Grounded in the Cloud
Showing results for 
Search instead for 
Did you mean: 

My cloud Learning Journey: Part 4 “Rocky Mountain High Security”




large (3).jpgGuest Post by Tim Clayton, Marketing Business Services

Chris Steffen is an Evangelist. He may be the world’s only agnostic evangelist. Based out of Denver, Colorado, he had not been with HPE too long when someone scanned his CV a second time and asked a pertinent question: “Why is it, with all your security experience, that we have you in the Compete Team?” Chris was happy enough checking out competitors’ solutions and working on new HPE ideas, but he had always felt that the new role being offered was one he was bound to one day fall into. Chris was about to become an Evangelist.

I laughed when Chris told me his role in the company, until I realized that Chief Evangelist for HPE Cloud Security was not a euphemism but an actual job title. I thought he was just having fun. After all, it is difficult to know whether someone is pulling your leg when they are the kind of person who recently blogged about how the downfall of the Empire in the Star Wars films was as a result of poor data security measures implemented in their computing systems rather than triumph of a righteous son over his power-mad, estranged father. (Apologies, maybe I should have put a spoiler alert there, but I’ll just assume that anyone reading this blog is the kind of person who has seen the films!)

starwars.jpgAs it happens, an Evangelist is a very real thing. And, in Chris’ case, it is about getting out there and sharing “a specific, positive message” with a range of people on a variety of subjects. He can talk tech nuts and bolts with engineers or the ROI benefits of security with CIOs. 

I entered my chat with Chris with my usual misconceptions in mind. As seems to be the case in these learning sessions, I got a crash course in being wrong and had my eyes opened to a lot of new concepts. However, with this chat more than any of the others in this series, I felt I was on safe ground when talking about security. I write marketing materials for HPE and come across security all the time; I know a thing or two about the topic. Therefore, it was quite a surprise to me how wrong I was about a few things:

Misconception One: The more we scare, the more they care.

We get the idea here; it is the absolute basic of any marketing message around security. To get people to care about security, we need to scare the living daylights out of them with facts concerning the number of breaches, prognoses of how it will hit a company’s bottom line, and doomsday predictions for companies who treat security lightly.

Chris shrugs this off. He’s heard it all before and it just isn’t the positive message he is trying to put out there. “I’m so over fear-mongering. It’s old news. Everybody gets that they need security and if you are working in an IT management position in a firm of any real size and don’t feel like you need security, you must have been living under a rock for the last decade and are not fit to do the job. Such people should be fired,” he says. “Businesses don’t need doomsday scenarios any more. They are desensitized to it. What they need is to hear about security products for increasing ROI, which security solutions have the most viable maintenance costs for them in the long term, and which will help them meet regulatory requirements relevant to their operations.”

Chris is all about positivity. It is a word that comes to my mind over and over again as I listen to him speak. But where I disagree with him is that everyone already sees that scare-mongering is old hat. The vast percentage of the security-related content I am given to work on (and the things I have created myself) are still coming from the flashing-red-lights-and-warning-flares point of view. It took Chris and his enthusiasm about two minutes to convert me to his point of view that this is not the way we (or I) should be talking about security.  

 Misconception two: Sell, sell, sell…

An Evangelist is a fancy name for a salesman, right? As a company, HPE is in the business of selling products and making money. It may be a little tasteless to say but it is our bread and butter.

As I said, Chris may be the world’s only Agnostic Evangelist. HPE may pay his salary (and he is a proud and solid representative of the company), but he doesn’t see himself as “selling” anything. Not directly, at least…

“The way I see it, my job is to go in and inform people about the best security solutions and tell them about trends and the state of the world we are living in. All I want to do is build a rapport and trust,” he says. And if that means recommending the competition in cases where their solution is outstripping HPE or where we don’t have a niche covered, Chris will go right ahead and do so. For him this isn’t bad business, it is good security… and for Chris that comes first.

The payoff is that HPE has been a leader in security for decades—even if Chris feels we do slide under the radar sometimes. We have, in his opinion, some of the best solutions out there. “If I recommend a competitor’s solution, it is helping the customer get the best product for them at that time. But they will trust HPE enough to come back and ask us about their next solution. We are a huge company which is very well positioned in the security world—we are going to pick up enough business along the way.”

Again, it is a positive and refreshing approach.

 Misconception three: SMBs are failing the security test because they are not aware of the need to protect.

This is another statement where I was sure of my ground. It turns out I was, for once, at least half right. We’ve all seen the horror stories and recent reports about how many SMBs are being targeted and how often… and how much it is costing them. I had personally put this down to SMBs thinking that they will not be targeted because there are bigger fish to fry. This is right to some extent; SMBs may think they are not worth attacking, but hackers are starting to work out the economies of scale. Why go to the effort—and expose themselves to the extreme risk—of attacking huge companies for huge (ill-gotten) gain, when they can pick off hundreds of unprotected small businesses with the incremental gains adding up to a stack of cash?

But that does not mean SMBs are not aware. Like the hackers, many businesses are simply gambling until they get caught. They know that the security issue is real but they feel it is not going to happen to them, or, as Chris puts it: “Being aware of the risk and understanding it are different things altogether.” Given a straight choice of what to do with a set amount of surplus money, companies want to innovate not build firewalls. They would rather pay an extra worker’s salary than think about a data encryption investment. In its own way this is admirable, but it cannot last forever. At some point a business will get exposed and then start feeling sorry for itself. As Chris puts it: “They do nothing for years, even when they have the money to invest in security, then ask ‘Why me?’ when they get a virus.”


Misconception four: Nothing ever changes.

And on that last point, my own pessimism—in contrast to Chris’ optimism—tells me that nothing will ever really change. Years from now there will still be some SMB owner who clicks on a dozen popup ads and then bemoans his bad luck when the servers get fried.

“I think these will be isolated cases,” Chris concludes. “The ‘Security 101’ chat that we have with people will still exist, but it will be rare that we have to use it. It certainly won’t be like it is nowadays. People are learning and they will stop thinking about security as an additional product only for dealing with ‘what if’ scenarios. We will never beat the hackers but we will educate people to a level where very few will be unaware of basic mistakes like using their first name as a password.

“I will still be evangelizing in ten years but, hopefully, security will no longer be about disaster aversion in people’s minds. I want to show people how good security can help them build better apps, how it can increase ROI, and how it leads to better business.”

I’m sold on the idea… not that Chris is selling anything, of course.

About the Author


I manage the HPE Helion social media brand accounts promoting the enterprise cloud solutions at HPE for hybrid, public, and private clouds.I have put my toes in the ocean of cloud evangelism for the enterprise IT industry. But my expertise is in Social Media and Digital Marketing.

Jan 30-31, 2018
Expert Days - 2018
Visit this forum and get the schedules for online HPE Expert Days where you can talk to HPE product experts, R&D and support team members and get answ...
Read more
See posts for dates
HPE Webinars - 2018
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all