Generation Z is Breaking Back-to-School Spending Records

Back-to-school spending has been on an uphill trend since the end of the recession in 2009. According to the National Retail Federation, the 2019 average spend per family is the highest ever recorded ($696.70) vs. $684.79 in 2018. We’re also gearing up for a whopping $80.7B overall expected spend for back-to-school and back-to-college, which is moderately down from last year’s ($82.8B) due to a decrease in the number of households with children in elementary or high school.  

“Consumers are in a strong position given the nation’s growing economy, and we see this reflected in what they say they will spend on back-to-class items this year,” said NRF President and CEO Matthew Shay.

Amid K-12 shoppers, clothing/accessories are the leading expense  ($239.82) followed by electronics and shoes. The lowest expense category is (ironically) school supplies ($117.49). Expectedly, college shoppers are expected to spend the most on electronics (234.69), followed by clothing and accessories and dorm/apartment furnishings. 

Given the record-breaking back-to-school spending this year, Gen Z is undoubtedly a force to be reckoned with in the marketing world. They account for 25% of the US Population, and according to MarketingDive, Gen Z teens influence $600 billion in family spending per year.

Differently from Millennials, who prioritize spending on travel and experiences, Gen Z spends more on clothing and values quality and luxury goods. This generation grew up online, so their messaging should be personalized, self-aware, and authentic. Their most popularly used social outlets are Youtube (95%), followed by Instagram (69%), Facebook (67%) and Snapchat (67%), and 80% of Gen Z-ers say they’re influenced by social media while making their buying decision. The children of meme culture are realists, not perfectionists, and they appreciate a brand with personality and individuality, with 55% of them giving more attention to brands that are socially or environmentally responsible

Gen Z is like no generation before- they’re realists, advanced technoholics, and they have an affinity for quality and luxury goods while also being financially pragmatic and devoted to social and environmental responsibility in their buyer decision journey. With this generation gearing up for the workforce, we’re interested to see how Gen Z’s values and approach to money impact our future.

Digital Retail Transformation East

C-Level experts from across North America’s retail industry are coming together in Miami to anticipate the highly complex digital retail environment that will develop over the next few years.

Through a cutting-edge program designed by the industry, for the industry, we will provide a fresh and up-to-date insight to help move your organization to the next level of digital leadership. A series of executive education roundtables, keynote presentations, collaborative think tanks, educational workshops, and networking sessions will offer industry-specific topics and trends to ensure your company sustains its competitive advantage.

Are you interested in becoming a sponsor for this event? Click here today to learn more >>

Are you a Retail Executive in attending this event? Inquire here today to find out if you qualify for Millennium Membership >>

The Millennium Alliance Ranks No. 2375 on the 2019 Inc. 5000!

Inc. Magazine Unveils Its Annual List of
America’s Fastest-Growing Private Companies—the Inc. 5000

The Millennium Alliance Ranks No. 2375 on the 2019 Inc. 5000
With Three-Year Revenue Growth of 169 Percent

NEW YORK, August 16, 2019Inc. magazine today revealed that The Millennium Alliance is No. 2375 on its annual Inc. 5000 list, the most prestigious ranking of the nation’s fastest-growing private companies. The list represents a unique look at the most successful companies within the American economy’s most dynamic segment—its independent small businesses. Microsoft, Dell, Domino’s Pizza, Pandora, Timberland, LinkedIn, Yelp, Zillow, and many other well-known names gained their first national exposure as honorees on the Inc. 5000.

Alex Sobol, Co-Founder & Managing Partner of The Millennium Alliance had this to say about Millennium receiving this incredible honor. “Since day one, we always knew what we were capable of. That with an obsessive focus to every detail, forcing ourselves to the bring our very best each and every day, setting the highest of standards and never ever thinking anything was impossible, which is what helped us to achieve this awesome milestone. Add into the mix, hiring the best and the brightest, building strategic partnerships with the greatest brands in the world, 169% revenue growth, and a great product offering, not only got us to this point but also excites us even more for what’s ahead. We are humbled to be in such great company with so many innovative organizations and know as long as we stay true to our core values, there is nothing we cannot achieve. Congratulations to all that helped get us here.” #bleedblue

Not only have the companies on the 2019 Inc. 5000 (which are listed online at Inc.com, with the top 500 companies featured in the September issue of Inc., available on newsstands August 20) been very competitive within their markets, but the list as a whole shows staggering growth compared with prior lists. The 2019 Inc. 5000 achieved an astounding three-year average growth of 454 percent, and a median rate of 157 percent. The Inc. 5000’s aggregate revenue was $237.7 billion in 2018, accounting for 1,216,308 jobs over the past three years.

Complete results of the Inc. 5000, including company profiles and an interactive database that can be sorted by industry, region, and other criteria, can be found at www.inc.com/inc5000.

“The companies on this year’s Inc. 5000 have followed so many different paths to success,” says Inc. editor in chief James Ledbetter. “There’s no single course you can follow or investment you can take that will guarantee this kind of spectacular growth. But what they have in common is persistence and seizing opportunities.”

The annual Inc. 5000 event honoring the companies on the list will be held October 10 to 12, 2019, at the JW Marriott Desert Ridge Resort and Spa in Phoenix, Arizona. As always, speakers include some of the greatest innovators and business leaders of our generation.

About The Millennium Alliance
Headquartered in Midtown Manhattan, The Millennium Alliance is a leading technology, business, and educational advisory firm. Focusing primarily in areas such as business transformation, executive education, growth, policy, and need analysis, Millennium is quickly becoming one of the most dynamic locations for collaboration across the world.

We provide a framework for Fortune 1000 C-Level executives, leading public sector/government officials, and thought leaders across a variety of disciplines, to meet their peers, understand industry developments, and receive an introduction to new technology and service advancements to help grow their career and overall company value. With a constant thirst for a conversation that has real value, it is our duty to provide a platform for all leaders to further develop in an ecosystem of innovation and knowledge so all parties can continue to shape the real purpose of business: to make things efficient and worthwhile.

CONTACT:
Greg Dicso
Vice President, Marketing
greg.dicso@mill-all.com

More about Inc. and the Inc. 5000

Methodology
The 2019 Inc. 5000 is ranked according to percentage revenue growth when comparing 2015 and 2018. To qualify, companies must have been founded and generating revenue by March 31, 2015. They had to be U.S.-based, privately held, for-profit, and independent—not subsidiaries or divisions of other companies—as of December 31, 2018. (Since then, a number of companies on the list have gone public or been acquired.) The minimum revenue required for 2015 is $100,000; the minimum for 2018 is $2 million. As always, Inc. reserves the right to decline applicants for subjective reasons. Companies on the Inc. 500 are featured in Inc.’s September issue. They represent the top tier of the Inc. 5000, which can be found at http://www.inc.com/inc5000.

About Inc. Media
Founded in 1979 and acquired in 2005 by Mansueto Ventures, Inc. is the only major brand dedicated exclusively to owners and managers of growing private companies, with the aim to deliver real solutions for today’s innovative company builders. Inc. took home the National Magazine Award for General Excellence in both 2014 and 2012. The total monthly audience reach for the brand has been growing significantly, from 2,000,000 in 2010 to more than 20,000,000 today. For more information, visit www.inc.com.

The Inc. 5000 is a list of the fastest-growing private companies in the nation. Started in 1982, this prestigious list has become the hallmark of entrepreneurial success. The Inc. 5000 Conference & Awards Ceremony is an annual event that celebrates the remarkable achievements of these companies. The event also offers informative workshops, celebrated keynote speakers, and evening functions.

For more information on Inc. and the Inc. 5000 Conference, visit http://conference.inc.com/.

Is the End of Self Regulation in Data Privacy Here?

Now more than ever, people want their data protected. This doesn’t come as a shock given the countless data privacy scares we’ve experienced this year- the FaceApp frenzy, the hacking of 100 Million Capital One credit card accountsthe revelation of Alexa listening and transcribing private conversations, and strangely similarly, Facebook’s recent admittance to using third-parties to transcribe audio messages in their Messenger app. The Advertising Research Foundation recently reported that consumers aren’t enticed by the promise of personalization in exchange for data, and their willingness to give up this information is dropping significantly

Their study showed that compliance to share a home address has dropped from 41% to 31%, while those willing to share an email has dropped from 61% to 54%, and the willingness to share a spouse’s name dropped from 41% to 33%. Participants of the study responded that they understand why user data is of importance for advertising purposes, but aren’t necessarily knowledgeable regarding terminology or more technical tactics, which may further incite anxiety and skepticism when these data breaches do arise. The Advertising Research Foundation’s study implies that consumers are more involved in the discussion of cybersecurity and data privacy, and they’re becoming more wily and selective when it comes to what they’re willing to share. 

Although Facebook’s $5B Fine didn’t hold enough weight to even rock their stock prices, marketers are gearing up for the end times of self-regulation and laissez-faire data policy laws. More than likely, the California Consumer Privacy Act (CCPA) will be set to go into effect starting 2020, which the International Association of Privacy Professionals called, “the most influential privacy law the United States has ever seen.” According to their website, the law is set to accomplish three things:

  1. Protect your right to tell a business not to share or sell your personal information.
  2. Gain control over the personal information that is collected about you.
  3. Hold businesses responsible for safeguarding your personal information.

This law is set to bring about transparency in a more tangible way by allowing users to request information on what specifically was collected, who it was shared with or sold to, and why this information was acquired. It also allows California citizens the right to request deletion of personal information, and even the right to opt-out of their data being sold to third-parties. Given the massive scale of data privacy breaches in recent years, it goes without saying that something needs to change, and the CCPA may be a precursor of what’s to come at the national level. Although programmatic third-party cookies have been the name of the game for many marketers of the last decade, we expect that there will be a shift towards advanced contextualized targeting in a future where data privacy is more distinctly regulated.

Digital Marketing Transformation

With 53% of Marketers planning on adopting Artificial Intelligence in the next 2 years, the digital marketing revolution is just getting started. CMOs and CDOs alike are seeking new ways to maximize their digital reach to attract new business to, as well as deliver enrich, personalized experiences to existing customers.

The Digital Marketing Transformation Assembly will bring together North America’s most prominent digital marketing technology and business leaders from all major consumer-driven industries to discuss the latest technology, innovations, and strategies driving digital marketing in 2019 and beyond.

Are you interested in becoming a sponsor for this event? Click here today to learn more >>

Are you interested in attending this event? Inquire here today to find out if you qualify for Millennium Membership >>

3 Tips to Help Optimize Your Checkout Experience and Keep Customers Coming Back

Are small mistakes driving customers away and costing you business?

This article was written by Monica Kozak, Bank of America Merchant Services

The explosion of eCommerce is wholly transforming the way retailers and consumers do business. Reports show that retail eCommerce sales jumped nearly 15 percent in the third quarter of 2018 compared to the same time period the year before – and they’ve increased every quarter since 2009.

Now that more websites, mobile apps, and social media channels have made shopping faster, easier and more convenient, consumers expect a seamless experience every time they shop online. Any point of friction they encounter significantly increases the odds of them taking their business to a competitor that makes the shopping experience easier. 

Simply put, if customers don’t finish checking out, your business won’t profit. 

By tweaking a few small details in your checkout process, you may improve your conversion rate by up to 35 percent or more. Here are three tips, presented by Bank of America Merchant Services, to help optimize your checkout experience and usher customers through the cart-to- conversion journey. 

  1. Make it quick 

According to a recent Baymard study, more than a quarter of shoppers will abandon their online carts if the checkout process is too long or complicated. 2 On top of that, more than a third of respondents from the same study won’t make a purchase if they have to create an account. To help increase conversions, it’s important to limit the number of clicks and fields required to checkout on your website or mobile experience. 

One way to reduce the amount of clicks is to provide pre-populated forms for returning customers. Prompting shoppers to use saved information, or auto-populating a billing address that matches a shipping address can help save time and avoid repetitive steps. 

When it comes time to pay, Bank of America Merchant Services has found that customers are sometimes uncomfortable with payment screens that redirect them to “new” webpages to enter their payment information. 

Keeping the overall customer experience in the same page flow – where customers aren’t redirected to new screens – can help streamline the purchase journey. Try to keep the number of checkout pages to a minimum, and avoid re-directing the consumer to a new window. 

1 Statista, “Retail e-commerce sales in the United States,” 2019. 2 Baymard, “Cart Abandonment Rate,” 2018. 

  1. Disclose costs and shipping information upfront 

Product price and shipping costs are key decision-drivers for consumers. Today’s consumer is greatly averse to paying for shipping – in fact, three-quarters of consumers expect free shipping. 3 But, if that’s not an option, they’re often willing to pick up their order in a store. 

Offering online shoppers the ability to order an item on your website and pick it up at a nearby store can encourage customers to complete their purchase journey. According to the National Retail Federation, more consumers are willing to meet their favorite brands halfway if it means avoiding an extra fee.

Another important step is disclosing any additional costs upfront. Being transparent earlier in the customer’s purchase journey can help reduce cart abandonment and drive conversions.5 In a recent Business Insider Intelligence report, Target was the top retailer for a reliable conversion experience largely due to its decision to show shipping options and tax immediately when an item is added to the cart.

  1. Offer multiple ways to pay 

Consumers want to make purchases with payment methods that are familiar to them. By accepting digital payments like PayPal and Apple Pay7, your business can appeal to more consumers who prefer to use newer forms of payment. 

Being strategic about accepting payment options that are trusted and common in local markets can also help increase cart conversions. 

For example, in Sweden, about 40 percent of all eCommerce sales are made through Klarna, an alternate payment method.8 If a business wants to develop a consumer base in this region, accepting Klarna is as crucial as accepting Visa in the U.S. Understanding consumer payment preferences enables businesses to offer the most relevant payment types by region, which in turn satisfies the customer and helps establish brand loyalty. 

Nearly 70 percent of online shopping carts are abandoned and, according to the Baymard study, most happen during checkout. By adjusting the checkout experience to deliver a quick and transparent process, businesses can increase their cart conversions and capitalize on what could otherwise be lost sales. 

3 National Retail Federation, “Consumer View,” winter 2018. 4 Ibid. 5 Business Insider Intelligence, “The Mobile Checkout Benchmark Report,” 2019. 6 Ibid. 7 Apple Pay is a trademark of Apple Inc., registered in the U.S. and other countries. 8 Hui Research (http://www.hui.se). 

ABOUT DIGITAL RETAIL TRANSFORMATION ASSEMBLY

C-Level experts from across North America’s retail industry are coming together in Dallas in August to anticipate the highly complex digital retail environment that will develop over the next few years.

Through a cutting-edge program designed by the industry, for the industry, we will provide a fresh and up-to-date insight to help move your organization to the next level of digital leadership. A series of executive education roundtables, keynote presentations, collaborative think tanks, educational workshops, and networking sessions will offer industry-specific topics and trends to ensure your company sustains its competitive advantage.

Are you interested in becoming a sponsor for this event? Click here today to learn more >>

Are you interested in attending this event? Inquire here today to find out if you qualify for Millennium Membership >>

How to Activate on CDP Data: Combine Your CDP and Personalization Technology

This article was written by Andy Zimmerman, Chief Marketing Officer for Evergage.

Personalization is a top investment priority for retailers in 2019, according to a recent Forrester report. And McKinsey says that “personalization will be the prime driver of marketing success within five years.” It’s clearly something that retailers can’t afford to ignore.

In order to personalize an experience, you need a good understanding of who that person is. In other words, you need to be able to collect and interpret customer data. 

You’re already collecting data about each customer and prospect across interactions and channels: in your store, on your website or mobile app, with your emails, via social media, through your advertising, and more. Each interaction produces data — data that can be used to better understand that person’s needs and preferences. 

But this data can’t be used successfully when it’s scattered across your organization. That’s where the customer data platform (CDP) comes in. Within a CDP, each person, whether known or anonymous, has a single profile that contains all relevant data from a variety of sources including purchases, browsing history, email interactions, attributes, subscriptions, loyalty membership and status, interests and preferences, browser type, location, demographics, predictive scores (like expected life-time value), and more.

Most retailers have already heard of the emerging CDP category, so I’m not going to get into the details of what CDPs are. Instead, I want to focus on what to do with your CDP data once you have it all together.

What to do with a CDP: Activation

In order to personalize using data from a CDP, you have to be able to activate it. Activation of CDP data can take many forms. For example, you could use CDP data to:

  • Determine which promotions or offers to target to each person based on his or her past behaviors, interests, loyalty program status, etc.
  • Deliver digital ads only to people most likely to be affected by them — and avoid spending money advertising to loyal customers who are more likely to purchase on their own.   
  • Ensure web and email CTAs are always relevant to the recipient (for example, removing/changing CTAs for actions a person has already taken).
  • Recommend content, products, brands, and more based on everything that is known about that person – in the moment and over time.

Many retailers view the ability to act on customer data to deliver personalized experiences as functionality that should exist outside the CDP. But I disagree. It belongs within the CDP itself.

How to Activate Efficiently: Combine CDP and personalization

Delivering these kinds of personalized experiences requires two types of functionality: insights and engagement. Often, these functions are performed by two systems.

  • System of insight: Aggregates customer/prospect data and enables an analysis of that data.
  • System of engagement: Delivers experiences to customers/prospects in one or more channels and enables measurement of the outcome.

However, having two platforms – one for insights and one for engagement – effectively creates a technology environment with two “brains.” Clearly, systems of insight are a type of advanced, centralized brain full of customer data that generates insights from that data. That’s certainly the type of functionality you want in your CDP.

The reality, though, is that to execute campaigns that engage audience members at a 1-to-1 level (and in real-time), a system of engagement must also act as a brain. It needs to leverage machine learning to sift through the vast amount of customer data and make the best decision about which experience, content, promotion, message or recommendation to deliver to each individual at any given moment (e.g., a person who just landed on your website, is opening your most recent email, is calling into your call center, etc.) and then deliver that experience…in milliseconds.

The only way to deliver true 1-to-1 experiences in real-time is to combine your personalization and customer data platform.

Here’s an Example

Let’s say you wanted to send an email to all the customers in your loyalty program. Your CDP would pass a segment of loyalty program customers to your ESP to do so. That’s pretty simple. 

But what if you wanted to personalize the email by featuring different creative based on each person’s favorite category? Then your CDP needs to pass several segments to your ESP (a segment of loyalty program members whose favorite category is women’s shoes, a segment of loyalty program members whose favorite category is men’s pants, etc.). 

And what if you wanted to tailor the content of the message even further to include different promotions depending on whether loyalty program members had visited your website in the last month? Then you’d need to create double the number of segments. You’d have one segment of loyalty program members whose favorite category was women’s shoes and who had been on the site in the last month, plus loyalty program members who have the same favorite category but who had not been to the site in the last month, etc.

It’s clear that managing all of these segments and mapping them to specific campaigns in your ESP can quickly get out of control.

However, if you use a CDP that can also activate the data directly, it doesn’t need to rely on segments passed between systems. It can analyze all of the data available within its own system and leverage machine-learning algorithms to select and present the most appropriate experience for each person. This is a much more scalable and personalized approach.

Final Thoughts

My colleague, Meera Murthy, VP of Strategy at Evergage, will be attending the upcoming Millenium Alliance Digital Retail Transformation Assembly on August 26-27 in Dallas, TX. If you’re interested in learning more about how Evergage can help you combine your CDP and personalization technology to deliver 1-to-1 personalization at scale, please schedule a strategy session onsite at the event.

ABOUT DIGITAL RETAIL TRANSFORMATION ASSEMBLY

C-Level experts from across North America’s retail industry are coming together in Dallas in August to anticipate the highly complex digital retail environment that will develop over the next few years.

Through a cutting-edge program designed by the industry, for the industry, we will provide a fresh and up-to-date insight to help move your organization to the next level of digital leadership. A series of executive education roundtables, keynote presentations, collaborative think tanks, educational workshops, and networking sessions will offer industry-specific topics and trends to ensure your company sustains its competitive advantage.

Are you interested in becoming a sponsor for this event? Click here today to learn more >>

Are you interested in attending this event? Inquire here today to find out if you qualify for Millennium Membership >>

Round of Applause for Stefanie Strack, our Newest Keynote Speaker!

The Millennium Alliance is proud to announce Stefanie Strack, Founder & CEO of Voice in Sport and Former CEO of Rag & Bone, as the Keynote Speaker at our Transformational CMO East and Digital Retail Transformation East Assembly taking place on September 17 – 18th at The Mandarin Oriental in Miami, FL.

About Stefanie Strack:

Stefanie is an innovative executive with a passion to lead and inspire teams through transformational change. She has over 14 years of experience at Nike leading large scale corporate change across both small and large business units ($250M- $3.5B). Stefanie has a unique leadership background with experience across Merchandising, Product Creation, Sales, Strategy, Digital, Supply Chain and General Management.

In her last role at Nike, she created a new division called Express Lane which reimagined the way to serve consumers the most relevant product, at speed. Most recently she was the CEO of Rag & Bone in NYC. Today she is creating a new company focused on females in sport called Voice in Sport™ & VIS™.

Stefanie is living in Brooklyn NYC with her creative husband Alan Strack and two kids Siena (6) and Parker (3). She is originally from Alaska and played D1 soccer in college.

Digital Retail Transformation East

C-Level experts from across North America’s retail industry are coming together in Miami to anticipate the highly complex digital retail environment that will develop over the next few years.

Through a cutting-edge program designed by the industry, for the industry, we will provide a fresh and up-to-date insight to help move your organization to the next level of digital leadership. A series of executive education roundtables, keynote presentations, collaborative think tanks, educational workshops, and networking sessions will offer industry-specific topics and trends to ensure your company sustains its competitive advantage.

Are you interested in becoming a sponsor for this event? Click here today to learn more >>

Are you a Retail Executive in attending this event? Inquire here today to find out if you qualify for Millennium Membership >>

Welcome our Newest Keynote Speaker, Bob Evans!

The Millennium Alliance is proud to announce Bob Evans, Founder of Evans Strategic Communications and Former Chief Communications Officer at Oracle, as the Keynote Speaker at the Digital Enterprise Transformation and FSI Transformation Assembly taking place on November 13 – 14 at The Biltmore in Miami, FL.

About Bob Evans:

Bob Evans is one of the world’s leading analysts of the technology industry and the global phenomenon of digital transformation. In 2012, he was recruited by Oracle founder Larry Ellison to be the company’s first chief communications officer, and he left there after 5 years to launch the two businesses he runs today: Evans Strategic Communications LLC and Cloud Wars Media LLC. He’s given keynote talks about business innovation, digital transformation and customer-centric business on every continent on Earth (well, not Antarctica), and his daily analyses of the enterprise-technology market can be found on his media-company website at CloudWars.co.

Digital Enterprise Transformation Assembly

As more and more businesses look to digital technology and strategies to transform their business, CIOs know that data and information technology have never been more important. Understanding the convergence of mobile, social, and cloud is the first critical step for organizations looking to create opportunities and stay ahead of the competition.

The Millennium Alliance is thrilled to present our bi-annual Digital Enterprise Transformation Assembly, put together by the industry, for the industry. Join us in Miami, FL. for a series of executive education roundtables, keynote presentations, collaborative think tanks, educational workshops, and networking sessions will offer industry-specific topics and trends to ensure your company maintains its competitive advantage.

Are you interested in becoming a sponsor for this event? Click here today to learn more >>

Are you interested in attending this event? Inquire here today to find out if you qualify for Millennium Membership >>

 

Does a $5B Fine Change Anything for Facebook?

The past 2 years have been trying times for Facebook- In February of 2018, German and Belgian courts ruled that the company broke data privacy laws for failing to ask users permission before collecting data for advertising purposes. March 2018 brought us the Cambridge Analytica scandal, releasing that 87 million users had their data acquired by the British political consulting firm, Cambridge Analytica, for commercial use. November exposed Facebook’s racial discrimination issues and December found a flaw in security that allowed app developers to have access to users’ unpublished photos. 2019 has Facebook in and out of court, and now they’re facing a $5B fine from the FTC. The $5B fine is unprecedented, actually, it’s 20x’s greater than the largest privacy/data security penalty ever exposed, but many call to question whether the levy renders any consequences for the tech giant.

Upon the approval of the FTC’s $5B fine, stock prices jumped 1.8%, and Q2 generated $15B in revenue with $3B of that being set aside for the anticipated fines. That being said, $5B is somewhat of an arbitrary amount of money for Facebook, and the settlement holds no one liable for Facebook’s privacy violations – meaning Mark Zuckerberg holds 0 responsibility for the repeated offenses.

Something needs to change, but can we truly rely on Facebook to create, implement, and maintain better privacy policies for the long term? The FTC is requiring Facebook’s transparency on consumers’ public and private data usage with third parties, as well as more extensive security and maintenance of user data, but Zuckerberg himself has expressed the desire for the government to have a more direct role in internet privacy regulation. We’ve repeatedly seen the same problem occur again and again under the watchful eye of the FTC, and the scale of the scandals have only grown. For the time being, we can only hope that Facebook’s bad press in the public eye is an incentive for major structural change, especially given that a historic, billion-dollar fine isn’t enough to shake their stock price.

Transformational CISO

The Millennium Alliance is thrilled to present our bi-annual Transformational CISO Assembly, taking place in Nashville, TN.

With the instances of cyber attacks increasing, businesses of all sizes are working tirelessly to secure their networks, devices, and data. Fortune 500 organizations are especially vulnerable as they have big data pools and thousands of people who need access. CISOs need to plan for worst-case scenarios, stay ahead of the latest IT Security transformation technology, and maintain their company’s information assets, all without losing sight of the corporate culture.

Are you interested in becoming a sponsor for this event? Click here today to learn more >>

Are you a CISO interested in attending this event? Inquire here today to find out if you qualify for Millennium Membership >>

Introducing our Newest Keynote Speaker, Ben Rhodes!

The Millennium Alliance is proud to announce Ben Rhodes, Author & Former Deputy National Security Advisor, as the Keynote Speaker at the Transformational CISO Assembly taking place from November 19-20 at The Hutton Hotel in Nashville, TN.

About Ben Rhodes:

Ben Rhodes is the author of the New York Times bestseller The World As It Is; a contributor for NBC News, MSNBC and Crooked Media; the co-chair of National Security Action; and an advisor to former President Barack Obama. From 2009-2017, Rhodes served as a Deputy National Security Advisor to President Obama. In that capacity, he participated in nearly all of President Obama’s key decisions, and oversaw the President’s national security communications, speechwriting, public diplomacy and global engagement programming. He also led the secret negotiations with the Cuban government which resulted in the effort to normalize relations between the United States and Cuba, and supported the negotiations to conclude the Joint Comprehensive Plan of Action (JCPOA) with Iran. Prior to joining the Administration, he was a Senior Speechwriter and foreign policy advisor to the Obama campaign. From 2002-2007, he worked for former Congressman Lee Hamilton, supporting his work on the 9/11 Commission and Iraq Study Group. A native New Yorker, Mr. Rhodes has a B.A. from Rice University and an M.F.A from New York University.

Transformational CISO Assembly

The Millennium Alliance is thrilled to present our bi-annual Transformational CISO Assembly, taking place in Nashville, TN.

With the instances of cyber attacks increasing, businesses of all sizes are working tirelessly to secure their networks, devices, and data. Fortune 500 organizations are especially vulnerable as they have big data pools and thousands of people who need access. CISOs need to plan for worst-case scenarios, stay ahead of the latest IT Security transformation technology, and maintain their company’s information assets, all without losing sight of the corporate culture.

Are you interested in becoming a sponsor for this event? Click here today to learn more >>

Are you a CISO interested in attending this event? Inquire here today to find out if you qualify for Millennium Membership >>

Security Newsletter: Edition 3

Battling the InfoSec Talent Shortage: 3 Tips for Hiring Security Staff

“The infosec talent shortage!” “There’s too many roles and not enough candidates!” So many excuses get thrown around about why security teams can’t find talent. Let’s cut to the chase – yes, hiring is hard and there are reports of more jobs than candidates. However, many of the reasons a team can’t find talent is due to the approach used for security hiring. There are actually many tricks and techniques that can help your team-building approach.

Let’s explore 3 changes that can dramatically increase your ability to hire great security folks

#1 Get rid of the security unicorn job description

#2 The fallacy of certifications and degrees

#3 Look internally – growing security members from within your company

#1 Get Rid of the Security Unicorn Job Description

How often do you see a job description like this:  “Junior security analyst needed. Must be expert in red team and forensics. Previous experience leading organizations through ISO27001 certification. Previous coding experience required.”

Wow, let’s unpack that. We just defined a junior level analyst role, tacked on expertise in two different domains (red team and forensics), then asked for experience in a totally different domain, ISO certification experience. And, to top it off, threw in another entire profession at the end – software development. Sure, it’s farcical and exaggerated, but it’s really not that far from the truth of many job postings. This brings us to the first tip for growing your security team – take a hard look at your job descriptions.

A critical activity before attempting to grow your team is to have a clearly defined job description. This sounds like boring HR driven requirements, but it really is crucial for hiring security talent. It’s important to step back and look at the core skill areas and the level of expertise needed in each domain. For example, while at Twitter I lead this exercise when growing our application security team. Here are the core skills we were looking for:

  • Application security testing
  • Secure code analysis
  • Secure software architecture design
  • Ability to develop security solutions
  • Developer security training

During interviews, we would find candidates great in security testing and code review, but poor in their ability to develop security solutions or vice versa. As we dug in, we realized we were searching for the unicorn. After weighing the different areas we discovered that we actually needed two different roles – an application security consultant to help drive the secure SDLC and review and also and a developer-focused security engineer to build reusable software in the name of security. As we broke this up into two unique roles we also weighted the importance of the different core skills and communicated this to the interviewing team. We don’t need the world’s leading expert in every category. Familiarity in some areas is appropriate, whereas expertise in other areas is a must for the role. The important item was to define these needs, document them, and communicate to the interviewing team. Now, with a clear definition of skills and levels of expertise, we were able to find great candidates for both roles.

#2 The fallacy of certificates and even degrees

A certification is great for learning, but it’s horrible as a screening mechanism for hiring. I get why people hate the job descriptions that ask for X certification. I agree, it’s a bad and lazy approach to hiring. But don’t blame the recruiters, they are taking the lead (or lack thereof) from the security hiring managers.

Instead, hiring managers have to work with the sourcers and recruiters to identify skills, experiences and potential previous roles that indicate a good potential candidate. Talk with you sourcer and describe the role and previous experience that would be relevant. Also talk about other similar roles that aren’t a fit since that will likely come up. I’ve also found it very helpful to take it a step further and craft a few specific screening questions recruiters can ask candidates during their initial call. These can be relatively basic questions, but the important thing is to create buckets of potential answers – ‘great’, ‘good’, ‘not a fit’. This way the recruiter can do an initial screening to see if candidates are a good match to begin the interview process.

Here’s an example:

“Tell me a few considerations for secure password storage within a web application”

  • Great answers – they talk about ‘pbkdf2’ or ‘bcrypt’. The candidate possibly mentions that these only protect against offline attacks against the hash so online attacks must be considered via brute force protection. May touch on other related concerns like password reuse attacks.
  • Good answers – mentions using a good hashing algorithm and a unique salt
  • ‘Not a fit’ – Generically mentions to just “use encryption” or to store it in a database and be sure no one can access it without any other details

As you can see, we’re not going into great depth with a single question. But if you’re hiring for an application security role a reasonable candidate for a non-entry level role should easily respond in a way to be bucketed into good or great – and hence move forward to the hiring manager. Also, just the activity of having a security person explain a security topic to a non-security co-worker is a great test. If that is a difficult experience for the candidate then you may not want them to represent the security team interacting with others in your company.

#3 Growing security members from within your company

Hiring is both a science and an art and while good interviewing may identify talented individuals, there still is the unknown element whether the individual will be successful at the company. However, if you “hire” individuals from within the company you have an incredible advantage, they already have a track record of success (or not, in which case you should tread carefully).

But how do you hire a person that isn’t in the security team into a security role? Don’t think of security as an entire discipline from top to bottom, but rather a specialization on top of an existing base skill. Here are a few security roles and base skills:

  • Application security engineer – software developer
  • Enterprise/Corporate security engineer – SRE, IT, or DevOps
  • Security risk management – compliance, internal audit, risk

Suddenly, you’ll notice you have a large pool of individuals more than qualified in the foundational skills for your role. In addition, they already know the ins-and-outs of how the company and tech stack operate. Plus, since they’ve worked at the company for some amount of time you’ll have real references on their performance. With this foundational knowledge, you have a great indication if this could be a solid employee in the security team. You’ll still have to conduct parts of the interview process, and see if they’re really up for the new style of work, but you’re starting from a great spot!

Security is in high demand but you can build and grow great teams

Hiring great security team members may seem challenging. And rightfully so, because it is. But if you reflect on your hiring process, criteria, and where you’re looking for candidates, you’ll be able to increase your chances of success. But just remember, hiring a great security individual is just the first step – you also have to set them up for success and grow their skills and career. But that’s a topic for another day.

Michael
Want to chat? Find me @_mwc