Amrit Williams, BigFix CTO, discusses with Jack Phillips, co-founder of IANS, the Institute for Applied Network Security. the value IANS offers to both users and vendors.

Subscribe in iTunes:

Subscribe with XML:

FULL TRANSCRIPT

Amrit Williams: Welcome! This is Amrit Williams, your host on Beyond the Perimeter. Today I am joined by Jack Phillips, who is the Co-Founder and CEO of IANS, the Institute for Applied Network Security. Jack, thanks for joining me today.

Jack Phillips: You are welcome.

Amrit Williams: I wanted to switch gears just a little bit. You had mentioned some of the modalities that you guys use to get information out. Obviously to gain great insight into what’s happening in the market you need a combination of talking to the enterprises and the customers that are being affected by certain events, and trying to make certain decisions, and you also need to couple that with how the vendor is trying to serve these enterprises. And I know you accommodate both. But I wanted to talk a little bit more about both of those and start with the enterprise side.

If you are a enterprise customer and you are struggling with security issues, how do you get involved with IANS, and what type of offerings do you have for them? You mentioned some of them, but I would like just for you to provide a little more detail on what an enterprise customer could expect if they participate in IANS, what participation looks like, and then how they get involved.

Jack Phillips: Sure. So the short answer is that you can participate on a zero dollar basis, on an à la carte basis at one end of the extreme. So, for example, you can attend one set of all events at no cost. You can submit, as a trial case, what we call an Ask an Expert query. Here is my problem, what does your community think about my problem? So that’s one extreme.

There is a lot of single blink, if you will, opportunities to enter IANS. You can buy a two-day pass to come to one of our two-day information security forums, which is a deeper dive. So in your regional city, the premise behind our events is that we bring high quality contents to your doorstep, because in an A job, you save travel restrictions, but the idea is regional in nature. So that’s kind of the next level up, and that does require a financial commitment.

Then, what generally happens is that as two or three or four team members in a given enterprise start to really understand our model, and they start to get their own queries answered, generally the leader, the senior leader in the organization will say, okay, well, maybe we should have an Enterprise Membership with IANS, and maybe we should have them support our daily, weekly, monthly, quarterly needs with written research, with verbal, what we call, Ask an Expert, as I mentioned. I won’t go into all the offerings for an Enterprise Membership, but currently they are about 70 high performing organizations that are part of that annual Enterprise Membership Group, and we are servicing them as frequently as they want. So it’s really all you can eat as opposed to a single à la carte offering.

So that’s how we have designed our offerings. It just depends on, if you are wanting a discreet answer to a question, and you really don’t want to spend time with your peers, we can help you there. Or no, I would like to take, what I think is a fairly complicated question, and I would like to spend some more time among peers, and really kind of get my own answer. So I think we can facilitate both paths.

Amrit Williams: That’s interesting. A follow-up question to that. When I was with Gartner, probably the most requested document was something called a Magic Quadrant, but that aside, the second one that we got a lot of request for were case studies, especially case studies in a company’s vertical. What we found is that companies really wanted to know what other companies within their peer group were doing.

Do you guys have a pretty broad, diverse group? Are you serving certain segments, whether they be segments by size or segments by vertical? Do you see any that dominate, or is it pretty diverse?

Jack Phillips: Well, it’s pretty diverse. When we began the business, we didn’t put any constraints by industry or company size, but instead let the group naturally grow and naturally emerge. So eight years later the profile of that group of the 70 organizations; to give you a sense of our magnitude, there are 70 organizations in our Enterprise Membership Program, it’s called the Institute Partner Program. But we manage a community of about 25,000 individual end user bodies, if you will, individual security professionals, of all different job titles. So that’s kind of the outside community. And again, many of those people don’t — they interact with us maybe just ten minutes a year, or a half an hour a year.

But to your question, what’s emerged is essentially what I say is that, if you are an enterprise and you have a lot at risk, so that’s going to narrow down some industries. If you have a lot of information at risk, you have a lot of intellectual property at risk, then you are likely going to be a member of IANS. So what you end up with is obviously high-end financial services, high-end health, and both, sort of, healthcare and health provision, as well as the insurance space.

We have a good solid group in what I will call logistics and transport. And then a good solid group in manufacturing, generally from the Midwest part of the country, and then a very strong group within the federal government.

So there are three primary sectors that we serve: commercial entities, government entities, both state and local, as well as federal, and then higher education institutions. So we are finding there is a good group of higher education institutions, whose problems are quite unique compared to the other two groups.

But within the commercial sector, it’s the kinds of industries that you would expect to see, who have a lot at stake and a lot at risk, and would suffer great losses if information leaked and/or other kinds of security, bad things happen, I guess, is the answer.

Again, under that definition of, do you have a lot at risk, you generally are going to find larger organizations rather than smaller organizations. So teams that are part of the Institute Partner Program start at, usually about five folks, and go up to 150 folks, globally, so not just in domestic U.S.

So we tend to service in that program the higher end folks, and then mid-size organizations who may be have a single security professional or a couple, they tend to frequently come to our forums. They frequently, in the sense, participate on an à la carte basis with us.

Amrit Williams: Yeah, it makes a lot of sense. Now on the vendor side, I know you also do work with security vendors. How do they get involved? What type of things do you offer for them? And how do you bring those two together, the vendor world and the user world?

Jack Phillips: Two great questions. So if you are a vendor company in the security space, we believe there are about 300 organizations that are really thriving in the information security space, and about 150 of those touch us in someway and do business with us in someway.

Essentially the value proposition for vendor companies is either a) what I will call promotional or lead generation focused. You are simply trying to reach highly qualified folks. And we tend to call that an introduction service as opposed to a lead generation service, just because the folks that are members with IANS on the user side, they are with us for a real reason; they had money to spend, they had real problems, they are a little bit further down the maturity curve.

Then the second value proposition for vendor companies is really what I will call on a strategy and kind of research and content basis. I often summarize it by simply saying, we really have our finger on the pulse of what’s on the mind of your buyers. So to the extent that you want to get feedback on your brand, on your position, on the perception, on how you are perceived in the marketplace, or you need to know, from a competitive standpoint, how the users look at your competitive landscape. Those are the kinds of services that we provide to vendors. That’s a completely different value proposition for a vendor company.

So the second generally appeals to a CEO or a Head of Product Marketing or Head of Sales, whereas the lead generation introduction services tends to be more discreet sales and marketing folks who are really looking to frankly fill their pipeline and try to get their message out.

Amrit Williams: Just to give you guys a quick plug. My company was involved in a couple of the IANS conferences. I wasn’t myself participating, but we did have our VP of Engineering out there. He came back and said that, of all of the events he has participated in, in a long time, he felt the audience was incredibly engaged and incredibly knowledgeable.

He also felt that there was a sense of them keeping the vendors presenting real, and that it would be a very difficult forum to deliver overly hyped messages that weren’t able to be backed up. It’s very common for security vendors to sell FUD, and market incorrectly. So I think that, that aspect of it is beneficial, not only to the vendor community, but definitely beneficial to the end users and the customers that are sitting in the audience, working with each other to figure out, what is a good solution.

And we forget sometimes, I mean, whatever we think of vendors, the reality is that they are there and they are serving a purpose and they are providing a product and they are trying to solve the problem, and so they are important. It is easy to feel badly about them. I know when I was at Gartner, we tended to think they were all evil. In fact, I would have liked to have seen a giant death match, where you just kind of put Cisco and IBM and HP in a big room, and whoever comes out less bloody is the winner.

Folks looking to get more information on IANS, the IANS website is ianetsec.com or .org?

Jack Phillips: It’s actually ianetsec.com.

Amrit Williams: Okay. Thank you very much. Jack, thank you for joining me today. It was a pleasure speaking with you, and I wish you guys the best. I will talk to you soon.

Jack Phillips: Thank you.

Announcer: You have just listened to Beyond the Perimeter, sponsored by BigFix Inc. Views expressed on this Podcast are the personal opinions of Podcast participants and do not reflect official positions of their employers or BigFix.

Thanks for listening.