Jun 12, 2019
Links and images for this episode can be found on CISO Series
The Camry is not the fastest car, nor is it the sexiest. But, it
is one of the most popular cars because it delivers the best value.
When CISOs are looking for security products, are they also
shopping for Camry's instead of "best of breed" Cadillacs?
Check out this post and discussion for the basis of our
conversation on this week’s episode co-hosted by me, David
Spark (@dspark), the
creator of CISO
Series and Allan
Alford (@AllanAlfordinTX). Our
guest for this episode is Lee Vorthman
director, global security engineering and architecture, Pearson.
Thanks to this week’s podcast sponsor,
more about how you can protect employees and
customers from account takeover with SpyCloud.
On this episode of Defense in Depth, you'll
- CISOs have budgets and they simply can't purchase the most
expensive and best option for every InfoSec need. Good enough is
often exactly what they want.
- It's often not possible to take advantage of all the features
on a Cadillac-type security product. So you end up paying for
shelfware, or tools that never end up being used.
- The tool's complexity factors into the cost. This is often an
argument against open source software which has been branded, most
often by the proprietary software community, as "tough to
- Each tool creates a new demand on your staff in terms of time
and complexity. What new costs are you introducing by acquiring and
deploying a new tool?
- "Best of breed" everything can also turn into an integration
- If you don't need everything a company is trying to offer, try
to de-scope the requirements.
- Some companies are so big that they have no choice but to
purchase the Cadillac for everything since so many departments will
need access to the tool. It's far too complicated to create an RFP
that takes into account everyone's needs. To speed access to the
tool these large companies just get the product that "does
everything" and then let all the departments "have at it" once it's
available for use.