CISO's perspective from the frontlines

Security Vendors, What Problem are you solving?

By yaron
In Podcast
6 days ago
2 Min Read
S

You would think this is a reasonable question to ask security vendors that are pitching you their product. I would also think the vendor will be able to answer it quite easily.

Think again!

Every vendor can tell you what they do 100%! Some times they can even tell you how they do it. But what I found was that they almost never can tell you what problem they are solving.

My LinkedIn post

Several weeks ago, I posted on Linkedin the following:

Dear security vendors,

Tell me what problem your solution is solving! I don’t care what alphabet soup category you fall under. I don’t care where you are on some Magic Quadrant, Hype Cycle, Cool Vendor list, which military branch your founders are from, or how many exits they had. Don’t start by “Our solution give the CISO visibility…” or “Our solution provides …”.

All I want to know is what problem your solution is solving.
If I have this problem and it is a priority (and I have budget) at this time, I may engage. If not, please go away until it is a priority (I will let you know). You will save both of us a lot of time and effort.

My intention was to help vendors to better pitch their product but instead the post turned into, as Jenny Hembree pointed out, “The Bachelor – Security Vendor Edition” 🌹 😂

The post’s statistics

214K

Impressions

1500

Reactions

280

Comments

30

Reposts

The unintended consequence

In response to the post, I received hundreds of products pitches. In almost all of them, everyone tells you what they do, but not what problem they solve! Very very few who attempted to articulate the problem, either pointed to a symptom of the problem but not to a root cause, nor they provided anything to back their claims.

Saying that “The number of vulnerabilities is growing” or “The number of malicious emails is growing”, doesn’t qualify as a problem. Vendors have to ask themselves the “So what?” and “Who cares?” questions. If they can’t answer those, they need to go back to the drawing board.

Discussing on defense in Depth

Since the post generated to much reaction, I joined David Spark and Mike Johnson on the Defense in Depth podcast, to discuss it further.

You can listen to it below

EmailLinkedInXRedditFacebookStumbleUpon

About the author

yaron

Yaron is a seasoned multi-industry Cyber Security Leader. He is 2x CISO, Research Fellow for the Cloud Security Alliance, Security Tinkerer, Advisory Board Member for several cyber security startups and venture firms, and a Mentor to other CISOs and members of the security community.

View all posts

Read more

By yaron 6 days ago
CISO's perspective from the frontlines

Topics

Board Books Budget CISO Cybersecurity Defense Incident Response Leadership Life Strategy Vendors Vulnerability Management

Follow me

Get in touch

Do you want to get in touch? have a question? want me to speak at your event? need advice? please use the form below. No sales messages please!
Please enable JavaScript in your browser to complete this form.