Unwitting snake oil?
I spend a lot of time thinking about how to spend company resources of money and time as a CISO. I’d even go so far as to say that crafting efficient spend to maximize risk mitigated for the lowest price point is the CISO’s core job function.
So I was delighted to discover this 2008 research paper called “The Market for Silver Bullets” (H/T Ross Haleliuk).
Very little has changed since Ian Grigg wrote this paper almost twenty years ago. There are so many quotable quotes in this paper I feel like a preacher man underlining the entire Bible while writing a sermon.
How much is a security vendor worth to your employer, anyway?
CEO at R6 Security | Pioneering Adaptive Cloud Security | Innovator in Kubernetes & AI Orchestration Solutions
1 周Sun Tzu: "The best security is the kind you don’t notice—until you don’t have it. And by then, it’s too late" :) On a serious note, this ROI calculation is so 20th century... we have not attacks models where the variables are not that easy to figure out clearly.
Global CISO at Bitpanda | One of Germany's Top CISOs | Keynote Speaker | Security Advocate & Ambassador
8 个月As always a very good read. And I couldn’t agree more on the Security ROI metric.