September 24, 2021

Rant: Client Pitched Cyber Solutions from Non-Technical Staff

At least within my org, savvy consultants with very limited cyber/technical background are often put in charge of selling cyber solutions because they’re articulate. Organizations are skipping over the building blocks of setting up a strong cyber posture across their enterprise and are salivating over advanced solutions like automation. This is leading to constant sunsetting or rumors of tools sunsetting, tools procured without any custom requirements, teams performing duplicate work, and a whole host of other systemic issues. Is this happening across the industry?



It’s all about the business transaction and ROI…Businesses don’t care about cyber risk. Bigger vendors are looking for profits.


Yes. You found twelve servers in a closet running Server 2003 and handling payroll for the entire organization, guarded only by admin:admin credentials? Need funding so payroll can move to a new platform and you can get them secured? Haha, good luck, it hasn’t been a problem yet so it isn’t a problem now, maybe you can come in on the weekend.

AI 5G ML nation state APT hackers could be using big data to heuristic pwn your zero trust edge? Buy dark web monitoring right now!! Buy, buy, buy, buy!!!

This is why I have been very happy to work with companies that understand risk. And if they don’t understand risk before I get there, hopefully that’ll be lesson one.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.