How should vendors and CISOs communicate?
Mark discusses the relationship between CISOs and vendors arguing for more transparency on both sides. He points out that the fundamentals are always overlooked and underhyped and considers the ethics of using security incidents to get more budget.
- 1:59 In the rush to market, startups are failing to speak to their true capabilities.
- 3:48 The customer pitch, the VC pitch, and the marketing script should all be separate conversations, but they must have commonality.
- 4:27 Don’t bow to the buzzword pressure. A good leader, technologist, or vendor needs to stick to their unique storyline whether talking to customers or investors.
- 6:21 Customers need to be transparent in their needs and make a partnership with the vendor they choose. It’s a two-way street.
- 8:27 CISOs should cultivate a community of trusted relationships for advice and involve their technical and operational staff in vendor choices.
- 12:09 Going to smaller industry-specific events can really help you understand your customer.
- 13:52 Fundamentals are always underhyped.
- 15:44 Good communication between the CISO and the board or leadership is crucial. Don’t wait until the company is hacked before opening those lines of communication.
- 17:53 A logical extension of the CISO-vendor partnership is having the vendor help make the case for investment to management.
- 19:12 Instead of being marginalized on the fringes, the CISO is enjoying more time at the table involved in discussions on business as well as technology and security.
- 20:27 Turn up to the big expos like Blackhat with a goal in mind. Learn as much as you can and take the opportunity to have conversations in an open forum.