Wednesday, 24 May 2017
Book Review: Play Bigger


Play Bigger is a new book by entrepreneurs for entrepreneurs (2016, Harper Business). The authors’ theme is that today’s markets are so crowded that you cannot rely on niche marketing into white spaces; you have to create your own white spaces, or “categories”. The goal is to be a “category king”. The idea of niche marketing has been around forever. Ries and Trout documented these ideas in their classic, Positioning (2000). Authors Ramadan, Peterson, Lochhead and Maney propose that in today’s markets, with enough money, genius and hard work you can create your own category. To build a business using their approach you need to create a category, a product and a company. They all need to work together. This is sound advice. The challenges are:  what is your idea, how big is your category and is it defensible? IPads, ERP software and SaaS are examples of unique new categories that have gone to the business hall of fame. Even if you don’t have ideas this “big” you can still take away very useful ideas from Play Bigger.

One observation is that a single “lightning strike” will not create a category. Only a series of connected initiatives will have the desired effect. While reading Play Bigger, I also watched “The Founder”, a movie about Ray Kroc’s life (highly recommended). In one scene he plans a lightning strike opening of a new McDonald’s in California. Unfortunately, a swarm of summer flies drove away customers.  He was undeterred, obviously, and kept redefining McDonald’s categories from local hamburger stand, to regional business and beyond. The one major contributor to his success: persistence.  

A second observation is that new categories come in all sizes and can be employed by new or old businesses. Last week I got a flyer from King Arthur Flour, a 227 year old, Vermont based, B2C provider of flour and baking equipment. It advertised flour and baking pans for baking your own hamburger buns. In my mind that is a different category, not just a better product. With different you can become a category king; with better you will be one of the pack.

The final chapter of Play Bigger applies the category concept to individual professional life. The authors suggest that you need to create your own category, obtain the backup knowledge to support it, and set up an ecosystem (mentors) of people to support your goals. Good advice for all.

Posted on 05/24/2017 9:47 AM by Fred Scholl
Wednesday, 17 May 2017
Long Term Beneficiaries of WannaCry

The current worldwide attack from WannaCry is going to have lasting impact for information security. The question is: what will that be and who will benefit? In this blog post I will take a contrarian viewpoint and suggest that it will not be beneficial to security practitioners or security businesses. I think business leaders, who fund security programs, will take alternative approaches to mitigating this risk.

At present, we have over 1600 security firms offering solutions to attacks like WannaCry. Unfortunately, this patchwork quilt mitigation approach isn’t working. Not because of the security firms, but because there are too many potential leaks in the ship to manage. So, I predict that business leaders will change ships and increasingly move legacy systems and new systems into the cloud. This is already happening and incidents like WannaCry will accelerate it. No business person is going to upgrade XP systems to Windows 2016, when they can hand over security responsibility to someone else. Of course, security is still a joint responsibility, but the optics make it look like the cloud vendor owns it. For a good summary of cloud growth trends today check out Forbes here. The consensus summary for cloud growth is 18-19% per year through 2020!

The other beneficiary will be the cyber insurance industry, especially in areas hardest hit. WannaCry brings cyber remediation costs to the attention of the board. Board members understand enterprise risk and insurance mitigation. They don’t understand the technical details of ransomware and phishing attacks. But before cyber insurance takes off we will need a common language to describe risk. The NIST Cyber Security Framework (CSF) represents such a framework. The new Cybersecurity EO requires that Federal Agencies utilize the CSF. If this moves in broader use in private industry, we will have a basis for stronger insurance mitigation of cyber risks. Security professionals need to understand the benefits and limitations of these insurance policies and include them as an active part of threat mitigation.
Posted on 05/17/2017 4:03 PM by Fred Scholl
Monday, 8 May 2017

Last night I went to a screening of Laura Poitras’s movie about Julian Assange. If you are interested in national security, I highly recommend the film.  I had expected a big crowd, but Nashville’s Belcourt was only about 20% full.

Love WikiLeaks or hate WikiLeaks, it is likely Assange will continue to be in the news. The movie ends with Attorney General Session’s statements directed toward putting Assange in jail.  The rest of the movie covers the period back to 2006, when WikiLeaks was founded. You can come to your own conclusions as to whether WikiLeaks was or still is a valuable publishing forum.

I came away with questions such as: who is funding this organization? Or, what is the public benefit of disclosing the Vault 7 CIA documents? Should WikiLeaks be using Twitter to promote the hack of the Macron campaign, as some have reported?

The media blitz surrounding everything Assange does (including this movie) is shocking. Probably not for those participating, but for those of us on the other side of the camera and microphone. How can anyone make rational decisions in the glare of these lights? I don’t think it is possible.

Posted on 05/08/2017 3:12 PM by Fred Scholl