Either there is a conspiracy to get me to blog or Mike Rothman is trying to get a rise out of this here Pragmatic CTO.
Mike decided to use us to get a few burdensome thoughts off his weary chest in his latest podcast. Yes, again. Well, I have something I have to get off my chest too. Blog trolls are lame. It’s a webcast title. Get over it.
Away from his soapboxy blog Mike Rothman is probably a fairly regular guy with regular guy ups and downs. On a good day Mike might come up with some true insight into the security market. On a bad day he is just as likely to feed his audience a fried baloney sandwich. Generating content worthy of daily attention isn’t a trivial task for a one man operation, even if the man behind the golden mike does have talent on the loan from god. And so on the slow news day Security Incite turns into a bad imitation of the Drudge Report.
Exhibit one: Pragmatic CSO number 10, where Rothman goes on a 6 minute rant about Alert Logic misleading simple minded IT folks into thinking PCI compliance can be easy. From start to finish the whole thing has the stench of cheap rabble rousing, having little more substance than your average non sequitur Michael Savage rant. Like any professional talking head, Rothman loves to jerk the emotional chain to get a rise out of his audience. This brand of showmanship doesn’t rely on critical thought, insight or even a stray factual point. What it does have is a bitchin Guns and Roses guitar riff as an intro and a breathless tirade about the injustice besieged on the world by the unassuming staff in our marketing department.
What do these guys have in common? They love baloney.
The podcast is actually quite amusing, especially if you enjoy talk radio. Mike starts off with a rather hollow apology to Alert Logic. Then he throws everything but the kitchen sink at us. We’re disingenuous. We’re greedy. We’re annoying. We make him want to puke. We prey on customers worst fears. We’re everything that’s wrong with security marketing.
So what is it that Mike is so wound up about? It’s nothing he heard on our webinar. I don’t think he even bothered to listen in. It is… wait for it… wait for it… the title of our event – Simple & Affordable PCI Compliance with Alert Logic. Yes, you heard it right. We made security sound easier than it actually is and now Mike Rothman wants to hurl all over his RSS feed.
Here’s the truth – Mike has no earthly idea whether our products simplify PCI compliance or not. In fact I would be surprised if Mike had more than a superficial understanding of what we do at all. He has never seen a demo of our product. I doubt he has talked with any of our customers. Instead he lobs insults from his ivory tower of blogosphere pseudo celebrity.
He doesn’t know or care that we are the first and only product on the market that provides a true multi-tenant log management solution in the cloud. Buzz words removed, that means that even the smallest businesses facing PCI compliance can now implement log management without having to buy servers or storage, deploy any software or agents. No need to size your archival requirements, no need to have a huge capital outlay, no need to have a backup strategy. Just turn up our SaaS product, tell it how long to keep the data and off you go – log are fully searchable, reportable and archived for as long as you want within days, rather than months.
If that’s not easy enough, you can also run PCI scans and fill out the Self Assessment Questionnaire in the very same product at no additional charge. Now you don’t have to deal with multiple vendors. Need to scan your network internally? Or monitor your network for intrusions? That’s built right in the product as well. We even have an incident and case management system built in, if you want to implement and track a number of controls in one place.
Now, I understand why Mike has never expressed much interest in us. Alert Logic doesn’t fit the mold of the big is the new small baloney Rothman loves to hand out. Most of our customers don’t even have dedicated security staff, so they aren’t going to buy the Pragmatic CSO book Mike peddles on his web site. Otherwise, Mike would have chosen a far more interesting target for his rant. Here are my picks: McAfee has an Easy PCI Plan they would love to sell you, GFI published a riveting 14 page white paper called PCI DSS Made Easy and ControlScan is my personal favorite with their PCI Compliance 1-2-3 product.
I have nothing against Mike Rothman and once I get this out of my system I am going back to reading his blog again (its a single best way to keep up with security news). I just wish he found a way to drum up business for his blog that didn’t involve using us as a punching bag. And if he wants to learn a bit more about what we do and THEN tear into us because he believes we deliver a terrible product, that’s absolutely fine by me. At least I won’t feel like that poor girl with baloney stuck to her behind on the Howard Stern Show. Or is that too much to ask?
I am going to stop hyperventilating now, but I’ll leave you with this offer. Come tell us about how you are addressing the vulnerability, threat or log management requirements of PCI compliance. I am pretty sure we can help you simplify your PCI effort. If you find what we do disingenuous or misleading, I will personally buy you a copy of the Pragmatic CSO book. Even if we cannot help you make PCI “easy”, at the very least you can learn how to guarantee your job security.
{ 11 comments… read them below or add one }
HAHAHAHAHAHAHAHA!!!!
Great stuff Misha. Thanks to Rothman for getting you to blog.
But funny stuff aside, though I have not heard Rothman’s podcast yet, I tend to agree with the general feeling of resentment towards marketing departments. There seems to be this fine line out there where marketing departments of security vendors say, “we are only talking about a portion of PCI, not the whole thing.” I understand brevity in marketing. You have to catch the eye. But this type of marketing is really getting old.
And everyone has to face the fact that there is a difference between marketing departments and the technical staff. If Mike came in to see your stuff (as I have) and talk to your people (as I have), I think he would be impressed. But his rant (again, haven’t heard it yet) would probably still be legit when it comes to marketing departments.
Michael
His rant about marketing departments would be legit if it was about marketing departments. His rant, in fact, is about a title of our event. He even admits that once you get past the title it gets very clear very fast. What should the title be, exactly?
Limited Aspects Of PCI Compliance Made A Little Easier?
PCI Compliance Made Easy For 1/3rd Of The Requirements?
PCI Compliance Made Easy, But Not Too Easy As To Avoid Becoming Linkbait For Mike Rothman?
Just finished listening. Here’s my take.
First, he WAS talking about marketing. The title of the event may have not created by your marketing department (you tell me), but it is still marketing. And he mentioned marketing several times in the podcast.
Second, I understand the issue with creating a title for the event is difficult (the last one is hilarious, BTW). And you’re right, the description of the event is a lot more descriptive and “honest” than the title.
Really, it comes down to the POV. As a former buyer of technology, I got very pissed about this kind of thing, and it seems to have become more of a problem for me now that I am trying to help multiple clients. Maybe people just need to start expecting that vendors are not offering full compliance to PCI with these events. Realistically, the client should be smart enough to know that no one offers full compliance and makes it easy. But if they did know that, then why would this kind of marketing be effective?
I think the title could simply be “Helping with PCI Compliance” or something extremely catchy like that.
Michael
What you are talking about is semantics. I think it’s silly for marketing people to craft event titles specifically with anal retentive bloggers in mind.
I’ll get our marketing department to pay attention to this nonsense just as soon as Mike Rothman makes it clear in the titles of his blog posts that his real intent is pushing his Pragmatic CSO book. Deal?
BTW, I see no massive flood of comments on either of Rothmans blogs about this topic. Where is the public outrage? In contrast, not one of the participants in our webcast told us they felt misled in any way. Several have called in and asked for the slides, however.
Is it possible Mike was blowing the whole thing out of proportion?
Misha- take a deep breath and step back from the computer. Remember the words of Ralph Cramden. “needles and pins, pins and needles, it is a happy man that grins” Now smile!
Talk with you soon
“Is it possible Mike was blowing the whole thing out of proportion?”
Very possible.
But Misha, if you have ever read my blog, you know my stance on marketing. I think many manufacturers use their marketing as fly traps, and then they feed the real story after the security guy is trapped. I am not saying you are doing that here. Hell, as marketing goes, I really didn’t think twice about your title. I probably would not even have said anything about it had you not shot back at Rothman (kinda sorry that I have did so now).
Like I said in my other comment, marketing is different than the people doing the heavy lifting. I know the difference with you guys, and I think Rothman does as well to the degree that he knows you guys (from RSA). You just happened to be the target of convenience. It sucks that he picked on you guys to make the point, and I understand you getting upset about it. But I cannot blow his point out of the water because, in general, I agree with him.
Look, we are all in this to sell. You know that. Mike knows that. I know that. I am not here to defend or vilify either one of you for your capitalistic motivations. I have a problem with marketing tactics sometimes, but I also realize that the vendor spouting off those lines might bring me into the deal. As long as the sales guy is not lying his ass off, then I tend to be fine. I guess I am kind of an idealist with realistic tendencies (kind of like my liberal, anti-big business buddy who works at and oil company because he gets paid very well).
Michael
Interestingly enough, I must admit that the small amount of feedback we received from the attendees was positive. People thought the presentation was good and informative and most attended the event through to the end. There were several questions offered up and a few were responded to immediately during the event.
We’ve been using similar themes for quite a while and if the perception from the audience is that they’ve been duped in any way, we have yet to hear about it. Except for Mr. Rothman, of course, who admits that he’s the customer advocate. Maybe I’m off but it seems that he’s taking the initiative to be offended by the title on behalf of the customer when in the case, maybe they didn’t ask for the help.
Regardless, if the underlying intent was to spark conversation then nicely done, Mike.
Misha,
Can we still use the AlertLogic facilities to hold BayouSec, or am I banned? You know I love you guys!!
Michael
Michael,
Of course. I hope you know I am not actually upset with anyone, including Rothman. I just think that once someone goes negative they make themselves fair game. I am sure Mike won’t get his feelings hurt either. He’s a pro and professionals don’t suit up unless they are ready to play ball.
Misha
I know. Just pulling your chain. Mike definitely takes it all in stride. He and I have gone at it a couple of times as well, and we’re still buds.
(Disclosure: I’m a product manager for AL.)
I appreciate Rothman’s concern about misleading marketing, and as a security practitioner of well over a decade, I know that a company takes a risk of alienating *this* potential customer if they over promise what their product can deliver. Many times I’ve read the interesting title of a seminar only to read the details and find it didn’t even remotely meet my needs or expectations. What happens next is I pretty much write off the product and go on to another seminar. The exception that I took to Rothman’s podcast was that he felt we (security and IT practitioners) would not be able to discern a marketing pitch or hook from what the product can deliver; I was a little insulted. The podcast was thin on security or business content, and long on emotion and entertainment. If Mike’s audience needs warning that vendors are trying to sell them something, and doesn’t need product analysis based on experience or research, then I must not be his target audience. What happened next is I assumed Mike is addressing a community I don’t belong to and I’ve pretty much written off reading his web site. So, yes, beware the risk of poor messaging and content.