Rules-based branding: Spirit Airlines vs. the Spirit of the Brand.

I am an avid reader of IBD Monday editions and have been doing so for more than 20 years. One of the sections I enjoy is called Managing for Success. In the May 7 IBD, there was an article called “Spirit Airlines Gets a Lift from Edgy Ad Campaigns.”

In that article, the author recounts a story where the CMO for the airline endured negative press because a cancer-stricken veteran bought a non-refundable ticket and then requested a refund because he found out his cancer has become terminal. And his doctor said he could not fly. The airline refused to give a refund! According to the article, the CMO stated “if you think it’s deplorable, and you think we should have given his money back, then you’re probably not the right customer for us.” Further, he said that if you play by the rules and don’t want to pay for others who don’t play by the rules, you are the right customer for us. Certainly, the CMO and the airlines can brand the company in this way. Their brand is one of innovation and value- based. But to me, their “rules based” branding did not support their overarching brand and is a direct affront to my sensibilities.

The incident took me back to my tenure as head marketing officer for US Cellular where I faced a similar incident. An older gentleman in his 80s called our customer service line and requested a refund for a newly purchased phone bought by his wife. The phone, in an unopened box, was to be returned because right after the phone was bought, this gentleman’s wife found out her cancer was terminal and they needed to conserve cash and focus on the last days of her life. The call came to me as the last resort- our customer service group denied the request- and I found out that we would not grant a refund because our rules were clear about purchases and returns. Yet, out brand was based on a concept of customer intimacy and our tag line was “the way people talk around here.” I felt a) it was the right thing to give the gentleman a refund- the phone, after all, was unopened and not used and b) that action would support our brand.  Regardless of the rules, the brand to me trumps the rules and it is my (our) guiding light). The incident at US Cellular also served as an example to many of the right actions that could be taken while still preserving the intent of the rules.

When I wrote this blog, I had a bad vibe for Spirit Airlines. And then as I was Googling more information about Spirit, I found the following news release by their CEO:

MIRAMAR, Fla., May 4, 2012 (GLOBE NEWSWIRE) -

 “At a time of ever-rising airfares, Spirit Airlines makes commercial air travel affordable for many Americans. A very important part of keeping our airfares reasonably priced is our refund policy.
“Every day we seek to balance customer service with customers’ demands for the lowest airfare possible. But sometimes we make mistakes.
“In my statements regarding Mr. Meekins’ request for a refund, I failed to explain why our policy on refunds makes Spirit Airlines the only affordable choice for so many travelers, and I did not demonstrate the respect or the compassion that I should have, given his medical condition and his service to our country.
“Therefore I have decided to personally refund Mr. Meekins’ airfare, and Spirit Airlines will make a $5,000 contribution, in his name, to the charity of his choice, Wounded Warriors.
“We have worked hard to build a great company that makes air travel affordable while making our employees proud and customers satisfied. All of us at Spirit Airlines extend our prayers and best wishes to Mr. Meekins.”

I applaud Mr. Baldanza for rectifying this problem, granting a refund, and donating to Wounded Warriors. It would have been better though for this unfortunate incident and reaction never to have happened. I trust Spirit will review its policies but more importantly how they will treat customers. I believe this is a good first step to redemption.

Product Managers: Become your own Steve Jobs!

I am a big fan of Steve Jobs- for what he has done for a broad range of customers, for the tech market, and for innovation in general. He has shown emotional resilience (remember he was exited from AAPL but then formed Pixar and then came back), fortitude, willpower, vision and an eye for detail. To say he is a model leader is an understatement. He is THE icon of tech leadership.

Enough plaudits for Steve. The question that I want to address is how does a product manager become “Steve Jobs” for his/her product line? First, let’s make an assumption that acting as Steve Jobs – evangelist, leader, innovator, and stickler for detail- is good. Can you learn to be exactly like Steve? Not at all. Yet, that doesn’t mean you can model his leadership. And, how can a product manager do that? What are some of the key elements that the product manager should focus on?

Here’s a checklist of items for the product manager to consider. How many of these attributes do you display?
1. Think customer. Walk in their shoes. Find out who are the lead users. Talk with your technologists and dialog with them on the art of the possible – of what the technology could do for customers.
2. Make products and services easy to use. Put the complexity behind the hardware, the software and the interface. Make it intuitive for people to use. Consider integration of mobile apps with online applications and the ability to enter information via a traditional laptop.
3. Embrace technology. Take a techie to lunch. Attend tech sessions. Share your plans with them and have them share their new technology discussions with you. Ask questions how the technology can apply to different markets, uses.
4. Respond to market changes. Some of this will come from the technology side as new technology will yield drastic changes in functions and features and even entirely new applications. However, the key is making technology relevant to the customers. Use a new product advisory board to glean input.
5. Become friends with the vendors, suppliers and others in the supply chain. Be demanding of them as you are to yourself and to your team. Yet ideas coming from these partners can help you and your products stay ahead of the competition. Perhaps there is a technology they know that you can embed in your product and get an exclusive for a period of time.
6. Build a strong integrated technical, marketing, and sales team. This will ensure success. Be demanding of each group and set a standard modeled after your own attitude and work ethic.
7. Be an evangelist both inside and outside the company. Build excitement and suspense. Become a showman so to speak, making the product exciting and building suspense before the actual release. Use Beta tests; get the product into the hands of the technical analyst community. Find lead users and innovators to try the product and provide testimonials. Many product managers are reserved and introverted focusing on the development of PRDs and MRDs. As the “owner” of the P&L for the product line, the product manager has to be evangelist or find someone on his team to assume that role.

I have known many product managers that have several of these qualities and the best ones display all of them and more. What are your thoughts on the skills and capabilities of product managers that will make a difference in the success or failure of a product?

Prioritizing for the Long Run

I was meeting with another executive the other day and we were talking about his new consulting business. And as we talked, we latched on to the subject of product prioritization because this was one of his focus areas. We thought that it would be nice to share a basic tool that clients can use to help them prioritize their projects, development efforts, marketing programs and other activities that generate revenue.

It seems relatively easy to prioritize. Make a list. Rank them. Determine how much money you have to spend. Draw a line. End of subject. Now, in a small owner controlled business, it is probably just that simple- or pretty close to it. The owner can make the decision and have people execute his plan. However when a company grows and you have several “chiefs,” prioritization is not that easy. There is both the hard decision of which projects to do and the equally difficult issues of ensuring every one of your teammates (from executive team all the way down to work groups) understands and executes the plan.

Let’s look at one way to prioritize projects with this emphasis on revenue producing ones. We hear this all the time. The CEO says: “we need to grow our top line. Get people together. Get ideas. And let’s discuss what we can implement.” Is there a relatively simple way to make the decision on which projects to do and if you wind up with resource constraints which projects will fall by the way side?

Decisions can be made based on fiat, whim, or gut feel. But this company is more egalitarian, like most well run companies. Let’s say the CEO convened his executive group. By asking certain questions, it was determined that there are four attributes that are important to the executive team: Market Strategy, Financial considerations, Strategic Fit, and Competitive positioning. Let’s further assume that for each of these attributes, one or more factors can be determined which support those attributes. For example under the attribute of Market Strategy, both market need and market size were important factors. Similarly, the executive team determined several elements which supported the attributes.
All in all, a total of 10 elements were specified. If a project were rated on each of these 10 elements the executive team would be able to determine the goodness of each project. (Side note: It is easier said than done that the executive team will have to agree to all these elements and attributes. There are reasons why it is difficult to quantify not the least of which is that such a system takes away the emotion and the “gut feel” for the decision.). Once these attributes are determined, a simple system can be developed to weight each of the 10 elements from 1 (low weight) to 3 (high weight). Second, each of the elements can be scored on a 1, 5, 9 scale which correlates with specific measures that can be quantified. Finally, a weighted score – combining the weights and score of each element- can be determined. All projects can therefore be measured against each other. See the attached for the basic tool:
Basic Project Prioritization Tool

Once each of the projects is scored, an ordinal ranking can be determined. The executive team can have several options to make their final selection including a) taking the projects in sequence until all funds are used up, b) dividing the projects into quartiles and quintiles and only considering those within the top two groups, c) using 80% of the funds designated to the top projects with the remaining 20% at the discretion of the CEO or other executive, or d) variations of the preceding three options.

Prioritization is inherently difficult but I have described a tool that can be used to help the decision process. It’s not perfect and it will not work for all organizations and executive teams. But the tool can also be used as a means to get alignment on what is important in picking projects/products and instill a discipline for the company which can increase the probability of success. The reason for this is that in reviewing the projects/products each of the attributes and elements should be reviewed at each stage gate or review point.

What other tools have you used to prioritize projects and products? Did you have one tool for everything? Or do you have different tools for cost reduction and revenue producing projects? Do you have a tool for prioritizing IT projects and a tool for marketing projects? How do you allocate funds among marketing, IT, finance, product, R&D activities? These questions need to be addressed by all executive teams. And the good thing about business is that the answers will differ among different companies and in different industries. And those different answers and execution of the plan will make some companies high fliers and others also-rans.

If you need some help in developing these types of analyses, please contact me.

David Friedman

Security: A Marketing Conundrum: why IT security experts are taking marketing directors to lunch

I was reading an excellent InformationWeek analytics report by Michael Davis called Global Threat, Local Pain: 2010 Strategic Security Survey (May 2010). As someone involved in cyber security and working with Narus, this report was especially enlightening. Technology alone is not sufficient to keep your networks secure. Working with marketing to incorporate people and process as part of your holistic solution is a good first step to protecting the integrity of IP networks.

We know that technology can be used to initiate or defend against network attacks. This may enable planting of malware and the potential to exfiltrate or move data out of the network or system. In many cases, firewalls and intrusion detection and prevention systems are used to reduce these types of attacks. These technical approaches are far from sufficient. Security directors need a holistic view of the network and multi-layered approach to security especially when fighting against the newer types of attacks.

There are more insidious ways to attack a network. Yet, we – the general public- don’t think of compromising security through psychological, behavioral, and social engineering means. Yet that is exactly what is happening today. And that is where marketing comes in.

Marketing is the battle for the mind as Al Trout and Jack Reis claimed in their seminal work called “Marketing Warfare.” Who would have thought that the concepts in a book written more than twenty years ago- prior to the tsunami called the internet- would have repercussions in maintaining the security of networks? Marketing is tasked to get customers to become aware of products or services, and to find ways to get customers to take an action through a promotion, a click through, or an interactive dialog. Think about the tools that marketing uses: search engine optimization (SEO) techniques or a well worded direct email program with embedded URLs.
When a customer clicks on a URL it opens the possibility for someone in a corporation to open a “window” to confidential or private data. Pieces of malicious code can be downloaded and over a period of time be used to send information out. The InformationWeek survey indicated that the second greatest security risk is from authorized users/employees mostly due to phishing expeditions. We see legitimate email programs all day with embedded URLs. Why wouldn’t we assume that a phishing expedition is legitimate as well? These attacks are on the rise because people are susceptible to clicking on messages that seem to be real. You don’t need the technology to get information from corporate networks. Rather, with these social engineering attacks all you have to do is to convince the user to voluntarily provide information!

SEO attacks whereby a user search for specific items- say those high on Google analytics ratings- sends the user to a site that looks real. In reality, the user is redirected to a “spoofed” or “fake” site where the user can be targeted, with the intent to gain credit card or account information of an individual or corporation. No wonder the survey made this interesting comment that there is a potential new bond between the marketing people who understand the psychology and how to get customers to take action through marketing programs and social engineering, and the IT directors who tend to work on technical solutions.
How can companies and organizations reduce their risk of cyber threats from these new social attacks? Let’s make the assumption that the IT Directors implement the right technology such as the combination of signature based malware protection, policy management, and traffic intelligence by companies such as Narus. In addition to technology, policies such as filtering, blacklisting, and most of all training of employees are needed to prevent attacks. First, the security officers have to work on policy and filtering of sites that are normally risky. Perhaps screening certain emails which contains known types of embedded risks has to be done. Most importantly, the marketing directors must work with the IT directors to help educate employees on how to protect themselves against these social engineering attacks which will have the attendant benefit of protecting both the employees in their private lives as well as their companies.

Unfortunately, it’s a complicated problem. Yet the combination of people, process, and technology coupled with a good bond between marketing and IT specialists may be a good first step to protect the integrity of IP networks.

Cyber Policy and Customerization

Congress is near to passing a bill that emphasizes that federal agencies consider buying security that is baked into hardware and software. Additionally, this potential bill (probably to be introduced next year) establishes an executive cyber office in the White House and calls for continuous monitoring. My first reaction is that this bill is great and long overdue given the growing number and complexity of cyber attacks foisted on government entities and enterprises with “high value assets”.

While the words ring true, I have to stop and wonder if this initiative is enough, or merely a compromise. My reaction as a businessman is that it is great to have security and continuous monitoring built in to protect against cyber attacks. For many cases, this type of security is probably acceptable as a good baseline. Yet, as an executive in the security business, I see the problem as more complex. Can security be “standardized” or do you need to understand the complexity of security in the context of the application and the type of assets and applications you need to protect? I believe that it is the latter.

The industry clearly must champion the cause whereby security is heightened in the decision process of buying hardware and software and in the management of the IP networks which are the lifeblood of business.

In a recent survey we conducted with Government Security News Magazine, 80% of those surveyed felt that one company could not provide all the cyber security needs. Additionally, more than 60% indicated that they don’t have adequate skills necessary to manage security. So in addition to the bill – which is a great start – the industry must make buyers aware of the options at their disposal. Moreover, if we are to really make progress in our collective effort to combat cyber threats, participants in the industry will need to provide a more comprehensive plan and more robust tools that complement security that is built into software and hardware. By way of analogy, think about integrated stereo systems e.g. boom boxes, vs. a specially designed audio system tuned to the uniqueness of the environment. In cyber security, especially in protecting carrier, government, and high value infrastructures, I believe we need the custom version or at least “customerized” version of security.

Maintaining the integrity of critical network assets

This is a little different than a marketing blog but it has to do with keeping business assets protected. And that certainly fits into the business of doing business.

Did you know that more than 25 million new strains of malware were uncovered in 2009? And that the US Senate Security Operations Center reported nearly 14 million cyber attacks per DAY!!! These are staggering figures. According to the Department of Homeland Security, cyber attacks roles three fold from October 2005 through October 2007 and the belief is that the attacks are increasing at an exponential rate. These alarming statistics have awakened the government and the President has made cyber security a top priority with the initiation of the Comprehensive National Cyber Security Initiative and the appointment of Howard Schmidt as the government’s cyber czar.

I was reading some comments that George Kurtz, EVP of McAfee, made at a recent FAA conference on Cyber Security and it made me think. He said that we need to find a way to solve an attack (on a network) in 15 minutes vs. the 24-72 hours we now take. For the home user, using McAfee with its signature-based approach is fine, and I probably can wait for a short time to have a new virus or Trojan signature uploaded to my computer. (Full disclosure: I use McAfee on three of my PCs). However in a critical network – be it FAA, a carrier network, a government agency, a SCADA network, or a health care network- where the asset value is high or the compromise of data would result in economic loss or even physical disaster, we don’t have the luxury of time. At line speeds now approaching the multi-gigabit level, 15 minutes means that an inordinately large amount of traffic/data has worked its way onto a target network. It’s not that signature based approaches are bad at all; they serve a purpose. Yet, they don’t go far enough for a critical network.

The key to protecting these critical networks is based on a dynamic understanding of what is happening. By definition, once a signature is developed, it is old- still useful for some but not all users. To maintain the integrity and availability, companies, carriers, and government entities must have situational awareness and know what is happening at all times. This requires a mosaic of different protection devices such as the normal firewalls, IDS/IPS systems, and forensic analyses. Yet, these systems and appliances must be complemented by a new class of products called network intelligence analytics which provide a dynamic three dimension view of data correlated with other data and correlated in both space and time. Only through this three dimensional view and the visualization of what is transpiring in the network will protection against cyber attacks be minimized. This nascent part of cyber protection is led by companies such as Narus whose traffic intelligence platform called NarusInsight provides the dynamic analytics that the network and security officers need to see what is happening across layers 2 through 7 in their networks. By processing the data in real time and applying real time analytics vs. mere forensics, the network and security officers can act swiftly to mitigate attacks.

Still, attacks will occur and the industry needs a call to action to aggressively respond to these attacks. The industry nees to band together in a collaborative fashion to thwart these attacks- or at least slow them down. At a recent RSA conference on security, several experts, including Greg Oslan, CEO of Narus, suggested a joint collaboration between government and private entities. That is thankfully coming about. Yet even within companies and across companies, network managers and security officers must share information, work across silos ( security and network operations are not necessarily engaged together nor share common platforms), and work across all areas of business. By doing so, we can view the problems and therefore the solutions through a multi-faceted approach. Coupled with a mosaic of complementary and new technical solutions, the industry will have the best opportunity to maintain the integrity of critical network assets vital to our economy and national defense.

Identity Envy

I want to share some thoughts I have on branding and positioning that hit home after I recently attended a trade show.

At the beginning of March, I attended the RSA Conference at the Moscone Center in San Francisco. The show, which focused on the computer security industry, amassed 300 exhibitors that varied in size from the small garage type start-ups to the mega companies like CA and IBM. Narus, the company for which I am Chief Marketing Officer (and strategic consultant), exhibited at the show. It was a truly great show and traffic was substantial.

I had just completed reading the Department of Homeland Security (DHS) Strategic Report. One of DHS’s objectives is to protect the country from cyber attacks— -and that is precisely in the power zone of what Narus does! Narus’ vision is to protect corporations, governments and countries from business risks and cyber threats. It’s a simple vision that guides our choice of markets to serve and the framework in which we develop our products and services for our customers.

It was interesting when a representative of a company, a carrier or a government department stopped by the booth. Some knew what we did while others were not so sure. Visitors from “competitors” stopped by as well. Our signage was pretty clear and we explained what we did. We even placed three of our execs on panels during the show to spread the word on what we do. Yet, I was intrigued by the fact that many people- competitors and otherwise- said that they did precisely the same thing and had the same capabilities. I know that is hardly the truth and it irks me to a point.

Consider the following analogy from the world of football. Jim Sorgi is a pro quarterback who has been the backup to TWO Mannings, Peyton and Eli. If Archie did not have these two sons, perhaps Jim Sorgi would have been the starting quarterback of the Colts and now the Giants. But unfortunately, he will always be relegated to the dubious distinction of backing up the Mannings and never being the main QB. I liken Narus to the Mannings and the other pretenders to being the Jim Sorgi’s of the world. (No offense, Jim. I would yearn to be a quarterback in the pros!!!) They are not at the same caliber or skill set yet play in the same game.

This raises the following question: How can one protect and maintain your position in the market and distinguish yourself against the pretenders? Here are my three prescriptions:

1. Set a clear vision and strategy for your brand and where you fit into the eco-system. This is the point where you figure out where you want to play in your eco-system, what technology you will use, what markets you pursue, and what is your distinguishing characteristic. For Narus, its strengths lie in the metadata, the analytics and the rule sets it uses to help its customers manage business risks and protect against cyber threats. These are truly unique and complex. We are not DPI boxes nor event managers nor merely forensic analyzers.

2. Develop a clear position and make sure it is repeated and repeatable. Think about the company represented by the following terms: “pin drop,” “can you hear me know,” and “there’s an app for that.” These companies are: Sprint, Verizon, and Apple. Not a bad list to associate with!! You have to ask yourself if your company stands out, and more importantly, what customers remember about your company.

3. Walk the talk. If you have a clear vision, strategy, and message, you need to ensure that the entire organization from the employees to the front line resonate with the brand and its positioning. When I was the Chief Marketing Officer for US Cellular, we had a tag line “the way people talk around here.” It was supposed to represent our customer-intimate strategy and all our people, especially the front line in our retail stores and call centers, were taught what that means so they could walk the talk. If a customer came in the store and if we were not helpful or trustworthy, we would belie the tag, our brand, and our positioning. Rather, we wanted to be known as the company who is trustworthy, like a friendly neighbor. And it worked as the financials showed.

The good news is that Narus has a consistent message and those that know us understand the message. For others, we need to do a better job at enlightening potential customers where we fit into the eco-system and what our unique capabilities are. Yet, for others, we will convert them to understand our brand and positioning, one customer at a time.

Comments are gladly appreciated.

David Friedman