Post 25, 2009: What happens when 30 seconds of research shows a press release is gold-plated bullshit

Okay … so I just got a press release from a company proclaiming that its product has been given a “Gold” award in an independent test.

This is utterly “meh” to begin with.

But then I look up the tests in question and found that this release is actually gold-plated bullshit.

Here’s why.

Firstly, NINE products were given a “Gold” award in the same tests. Two were rated “Platinum ” and one fell over the line for “Silver” status.

So the vendor in question is claiming it is very important for having come somewhere between 3rd and 11th in these tests.

As it turns out, it is actually in 12th place on one of the criteria tested  – ability to detect viruses – and 3rd on its ability not to fall for false positives.

The product concerned is in a lonely place on the graph demonstrating competence in its field.

It took about 30 seconds of research to come to this conclusion.

This raises some questions, the first of which is: Why on earth would any self-respecting vendor emit a press release that points out how mediocre its products are?

Secondly: What’s happened in the PR agency responsible? This release is dross, pure and simple. Why isn’t the agency doing 30 seconds of research and advising its client not to emit a release that positions them as mediocre?

I’d argue that this release should never have been emitted, because it only takes a journo half a minute to figure out that this vendor is a follower in a very large market. As luck would have it, I was only dimly aware of the vendor’s existence before this crock  landed in my Inbox. Now I’ve mentally filed them under “irrelevant clowns.”

Good work everybody!


Post 24, 2009: So your client is an expert? Prove it with unique insights, experience and a track record of more than sales.

Scarcely a day passes on which I am not offered an interview with a supposed expert in their field.

When the alleged expert has a track record of achievement in the field, they are generally interesting interviewees.

But when the expert is a corporate hack visiting executive, I get very sceptical indeed because long experience tells me that most interviewees in this category are very expert in their company’s products, but have little independent insight into a field that lets them share something genuinely new and interesting with me and my readers.

For example, I was recently offered the chance to interview a “VP of Asia” from a network security company who was offered to me as an expert.

The email making the pitch was nonsensical and alleged the individual in question represented expertise because his company had altered its products to take account of changed technical and financial conditions. Moreover, that change had been made in the knowledge that a long list of bad things (including increased risks of natural disaster, fires, terrorism, pandemics and hard disk failure) may well happen. Apparently the revelation that security products which can protect their owners against bad things made this person especially visionary.

None of this sounds at all like the insights of an expert to me. It is merely competent to change products. Asserting that network security products are more necessary due to  increased fire risk is somewhere between loopy and insulting.

A true expert would have been capable of sustaining  a more elegant pitch, one which offered more than (economic and meteorological) climatic factors as evidence of expertise and insight.

So how can one represent true expertise?

A bio helps. The so-called expert I was offered this week had no background whatsoever offered to me. If the bio shows how the individual came by their alleged expertise, all the better. But it is very hard to believe an allegation of expertise when an individual has held a number of sales and executive positions. That indicates business savvy and decent exposure to the industry, not expertise!

So … who have I recently interviewed and found to be genuine experts?

Here are some examples:

  • A chief security officer who has worked on pioneering and high profile projects, in high profile organisations, and whose opinion is sought after by non-profit industry associations and standards bodies
  • A researcher for a prominent company whose role is to detect and analyse new vulnerabilities, then develop responses to those flaws. He’s a hands-on guy in an organisation noted for its smarts
  • A technical evangelist, employed by a vendor in a role that involves sharing knowledge with customers as part of a never-ending listening tour. This individual is also involved in standards bodies.

The PR who offered me an expert this week eventually said the reason she wanted me to meet the individual in question was that I had never written about them. Oddly, that’s a better pitch than some confected claim of expertise or insight. I often speak to companies just to learn about their activities. I consider it a necessary investment of my time. But dressing them up as an expert when their real claim to fame is that they have a job in which they are allowed to speak to the press is a real turn off that makes a company look fake and desperate. And nobody wants to be an expert at that.

Post 119: (In)Security

What’s the old saying? There are lies, damned lies and statistics?

That’s the way I feel about security statistics at the moment, given that about two or three times a week I receive “news” that research sponsored or conducted by a security vendor finds that things are pretty scary out there.

This research always includes any or all of the following assertions:

  • There is more malware/viruses/adware/generally malicious software out there than ever before
  • Things are not getting better
  • The bad guys want money, not status, which means they have an incentive to do more of it (see the first and second bullet points)
  • You’ve gotta take it seriously
  • Social networks are a risk
  • Email is a risk
  • For chrissake teach your people about phishing

Now the sheer frequency of this stuff at least confirms that everyone’s research is pretty spot on.

But from the point of view of trying to excite media about a security vendor, research is now, IMHO, worse than tired. And how is this research a differentiator? I mean, if everyone is doing the same research and coming up with the same conclusions, why is every security vendor trying to use this as its PR platform?

These questions are why I was very happy to be able to write this story in which one security vendor says there is not much difference between security vendors’ products and that “our marketing and PR people fight in public.” At least now I know one reason there is so much security research going on out there … marketers need to be seen to be busy, after all!