Tuesday, October 20, 2009

Thoughts on David Rice and understanding the infosec customer

David Rice of "geekonomics - the true cost of insecure software" fame just did a keynote at the govcert conference expousing the benefits of understanding the security industry's customers .
He shared some very valid thoughts with us, namely:


* There is no one size fits all "platonic ideal" of a security program. Each organisation has a different risk profile and risk appettite and requires a different approach. There is no one perfect security programs but perhaps there are many perfect security programs.


* By understanding who are "customers " are and by conducting detailed analysis of our "customers" wants/needs/buying process etc. as an industry we can develop tailored "products" for them. By products I mean legislation, regulation, standards, blueprints, technical protocols etc.


* This will help the security industry mature and better meet the needs of its customers and identify untapped pockets of growth.

If I was going to start doing some "horizontal segmentation market research" for the security industry some of the market segments I would be likely to identify would be:

CONSUMER


Internet Connected Pensioner
Mum and Dad
Gen X slacker
Hyperconnected Gen Y

SME


Risk unaware one man band
Risk adverse One man band
Risk embracing One man band
Risk embracing growing young company

Risk adverse static small business

ENTERPRISE


Infosec manager
Undertrained Infosec analyst
IT project manager
Risk adverse Business line manager
Risk embracing Business Executive
Overstressed IT Operations manager
IT nerd

GOVERNMENT


Law/Business background legislator
Cybersecurity Czar
Technocrat

By analysing the wants and needs of these market segments in more detail perhaps we may be able to;

* identify legislation that matches the risk profile and risk appettite of the organisation and the market segment

* package up security policy, procedure and technology suitable for market segments that is actually attractive to the end users (perhaps from a fear sell to a greed sell to coin Schnier) and is not what we think they want but what they really want.

* Develop "marketing approaches" that resonate with the customer and educate rather than FUD and hoodwink tactics. E.g. Address legislators valid concerns about child protection online with actually effective approaches

Posted by Matthew Hackling at 6:07 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Infamous Agenda © 2008. Design by :Yanku Templates Sponsored by: Tutorial87 Commentcute
This template is brought to you by : allblogtools.com Blogger Templates