For security vendor management, is it always best to stick with peers who operate in your own sector?

ArchitectureStrategy
1.4k viewscircle icon3 Comments
Sort by:
CIO in Education4 years ago

Agree with Mel Reyes and you don’t need to be sector specific. A good security vendor is a good security vendor regardless of vertical.

Executive Coach / Global Chief Information Officer & CISO in Education4 years ago

Don't just look at the big players. Even if you're a multi-billion dollar organization, look at the startups who are flipping the script. When I tell people that, they roll their eyes. But there are a lot of great startups out there that are making a difference. Darktrace was a startup at one point, as was SentinelOne. They're now industry leaders in a lot of different things that they do. If you get in early with them, you can help shape their product and then meet your needs while reducing your budget. I've done this now with three vendors; you build a relationship and say, “You have to help me out here. You want to do a proof of concept (POC) and I think your product might be good, but I need it at 20% of what you normally charge.”

Lightbulb on3
VP, Director of Cyber Incident Response in Finance (non-banking)4 years ago

Don't always just look to others in your sector to tell you what they're using. I have found greater value in speaking with peers in other sectors because they have a different set of priorities and consideration. They may have thought about something that I hadn't, so talking to your peers in other sectors will be a force multiplier for your own maturity growth.

Lightbulb on2

Content you might like

Which key pentesting capability do current AI-driven vendor solutions most fail to cover?

We are in a world obsessed with the latest technologies, where it seems everything even working should be updated or upgraded to avoid the "imposed" in my opinion "digital obsolescence myth". How inclined are you towards innovation and change when the existing systems are certainly working effectively?

Very inclined: I believe in constantly pushing for innovation and improvement, even if the current systems are effective46%

Moderately inclined: I'm open to innovation and change, but only if it clearly enhances or adds value to the existing systems48%

Not inclined: If the current systems are working effectively, I prefer to maintain stability and avoid unnecessary changes5%

View Results

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

Read More Comments

Which role-based access is most important? (Select all that apply)

Read only19%

Limited admin (eg. Backup, infrastructure, cloud, storage, helpdesk, general)44%

Super admin45%

Security and governance29%

Manager access22%

Application owner26%

Department admin (eg. Finance, HR, operations)13%

Developer admin12%

QA admin9%

Service/support admin9%

Other/custom2%

View Results

Can you share any tips for new security leaders to identify blind spots in their organization? How have you approached this when starting a new role in the past?