systems.
2. Security solution providers, in their efforts to meet this buyer desire and address a complex threat landscape, will find themselves partnering with former adversaries to create super solutions in the security space built on providing better visibility into true threats, real-time detection and rapid resolution to avoid cataclysmic breaches with massive data losses.

I can hear you all now. What about Aurora? (Ohhhhh! Jerk Store!) What about WikiLeaks? What about…? Share your wisdom and defend it in the comments section below.

I hope you had an incident-free holiday. Welcome to 2011.

Wow! 77 days ago I had something to say. Now, I can’t think of anything worthwhile to write about. Hey…look at that? I just wrote something. Cool. See you again in 77 days, or less if I get frustrated by something.

Until then, I just finished John Lennon’s final interview in Rolling Stone. Buy the magazine and read it. Here’s a link to some audio of the interview that gave me chills.

Choice blip.fm cuts below

Beautiful Boy

Watching the Wheels

Happy Christmas

Working Class Hero

To peace, love and understanding. RIP JWL…And happy holidays everybody in my corner. To a 2011 that brings happiness and good fortune to the people with big hearts.
ME

Heckling the dumb in the land of Lost Wages

This blog is inspired by Paranoia by Black Sabbath.

Las Vegas was full of a whole different kind of sin last week.  (Is SYN too on-the-nose for you IT security vets? SYN…ACK! ACK! ACK!)

SANS Network Security 2010 was the first of hopefully many conferences/classes for me to learn about the best and worst in the world of IT security. Great presentations. Eye-opening exercises. Plenty of career-enhancing connections. And more than a little chest puffing.

I do have to say that while I moved from blind victim (on the casino floor and off)  to keenly aware malware target after my week in Vegas, I hopped on the plane home thinking that some of the most talented security practitioners, penetration testers, and provocative presenters the IT world has to offer didn’t do much to change my perception held since the days of Y2K that those who make and break the rules on the Interweb are separated at birth or at least genetically aligned with Nick Burns, Your Company’s  Computer Guy. Brash. Caffeinated. Eager to prove worth. Equally fired up for the putdown of the uneducated.

The event brought IT security neophytes like me together with a cadre of command-and- control smarties to seemingly perpetuate inferiority complexes, self-proclaimed guru statuses, cyber terror bed wetting and group basking in schadenfreude for middle school years gone wrong.

That’s not to say that instructors and classmates in total weren’t welcoming, helpful or accommodating. In fact, it was a lot like speaking broken Spanish in an English accent while on a week-long sabbatical in Cancun. “Oh..look, he’s trying. Isn’t that cute? Bien Bien, Pobrecito.”

Layer 8 is People! It’s People!

But what stuck with me more than a corn syrup-soaked “Ctrl” key was the rampant use of the word “Stupid” when referring to people who use computers…business or personal keytappers.  “End Users” – Layer 8 in a Seven-Layer Security Model—are perpetually on the outside looking in through a technically opaque window of safe and sane computer usage.

OK, admittedly, “End Users” like me, mom, dad, my Facebook and LinkedIn buddies and eager-to-assist Tweeps, aren’t doing ourselves any favors in the IQ elevation process when we send money to Nigeria or naively become money mules despite an email rife with typos and the hard-to-fathom promise of a few hundred bucks for a few minutes’ time.

That being said, it would be cool if The Lords of LAN and WAN would drop a few non-malware laden breadcrumbs of Internet security  wisdom to make our computers, companies and governments a little smarter at spotting the worm on the hook.

Ya feel me:

• Person who plugged in the USB Flash Drive into your Energy Grid SCADA system to unleash Stuxnet?
• The poor sap at the DoD responsible for the worst U.S. military data breach with another shiny, yet polluted USB stick?
• My LinkedIn faithful who just got to meet ZEUS up close and personal?
• My Twitter comrades who saw a virus take down their character-challenged world, not by clicking on something they shouldn’t, but by simply mousing over linked text?

Let’s just agree now.  Nobody benefits from stupidity.

Stupid may seem like job security at first for the SysAdmin or his bosses who know all the answers. That is until he or she gets chewed out when a Distributed Denial of Service attack — unleashed when the uniformed click on “Funny Video.exe”attachements in their work Outlook account—keeps the boss from sending an important e-mail.  Let’s all take a page out of the stupidity-killing handbook of Chris Hadnagy, operations manager at Offensive Security,  and his Social Engineering 101 Q&A with CNet Senior Writer  Elinor Mills earlier this summer.

Another guy to lean on is former Washington Post reporter and IT security demystifier Brian Krebs who always manages to do his job without the slightest bit of condescension.

I’m pretty sure all of us in IT security are only as smart as our least informed coworker, which may just be the person signing your checks. Or your recently socially engineered Halo 3 cohort and IT security pal. See you in the shadows.

This Post Inspired By….the band “Security Threat” and their song Refusal (on Blip.fm)

EXTENDED VERSION OF POST ON TRIPWIRE.COM posted on 6/28/2010 : With Comments/responses

With apologies to the ghost of Hunter S. Thompson, I write this as one of Hunter’s favorite words for a person who was fresh meat in battle, “Rube.”  Thompson’s battle theaters were politics, war, corporate malfeasance, sports culture and media as infotainment.

Personal and Professional Data Deluge

My new battlefield is IT security and compliance automation. My first tour of duty was the Gartner Security & Risk Management Summit 2010 (Participant threads on Twitter here: http://bit.ly/9EmuJB ). I prepped for this  summit by carnivorously cutting my teeth on data breach stories past and present, IT security spending trends, and leaching off the minds of Infosec’s (Information security) indentured servants,  on the battles between “white hats” and “black hats” on the Wild Wild Web, and discovering other ominous terms out of Sci-fi novels like“Cybersecurity,” “Bots,” “APTs,”  and “Widening Attack Surfaces”

Jerry Bruckheimerwould have blushed, to be sure.

What washed up on the beach

A few observations after wringing out the jet lag and the PowerPoint deluge from my brain:

• A random sampling of attendees at sessions and lunch tables revealed that at the end of the day “Security” centered on protecting personally identifiable and critical business data and infrastructure from being taken, taken over, lost or peppered with unauthorized access.
• Security, IT or otherwise, is measured day-by-day, hour-by-hour and is a life-long journey, not a destination
• “Absolute security” is not only impossible – it can be as harmful, if not more harmful, to a organization than a full-blown breach
• Fear, Uncertainty, Doubt and Dread (FUDD) is the prevailing mood
• John Ashcroft being self-deprecating was uncomfortable for both of us
• I left more insecure than when I got there

Audit Fatigue, Breach Fatigue & the “Red Bull” of Knowledge

When I say insecure, I mean to say that once you dive into the vernacular of threat vectors, the data that points you toward the fact that great harm can come from something as seemingly as innocuous as a worm and that organized crime prefers data theft over illegal drugs as its most profitable illicit enterprise – human nature dictates that you’ll feel more than a little spooked.

And yet…despite evidence to the contrary…the more I talked to people on the front lines of protecting personal and business critical information and IT infrastructure from Black Hats, well-intentioned white hats and IT admins with baseball caps or no hats at all, the more I came to realize that they want to put FUDD out to pasture with knowledge.

A survey of people whose names I’ve forgotten, but faces I might recall, resoundingly said they were not only experiencing audit fatigue from having to pore over data logs until they were blind from seeking out suspicious needles in a stack of less suspicious needles–but  were also well worn of data breach horror stories (3.4 million search results on Google as of this writing).

One woman from a well-known insurance company told me flat out: “I don’t need to be scared into taking action. I just need to know what I can do to stop it,” pausing briefly, then continuing, “and how to convince my boss that we need to do it.”

So, for her and the others I listened to, spoke with or spied on, I’m going to hunker down in my IT Security foxhole to find the “HOW?”and continue my battle to neutralize the FUDD.

I heard over and over that Goal #1 was to protect data with the visibility to find threats before the breach, the intelligence to take decisive action and the automation to both keep operations up and running and securely use data through automated security controls to get business done. Find out more on how Tripwire does this here.

A post that stuck with me in the last couple of weeks:

Guest Commentary: Matt Olney on Lieberman cybersecurity bill

Stay vigilant, my friends.

ME

Comments from Tripwire.com

• Scott Anderson 1 day ago

  2 people liked this.

  Praise for any posting that weaves together Hunter S. Thompson and former AG John Ashcroft — not to mention FUDD. Gents Yin and Yang make good bookends for the broad issue of IT security. And, though I wish it weren’t the case, it’s likely that Fear of the economic consequences of IT insecurity will rule the day, despite the fatigue and thousand yard stares. Fear is a good motivator, always has been. It’s about channeling it and transforming the FUDD…

  Flag

  You liked this.

Scott,
Thanks for the praise. Surprisingly easier to weave that thread than I thought. Point well taken on fear being a good motivator. I’ll admit, fear always shakes me into action. That said,  I always end up having to course correct or  recognizing way too late the opportunities I left on the table to prepare for future heartache by being too haphazard and reactionary at the outset of any attempt quell immediate insecurities. I suspect the human beings that make up the IT Security Panopolis are in much the same spin cycle. I encourage deep breathing exercises and then leaning on the people, processes and technologies that have fought a similar battle before and survived or thrived.
Thanks for reading and your comment. Keep it coming!
Mark

• Carri Bugbee 1 day ago

  2 people liked this.

  Mark, that’s the most entertaining piece about IT security I’ve ever read. You’ll do the industry some good! But I sure wish the font on this page wasn’t so small. Was this blog designed by 20-somethings? I suspect that’s not your target audience. And when I increase the font size, it just bleeds off the left column.Keep neutralizing, my friend. Just don’t make me squint.

  @CarriBugbee

Carri,
Thanks for reading and particularly for your comment. Exhilarating subject matter that changes with the wind, that much is for sure. I haven’t seen any 20-somethings in my neck of the woods, but I’ll  be sure to surface the need/desire for a squint-free user experience.
Keep reading and sharing!
Best,
Mark
@MarkAEvertz

Is it just me or is Facebook making life more complex by trying to simplify it? Just as I started to make sense of the social Rubix Cube of community pages, group pages, Fan pages, et al. They turned mutual interest, passionate sharing of information and interaction into the blandest word in the English language to express human emotion — LIKE.  “Eh, I like it, I guess.”

Are we headed for the playground in a year or two when LIKE no longer suffices? I REALLY LIKE LIKE YOU! — Mr. website, Mr./Mrs. person, Mr./Mrs. band or song! Facebook co-founder Mark Zuckerberg, I’m certain,  has me by 50+ IQ points and holds a grand vision for his company well beyond my comprehension, but that’s kind of my point.

I’m the end user and I already see the shelf life on this word. I know I’m going to have to embed a “LIke X 4″ widget on my site or client sites in the not-too-distant future.

In the race for Web  dominance, as well as amassing legions of  friends, fans, followers, supporters and now LIKERS (L-A-M-E!), I wonder if Facebook is adopting the news media maxim of “Be First, First. Be Right Later.” If so, ask yourself…how’s that going?

In the interim, I’m treating Facebook like a kid or adult with ADHD — waiting for the spazzing to stop before I react too firmly or adopt anything new. Facebook might, as a result,  lose me for awhile.

OK…yeah….Mark Z. and team are going to be heartbroken–only 399 million users now. Oh no! But I’ll bet there are at least a few of you getting worn out by it all. Seriously, how many of you have started Facebook Farms, played with Mafia Wars more than physically interact with your family or friends, allowed an application to suck you in for a trivia quiz –  only to be persistently annoyed by unwanted follow up?

Does this recent South Park clip hit a little close to home? (You will laugh and nod at the same time. I promise)

Or this one?

Trust me…this isn’t a pronouncement of a potential tipping point or leveling off of Facebook users. Just a question. How much is too much? Because if you were already at the eyeball level with Facebook’s antics and peripatetic machinations on things like their Terms and Conditions — you’re about to have your head blown off your neck in the weeks, months and years to come. Here’s an article on Facebook’s plans that you should read and know what you’re about to experience.

Maybe it will be great…but, frankly, I’m kinda wigged out about one entity knowing every preference, distaste, habit, or feeling I have right when I have it. I’m probably being naive. I’m sure Google is already cloning me for deep space exploration. That said, I think some things should just be left for old school social networking, like actually going to meet somebody for a cup of coffee or attending an event to learn about things and people. My former virtual pal @CarriBugbee became real to me recently when she “pulled me out of the basement” to speak on a panel. I’ve gotta say, it was great to meet her, talk to her,  interact with other  human beings and get to know people for more than their profile and prettiest picture.

With this new model, I wonder if people will just bypass personal contact all together. I’ve got my music, my friends, my news, food, beer in the fridge, and soon, hopefully, Netflix, after I convince my wife there’s actually an adult value proposition and application for Playstation 3. Sounds pretty sweet…..but….

Let’s just make a deal right now to not live like that. You pull me out of the basement once in awhile and I’ll do the same for you — by sending you fun things to do outdoors or at least outside of your home or office — to your Facebook page.

Until next time, don’t tell me you love me (Blip.fm)  just tell me you LIKE me.

M

This blog inspired by Steve Ray Vaughan’s “The Sky is Crying” and Louis Armstrong’s “When You’re Smiling the Whole World Smiles With You.”

OK…seriously…6 months since my last blog post?@?@?@? I’m surprised this thing even works anymore. Cause-based marketing keeps you hopping…that’s for sure.

But to be honest..the previous Grampa post just took a lot outta me. I looked at it every time I tried to write and didn’t have anything else nearly as relevant or heartfelt to really add after that.

That is until someone mentioned the book “The Secret.” I’d be lying if I said I read it, but I’ve gotten enough book reports from key advisers to get the central premise. You attract how you act. If you are a force for change and get white-hot pissed when people don’t follow, you attract a like-minded crew of malcontents and beehive bashers. So “The Secret” for me was to retire “Pessimism” and Evolve.

Evolved Thinking isn’t so much a measure of my evolution from troglodyte to upright warrior  to compassionate cogitator to Bubbly Brad Garrett as it is celebrating others for smelling the roses through the hot mess of sewer sludge all around us.

One thing I’ve tried to do during my busiest of moments is at least stay plugged in through Twitter, Google Buzz, Facebook and other key blogs to remain current.

Speaking of which, good God, can someone help a brother out on incorporating my Twitter feed into this blog through a sidebar! I’ve uploaded and downloaded Twitter plugins to the point of Supreme Twitdom and can’t for the life of me figure out how to make my Tweets  flow into my blog. HELP!

I hope the next 9 months of 2010 brings a little clarity and priority to my life and yours.

One point of clarity, priority and purpose so far has been my work on a new social media monitoring and content creation start-up EVolution Communications Group and two non-profits — Wish Upon A Wedding Portland and  Special Olympics Oregon. It’s been a whirlwind tour, but I remain fascinated by people who make  organizations move, raise money, cultivate legions of loyal consumers and  catalyze indefatigable volunteers or unsung (unpaid) helpers.

Whether it’s ensuing that a deserving couple gets their dying wish,  a uniquely able athlete gets the chance to compete and apply lessons to everyday life, or a corporation looking to build equity in doing the right thing and then using a content monitoring and creation practice to support it — I’m all in. Suffice it to say…I’ve found something that inspires me to get up in the morning, work harder than I ever have before, and still want to come back for more.

Where ever you are in life,  rest assured getting involved in something bigger than yourself and the day-to-day grind will sustain you and turn you from pessimist to at least a reluctant optimist.

Until then…here’s a person and a few organizations that through their big hearts, big brains or both that have blown me away.

1. Chris Brogan — An early supporter of my work at Special Olympics Oregon, Chris continues to impress me personally by wearing his heart on his sleeve. This recent post on not fitting in a box of someone else’s creation, but building one of your own reinvigorated me at just the right time.
2. Wish Upon a Wedding – Fulfilling someone’s dying wish to be together — or potentially empowering a miraculous recovery through the healing touch of love is a cause that tugs at the heartstrings. See it in action.
3. Clothes Off Our Backs — This great nonprofit gets celebrities to literally give the shirts (and pants, and dresses, et al) off their backs for a rotating list of charities each year. Purely awesome concept.
4. Mercy Corps — Anybody notice how this Portland, Oregon-based nonprofit raised bucketloads of money for relief in Haiti and hit the ground  in-country ready to help?  If you didn’t it’s because they’re not self-promoters. They’re doers. What an amazing group. Help them in anyway you can.

I’m watching, learning and will abscond with every great thing you are doing–giving you full credit, of course.

To an optimistic 2010 from here on out — from a newly invigorated,  rapidly evolving thinker and retired Cockeyed Pessimist.

Mark

…And a Better Man.

The Marlboro Man Prequel (mouse up to the top of the page after clickthrough for the full obituary)

Jack Norman Evertz (March 8, 1927 – July 27, 2009)

The words “They just don’t make ‘em like that anymore” come to mind when I think about my gramps. Part redneck, part roughneck and all man in an increasingly domesticated man’s world, Grampa Jack was quick with opinions and head-shaking dismay despite his lack of a high school diploma to back him up. Common sense ruled — in the shop, around the card table, on the porch and anywhere else he chose to plant his Size 12 Tony Lama boots. A simple wisdom left permanent marks, like these gems:

Grampa Jack on Stress:
“I just never could understand why you and your dad always worried to high hell about everything. More than half the time, it never turns out that way and the rest of the time it’s not nearly as bad as you think. And if it is ever that bad you’re too damn worn out from worrying to do anything about it.”

Grampa Jack on Women:
“Nothing’s harder on a man than an angry woman.”

Grampa Jack on Manhood:
“The world doesn’t owe you anything and it will knock you on your ass every chance it gets. Your job is to keep gettin’ up.” His favorite movie was Cool Hand Luke if that tells you anything.

He laughed at the pussification of the American male and would routinely harken back to his Golden Era of the’50s and ’60s where smokin’, drinkin’ and raisin’ hell were a man’s God-given right –  and anybody who said otherwise could go straight to hell.

Some of that tenacity and toughness no doubt makes you strong on the battlefield or in the bar room, but I had the hardest time convincing Grampa Jack that his Advanced Coursework in Manhood for his only grandson was losing the battle in the boardroom. “There’s ego, politics, turf wars, and hurt feelings that come into play. You have to be nice,” I told him.

“What the hell does nice have to do with business?” he asked. “And, did you say hurt feelings?”

Never did give him any good  answers on why brains had rapidly replaced balls for dominance in the American West, except to throw another cliche at him that got him to come around half way. “You get more bees with honey, Grampa.”

Well, with him cashing in his chips at the end of July to spend the rest of eternity with my Gramma Grace (a tough cookie in her own right), here are 5 things Grampa Jack taught me that make me a better man and a better marketer.

1. If you don’t mean it, don’t say it.

2. Shut up. You just might learn something. (Still working on this one)

3. If you make a mistake, own up to it. Then work like hell to fix it.

4. If you believe in what you’re doing, don’t back down.

5. A man is only as good as his word.

T-5. Outwork your co-workers. Outsmart your enemies.

R.I.P. Gramps. You were a helluva lot smarter than you gave yourself credit for.

This series of personal palpitations is inspired by this relevant rock block: Too much Time on my hands by Styx (as the 1000-word blog will attest), Don’t Fear the Reaper by The BOC and Pearl Jam’s Unemployable –which is actually pretty enlightening despite the title.

A prelude to an actual point
Before I figure out where I’m going, I’d like to take a peek back to where I was the last time we crossed paths in this here wordslinger’s outpost OK…Done. Hmmm…All I can think of is: Who the hell pissed God off in June?

Michael Jackson - R.I.P.
Farrah Fawcett – R.I.P.
Ed McMahan - R.I.P.
Billy Mays – R.I.P.
Karl Malden – R.I.P.
My Job – R.I.P.

And July’s off to a grim start with Steve McNair and Arturo Gatti. All I can say is: Hang in there Patrick Swayze!

This recent foray into obitu-tainment and an air of professional vulnerability at the moment have made me take stock in a few things — as death and loss have a tendency to do.

Family – Seeing my kid swim for the first time and hanging out with my wife at a movie on a Tuesday afternoon were life-affirming ( Go See Public Enemies!) .

Remembering the world through the eyes of a child – Just watching my kid react to something and then ask “Why?” has re-educated me on the importance of not taking anything at face value. And the whole wonderment thing he’s got going  for the seemingly inconsequential…I want more of that, for sure! Check out this dispatch from Braden Kelly (www.twitter.com/innovate for you Tweeps) Innovation Through the Eyes of a Child. Get your inner child back via this recap with vids featuring Gever Tulley @ the TED Conference on Tinkering School. And for a longer leap into this idea, Watch Randy Pausch’s Last Lecture — Achieving Your Childhood Dreams video (76 min. of pure gold). Still blown away by the personal and professional lessons in his presentation/book.

Connections with people of like mind — I can’t believe how many people want to help me or need help themselves when it comes to marketing, social media strategy, sales lead generation, Green business communications or health care research. I’ve been pleasantly surprised by the kindness and opportunities.

A strict,  bullshit-free diet — Seriously, just tell me what you have, what you want and why you think you need it. If I can help I will. With brevity, sincerity and transparency, people will likely be willing to join your parade by being followers, evangelists or customers.

The last life lesson re: avoiding b.s. is hard to do in an uberconnected, socially explosive and largely self-serving world. I don’t spend a lot of time on social psychology but one name that always sticks out is Abraham Maslow and his Theory of Human Motivation, aka Hierarchy of Needs. Sales guys and gals grinding it out day-to-day know this theory all too well. Marketers are trained these days to call them pain points and my guess is that sales reps have adopted the language out of sheer acquiescence borne from too many deer-in-the-headlights interactions with doe-eyed corporate do-gooders.

Putting the pain point out of its misery
Maybe in these dark times filled with grief, fear and  financial uncertainty  we should pick a new rallying point for how we engage people who don’t know us very well and probably don’t care. The video on David Meerman Scott’s recent blog post Times Change. B2B Fundamentals Do Not says it all (worth the 2 minutes, but basically…Who are you? What do you want and why should I care in both  GrumpyVision and BusyVision). Be concise. Be relevant. Be helpful. Or Be Gone. This isn’t about you convincing people you understand their pain with limp phrases like In this tough economy… or a  data point from a well-paid analyst that says 80 percent of their peers fear losing their jobs and are eating  Xanax by the handful.

Trust me, your prospects know money is tight, that  their job is harder than it was a year ago and that their bosses are way too interested in  showing  hotshot summer interns the ropes in marketing and sales departments all across the country.

Enough with trying to sympathize. Do something or sell something that assuages fear or boosts confidence.

The Maslow Mashup
Abraham Maslow’s Hierarchy lives in the textbooks of many a marketing student but slowly leaks out of the brain over time due to stress, forced servitude and/or organizational compliance under the heading of “We’ve always done it this way so you will too.”

If your sales pitch to prospects doesn’t somehow tell a good story using at least one of these 5 needs, you need to talk to someone in your marketing department. If you’re in the marketing department and you have no idea what I’m writing about, then we need talk, tweet or telepathically connect.

Maslow's Hierarchy of Needs

Take note of the fact that if your product helps people breathe, eat, drink, have sex, sleep, stay chilled out, or poop you are likely going to make a very good first impression. Good for you!

If not, then you need to: Be Concise. Be Relevant. Or Be Helpful.

So let’s put the pain point to bed and try to be a little more reaffirming, huh? I vote for PuppyPoint: Warm fuzzy ways to trick the heart into buying something you know you’re going to have to clean up after, but just can’t resist.

I’ve been part of the problem for about 15 years now, but moving forward I’ll try to market and sell products, services, causes (myself!?!?) in  ways that help people keep their jobs, feed and spend more time with  their families, save or make money and have more sex. Before you think I’m on the road to door-to-door perversity, remember that even if your product isn’t Viagra or some jaw-dropping gadget, it is likely to have the capacity to help someone in some way to afford a new car, buy a nice place to sleep or grab just the right body spray to get the girl or boy. If you can make that connection with a level of relevance and sincerity in any industry from Agriculture to Zoology, then you’ve done your job.

Let me know what you’re doing out there to make a difference. And if you’re in sales or marketing and want to tell me “DUH!” then feel free to do that below. If you need me, though, I’m ready to help.

Cheers,

Mark

T.C.P.

I’m telling you…over the last month I’ve tried to, as they sing in “The Life of Brian” Look on the Bright side of Life. (whiiiwhoo…whoo whoo whoo whoo)…but when a  crazy lady in a custody battle threw her kids off the Sellwood Bridge in Portland a few weeks back and a father pulled the same exit strategy to parenthood and life a week later,  I moved swiftly back into the People Innately Suck camp again. Can we somehow convince these people to exit first and leave the innocent behind, please?

I’m on a desperate search for  people and information that contributes to a greater good. You are out there. Bring me something uplifting and real to share that isn’t a Twitter tip, a video of your cat, or a marketing trick to get me to buy something that we both know I don’t need.

Knock me on my ass with value. Get me to say, wow, this makes me smarter and empowers me to help others. Introduce me to people, causes and stories of gut-level inspiration.

Until then…I remain a reluctant pessimist, mystified by shitty behavior that lives at the DNA-level in some, is well-coached in others or so masked in self-absorption that it goes unrecognized. I’m confident that fear, ignorance and weakness of mind and spirit are at the root of this.

Let’s turn the tide together with ways to quell the concern, smarten up the masses and feed the soul with something that sustains. Here’s a little something to start the ball rolling.

Bob Dylan
Shelter From the Storm

Cheers, Ev. T.C.P.