Episode 5: Appraising and leveraging vendors
Overview
Free the CISO, a podcast series that attempts to free CISOs from their shackles so they can focus on securing their organization, is produced by CIO.com in partnership with DataBee®, from Comcast Technology Solutions.
In each episode, Robin Das, Executive Director at Comcast under the DataBee team, explores the CISO’s role through the position’s relationship with other security stakeholders, from regulators and the Board of Directors to internal personnel and outside vendors.
Episode 5 focuses on security vendors – both in terms of what they bring to the table and how CISOs should appraise their technologies. In this episode, Das is joined by:
According to Chakraborty, this complexity is driven by three primary challenges:
- Parthasarathi Chakraborty, Head of Security Strategy, Architecture, Engineering and Innovation at Humana
- Matt Carothers, Senior Principal Security Architect for Cox Communications
As Das mentions in the very beginning of the episode, cybersecurity is more than the No. 1 challenge for CISOs – it’s also big business. In 2023, companies collectively spent an estimated $160 billion on cybersecurity, and with double-digit growth of this market expected over the next few years, it seems like it’s never been a better time to be selling cybersecurity products and services.
But while vendors often focus on their shiniest new features, many CISOs and their security personnel are still just struggling with the basics.
To explore this contradiction, Das asks: If complexity is the enemy of security, why is there so much tool sprawl and is there a way that you've seen to reduce this sprawl?
According to Chakraborty, this complexity is driven by three primary challenges:
- Many organizations are driven by fire drills instead of a clearly defined security state
- Few have established a vetting process for purchasing and onboarding new tools
- Even fewer have visibility into who is using any given security tool at any given time
“If you don’t have a clearly defined strategy,” Chakraborty says, “you end up dealing with a haystack, and every time you have to handle a problem, you feel like, ‘oh, it takes too much time to organize my haystack.’ … So while you’re solving any given problem, you actually end up adding to that mess, making it bigger, and the haystack grows.”
And while there are any number of tools to reduce the size of the haystack and simplify security – at least, theoretically – assessing these tools is another matter entirely. As Das points out, because of the very nature of cybersecurity tools, it’s all but impossible to determine their effectiveness. You either experience a breach, or you don’t.
Carothers agrees. “The best we can do is some due diligence, some contract language, make sure they have a secure software development life cycle, that sort of thing. But at the end of the day, you can't ever be 100% sure. Another issue is not just that the product itself might have a vulnerability, but maybe that the product doesn't do what it's supposed to do.”
Listen to the full episode to hear all their insights, better navigate the role of CISO, and deliver real value for your enterprise.
Don't miss Episode 6: Reaching the promised land.
To learn more about DataBee and the DataBee Hive™ security data fabric platform, visit their website or follow along on LinkedIn.
More about Robin Das, Executive Director, Market Growth Strategist, DataBee
Robin is responsible for defining DataBee’s unique value proposition in the market, long term strategy and product vision, and business development opportunities via outreach to strategic targets, partnerships, alliances, and other investments to continue to drive overall growth.
His prior experience at Comcast includes roles in Corporate Strategy, FP&A, and development of Customer Experience tools.
He lives in Philadelphia, with his wife Stephanie, nine-year old daughter Pearl, and two dogs, Emma & Eggy. Outside of work he likes to run slowly, cook adequately, and eat out frequently.
