Too Many Tools

By Eric Noonan • January 29, 2015

It’s January so lists and predictions abound and most of them are just fun with prognosticators having no real stake in the accuracy of their predictions.  One trend that caught my eye was the prevalence of lists in the security space that was focused on product vendors and “hot” product companies. Dark Reading’s list of “20 Startups To Watch In 2015” and CRN’s list of “Top 10 Security Vendors To Watch In 2015” were both dominated by product companies. The focus on products implies that CIO’s and CISO’s are yearning for even more tools to spread across an already thin staff and that’s not been my experience at all.

I understand the focus on products; they offer a simple way to answer most security questions. Oh, you lost data; you need a Data Loss Prevention tool. Lost a laptop with proprietary data, buy an endpoint encryption product. Having trouble finding incidents on your network; you need a Security Information and Event Management tool. The list goes on and on. This product-focused mindset that dominates our industry is part of the problem.

In fact just last week I was in a CIO’s office who’s views on the rush to buy products summed up in one sentence what I’ve tried to articulate here. He told me “If one more person tells me I need to buy (Vendor Name Redacted) I’m going to throw him out the window.”

The answer, find a security services partner that can integrate and optimize what you already own and enable you to tell the security story in business terms. Take your next meeting with a services company and see how much more focused the conversation is on your problems and possible solutions rather than someone else’s pre-existing solution in the form of a product. Obviously, I believe this because of my personal experience as a former CISO and the weekly conversations I have now with CIO’s and CISO’s as their services provider but I’d invite you to see for yourself.

CyberSheath Blog

CyberSheath Opens Registration For CMMC CON 2022

RESTON, Va. — June 8, 2022 — Federal contractors have been searching for direction after seeing a flood of messaging about the future of Cybersecurity Maturity Model Certification (CMMC). The nation’s largest CMMC conference has returned to help contractors navigate their course through the evolving compliance landscape.   Hosted by…

5 Reasons to Partner with CyberSheath

The threat landscape is only becoming more complex. Offload the responsibility of navigating cybersecurity issues for your customers by taking advantage of CyberSheath’s new Partner Program.   As a pioneer and industry leader in the managed security service provider space, our new offering helps you achieve rapid results and deliver…

CMMC Compliance Training: How to Earn Your Black Belt

Contractors in the Defense Industrial Base (DIB) are looking for direction as Cybersecurity Maturity Model Certification (CMMC) 2.0 nears. Compliance with CMMC and Defense Federal Acquisition Regulation Supplement (DFARS) is your key to doing business with the Department of Defense (DoD) and we can help you navigate those requirements and…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO

CMMC CON 2022 is here! Save your spot to hear the latest on CMMC from our expert speakers across the government and Defense Industrial Base.