FIR B2B podcast #92: TechTarget CMO John Steinert on the science of ‘intent marketing’

Posted on March 9, 2018 by dstrom

John Steinert joined TechTarget as CMO two years ago after a decades-long career in B2B technology at companies that included Pitney Bowes and SAP. So why join a tech publisher? Steinert actually doesn’t see TechTarget as a publisher, and in this recent piece he explained why he was so excited about the opportunity: product, purpose, people and potential. In this interview we discuss the differences between publishing and content marketing, how intent marketing can help provide insights into impending technology purchase decisions and how marketers can make their content more effective and targeted.

TechTarget’s not-so-secret weapon is its lead generation and tracking mechanisms, which permit the company to see exactly what kinds of content is crucial for their visitors. Steinert describes what data is collected — with visitors’ permissions of course — and how it can be used by their advertisers and sponsors. He also distinguishes between visitors who are just looking to snack on information versus binge consumers, who are likely closer to purchase.

This all makes a difference in what kind of content is created and how keywords are chosen to bring in the right visitors. “You have to have strong SEO, people have to find your stuff and it has to be cross-linked and judged popular and valuable,” he says

TechTarget’s distinction has always been its portfolio of microsites focused on technologies products or categories — such as SearchWindowsServer.com. But you’d be hard-pressed to find the names of those sites on the company’s home page today. That’s deliberate. Far from being a publisher, TechTarget is today a data company.

Incidentally, both Paul and myself have had a long connection with TechTarget: Paul was the company’s sixth employee and I have been a regular freelancer for numerous websites of theirs.

There is a lot of wisdom in what Steinert says, and he is worth a careful listen to our 25 min. podcast here.

Using your cellphone when overseas (2018 edition)

Posted on March 8, 2018 by dstrom

I just returned from a trip to Israel, and as the old joke goes, my arms are so tired. Actually, my fingers, because I have been spending the better part of two days on the phone with support techs from both AT&T and Apple to try to get my phone back to the state where it works on the AT&T network.

My SOP for travel is to use a foreign SIM card in my phone. This has several benefits. First, you don’t pay roaming charges for local in-country calls, although if you are calling back to the States, you might have to pay international long distance charges, depending on your plan. Second, if people in-country are trying to reach you, they don’t pay for any international calls either, since they are calling a local number. (Some of the networks overseas have the more enlightened method of calling party pays, but we won’t go there for now.) You also don’t use any minutes or data GB on your American cell account, which is nice if those are limited.

For the past several years, I had been using two different travel SIMs. First is one from FreedomPop, which was a very inexpensive card with monthly fees around $15 for a decent plan. I had some billing issues initially but these were resolved. It doesn’t work in Israel, so I ended up buying another SIM at the airport kiosk in Tel Aviv. My last trip in October had some major hiccups with that card, and so I decided to try a new supplier, Call Israel. They offered a plan for $50 that seemed reasonable. AT&T charges $60 a month with lower data usage for Israel. If you go elsewhere the fees could be less.

Call Israel mailed me a SIM a week before my trip, and right away I saw an issue: I was just renting my SIM card. At the end of my trip, I had to mail it back. Strike 1.

But strike 2 was a big one. I made the mistake of taking my Israel SIM out of my phone when I changed planes in Europe on the return trip, and put in my AT&T SIM card. That confused my phone and got me in trouble. When I landed in the States I spent an hour on the phone with a very nice AT&T person who verified that my phone was working properly on their network. Except it wasn’t: I could get voice service, but not broadband data service. Some parameter that the Call Israel SIM had needed was still set and messing up my phone, and there was no way that I could access that information to remove it.

I ended up speaking to Apple next, because I figured out that they could get rid of whatever it was that was blocking my data service. I had to find an older iTunes backup that I had made before I went abroad (lucky I had done so with Time Machine), and then wipe my phone clean and bring that backup to the phone. All told, several hours were wasted. I found out that there is a subtle but important difference in how iTunes and iCloud handle backups. I was fortunate to find a very nice woman from Apple who called me back as we tried various strategies, and eventually we figured out what to do. This took place over the course of a couple of days. Here is the bottom line: your phone has hundreds of parameters that determine whether it will communicate properly. Some of them aren’t accessible to you via the various on-screen controls and are hidden from your use. The only way to change them is to restore from a known working backup.

So if you are planning on being out of the country, think carefully about your options. Consider if you need a foreign SIM for a brief trip. If you can afford service from your American provider, do so. Or if you can find Wifi hotspots, you probably can do 90% of the work on your phone by setting it to airplane mode when you leave town and not turning it on until you return. Under this scenario, you would use Facetime, What’sApp and Skype for voice and texting. Does that additional 10% make the difference? If you have a terrible sense of direction and need Google Maps, for example, you will need that broadband data. Or if you are traveling with other Americans and need to meet up, you might need the cellular voice flexibility.

SIMs come in at least three different sizes, and most suppliers ship them with cardboard adapters so you can fit them in your phone’s compartment. It doesn’t hurt to check this though.

Next, don’t swap SIMs until you reach your destination. If you need to look at buying a local SIM, make sure you understand how you have to bring your phone back to its original state when you come home. Make backups of your phone to your computer, to the cloud, to as many places as possible before you leave town. If you have an iPhone, read this article on how to find the iTunes backups on your system.

Next, when you are looking for a mail-order SIM, make sure you are actually buying it and not just renting it. Check to see that it will work in all the countries on your itinerary. Or wait until you get to your destination, and buy a local SIM from a phone store or airport kiosk.

Finally, examine the calling plan for what it will entail and match it with your expected usage on texting, data, and voice volume. Examine whether your calls back to the States are included in the plan’s minutes or not. If you don’t use a lot of data, you probably can get by with a cheaper voice-only plan and finding WiFi connections. Happy trails, and hope they don’t turn into travails.

CSO Online: Inside RSA’s state-of-the-art fraud intelligence command center

Posted on March 8, 2018 by dstrom

As cybercriminals get better at compromising financial accounts and stealing funds, vendors are beefing up their defensive tools to prevent fraud and abuse. I had an opportunity while I was in Israel to visit Daniel Cohen (shown here) of RSA’s Anti-Fraud Command Center (AFCC), the nerve center of a division that is devoted to protecting consumers’ financial records and funds. The AFCC is an example of what a state-of-the-art web threat and fraud intelligence operation looks like. Here is my report for CSO Online.

CSO Online: 10 questions to answer before running a capture the flag (CTF) contest

Posted on March 6, 2018 by dstrom

Capture-the-flag (CTF) contests have been around for decades. One of the longest-running and more popular series began at the Vegas DEFCON show in 1996 and attracts thousands of participants. Running your own CTF contest can build security skills and help identify new internal and external talent. In this article for CSO Online, I compare CTFs with cyber ranges such as CyberGym (shown here) so you can learn what types of challenges you need to include for your own contest, how to make the contest run smoothly, and other logistics to consider.

BrianMadden.com: An introduction to FIDO

Posted on March 6, 2018 by dstrom

Many years ago, the idea of making a more universal multi-factor authentication (MFA) token seemed like a good idea. Back then, hardware tokens were proliferating, and so were the number of logins for different web-based services. Out of that era, the Fast Identity Online (FIDO) Alliance was created in July 2012 and publicly announced in February 2013 to try to bring some standards to this arena. Since then, the FIDO standards have gone through several revisions and extensions, and more than 100 vendors have joined the non-profit association, including some of the largest names in the identity and authentication business.

While it has taken a while to gain traction, FIDO is now at an inflection point and has reached sufficient maturity that deploying it isn’t a matter of if, but when for most enterprises.

You can read my post on FIDO for BrianMadden.com today.

Finding (cyber) false flags

Posted on March 3, 2018 by dstrom

I am a big reader of spy novels and my latest fascination is the Red Sparrow trilogy, of which the first book has been made into an upcoming movie. In one of the novels the spies attempt to penetrate an Iranian nuclear project, with one of the characters, an American CIA operative, posing as a Russian nuclear engineer. This situation is called a false flag.

The idea behind a false flag is when a spy (or group of them) represent themselves as from some other country to confuse the enemy. Back in the days of naval warfare, ships changed their flag they were flying deliberately to sneak into an enemy’s midst. Hence the name.

While spy novels love to talk about false flags, they do have some basis in reality, at least some situations. One is the Lavon affair which refers to a failed Israeli covert operation that was conducted in Egypt in the summer of 1954 and run by Pinhas Lavon, shown here. There are numerous other ops that are on other lists that show the depths that intelligence agencies will go through to misrepresent themselves.

The same is true in the modern cybersecurity era. We have false flags all the time when malware attacks a target and mislead its origins. Then researchers try to pick it apart and figure out its attribution. Does the code resemble something they have already seen? Are the names of the variables or documentation written in a particular (non-coding) language, or using cultural or other references? Are there targets of a particular political or national significance? These and other factors make malware attribution more art than science.

I was reminded of this when I read this piece from the Talos blog about trying to figure out who was behind the Olympic Destroyer malware that we saw last month. Several security bloggers have come out with Russian attribution, but the Talos team says, not so fast. Yes, there are similarities to Russia state-sponsored sources, but it isn’t a slam dunk and there are also other suspects that could be the source of this malware.

Sadly, for cybersecurity it isn’t as easy as switching a flag to figure these things out. And reports about malware’s source need to be careful to ensure that we have the right attribution, otherwise we might be retaliating against the wrong people.

Security Intelligence blog: An Interview With IBM Master Inventor James Kozloski on His New Security Patent: The Cognitive Honeypot

Posted on February 28, 2018 by dstrom

What does a master IBM inventor who typically models brain activity have to do with enterprise security? If you ask James Kozloski, you won’t get a quick answer, but it will definitely be an interesting one.

Kozloski, who is a manager of computational neuroscience and multiscale brain modeling for IBM Research, is always coming up with new ideas. He was recently part of a team of IBMers that received a security patent for a cognitive honeypot. If you don’t know what that is, check out my story on IBM’s SecurityIntelligence blog for details with this very interesting inventor.

Time to listen to your corporate Cassandra

Posted on February 26, 2018 by dstrom

In Greek myths, Cassandra was able to see the future, but no one ever believed what she was saying. Richard Clarke has written a new book examining this in a very quantitative fashion, and it made me think about those among us that predict what is going to happen to our IT infrastructure but aren’t listened to by management. I know it is a bit of a reach, but bear with me.

I thought back to several moments when I worked in corporate jobs and had run up against some naysayer who didn’t like what I was saying. Sometimes, I got fired because my boss thought I was the naysayer. Sometimes, my prophecy came to pass and then my proposal was finally green-lighted. And sometimes I had to run another play through a proxy or convince some other department to carry my idea forward.

In Clarke’s book, he describes a series of various disasters (Katrina, Fukushima) and how in each case there was a Cassandra who warned about the potential issues but these warnings fell on deaf ears. He then provides mechanisms and suggestions on how to reverse this and how to better pay attention.

Why are these warnings ignored? Several factors: inertia, character flaws of the participants, lack of planning, or ineffective leadership. Sometimes it is a combination of all of the above, making the issue too complex for a single individual or line of business to resolve. One of the things that I learned in my leadership class several years ago is how to assess various inputs, often conflicting ones, to determine a course of action. The best leaders know how to do this instinctively, and not just stick their heads in the sand and continue on. It is about listening critically to what the Cassandras are saying.

Wikipedia says in its entry that Cassandra is employed as a rhetorical device by many modern tales. One of my favorite ones is the Gilliam original movie Twelve Monkeys. There the character played by Bruce Willis is sent back in time to try to figure out the source of a pandemic that wipes out most of the world’s human population, only to be frustrated by not being understood by the people he interacts with. (If you haven’t seen the movie, make sure you see the 1995 original and not the remake — which is miserable.) Willis is considered crazy, but eventually enlists a shrink to help him with his investigations.

Pick up a copy of Clarke’s book, (re)watch the movie, and make a promise to listen the next time your corporate Cassandra speaks up.

FIR B2B podcast #91: All About Influencer Marketing with Marshall Kirkpatrick

Posted on February 23, 2018 by dstrom

Marshall Kirkpatrick leads influencer marketing at Sprinklr. He and I worked together at ReadWrite long ago, and he subsequently started Little Bird, an influncer marketing platform that was acquired by Sprinklr in 2016. Since then, he has helped augment the combined platforms for the enterprise.

Marshall has been active in understanding how social media influence is acquired and measured for more than a decade, and likes to talk about this pyramid, in which influence is just one of several steps toward providing real insights into how a brand is understood in various media forms. While our discussion on this podcast is mostly about Twitter and measuring its influence and effects on marketing B2B brands, we also talk about how to find people within an organization that are more inclined to tell your story.

One key data point is to look at when someone started using social media networks: the earlier they did, the more potentially influential that person could be. It isn’t just about counting raw numbers of followers, Marshall says; an influencer has to be picky about who they follow. There are ways to suss this out. Social media is more about finding quality than quantity.

You can listen to Paul Gillin and I talk about this here.

CSO Online: How to protect your network from PowerShell exploits

Posted on February 20, 2018 by dstrom

Hikers living off the land make use of existing nutrients and water sources to survive in the wilderness. In hacker parlance, the term “survive in the wilderness” means they cover their tracks and make use of tools and code that already exist on targeted endpoints. This hides their exploits by making them look like common administrative tasks so that detection tools can’t easily find them. Welcome to the world of PowerShell-based attacks.

PowerShell has become increasingly sophisticated and in an article I wrote for CSO Online, I show you how attackers can leverage this language for their own evil purposes.

Web Informant

David Strom's musings on technology