Black Hat, White Noise

Talking trust and transparency with CISOs

Written by Grant Wernick, CEO of Insight Engines

After attending Black Hat USA in Las Vegas last week, I returned to the Bay Area with a bounce in my step. I’m inspired by many thought-provoking discussions I had with executives, security practitioners, and friends in the industry.

I was lucky enough to attend a private gathering of some of the most forward-thinking CISOs and cybersecurity founders in the industry. The conversations were candid, insightful, and aided by the fact that everyone had freshly taken in the conference grounds to hear the latest sales pitches and see products on display. You could feel their enthusiasm as they shared stories about the innovation happening in our industry. Yet, it was overshadowed by a bigger issue: one of noise.

The innovation to noise ratio is higher now than any other point in time in the industry. Noise isn’t necessarily a bad thing. It means the industry is hot and people are excited to toss their hats in the information security ring. Tough competition is a breeding ground for innovation and the companies focused on strengthening their bite instead of their bark are going to rise above the noise. For example, my friend Michael Coates, CEO and co-founder of Altitude Networks, launched his company there. He is doing some really unique work around access management for cloud collaboration software platforms like G Suite, and his company was a stand out at the conference. But for every Altitude Networks, there were dozens of other companies that were buried under their own noise.

Bring your noise-canceling headphones

Noise is the opposite of transparency, and CISOs tell us they are overwhelmed by the amount of noise coming from security vendors. Imagine that you walk several miles to get home: You’re walking down a major downtown thoroughfare lined with vendors shouting at you from soapboxes; thousands of them, bellowing into megaphones about doom, gloom, and touting SALVATION! It’s enough to overwhelm anyone.

So, what are the leading causes of all this noise?

The first is choice. Rather, choices. So many companies use the trendiest buzzwords and claim to do the same things, that it’s almost impossible to make sense of.

It becomes overchoice: what happens when people become paralyzed to make a decision when faced with too many choices. Analysis paralysis. That’s one of the biggest struggles of the modern CISO. Because they know the innovation they need is out there; it’s just lost in a sea of noise.

Even though many of the newer startups have better solutions, CISOs don’t have the time to research every new company. They oftentimes find themselves in the position of, “Well, this seems good enough, I’ve bought from X company or Y reseller for years,” as the only recourse to power through with a decision.

Buzz: off

Another source of the security industry noise: Confusing, buzzword-laden language.

CISOs tell us about the anxiety they feel when they hear and read marketing language that buzzes around our industry. There’s a tendency for vendors to dogpile on the latest hype and everyone at once is now cloud-first, cloud-forward, AI-driven, Machine Learning-leaning, Deep Data Diving, D&D, IoT TBD, RUDwOPP. They feel many companies sell what they think their customers want to hear instead of what they need, and plaster their product positioning with all of the latest marketing lingo — when what’s wanted is a clear explanation of the problem they solve.

Complexity in disguise

Another culprit to the noise: Complexity in disguise around the cloud.

The noise around the cloud — or The Cloud as some will reverentially refer to it — is hitting an all-time high. All of a sudden, all companies are cloud companies. Moving to the cloud has been discussed for years — it’s not a new topic by any means. But making the migration — despite an abundance of company messaging and thought leaders telling us otherwise — is a lot harder than marketing makes it seem.

Information security executives told us horror stories of getting started with cloud migration only to discover worlds of complexities nobody warned them about. They felt like they were in a constant game of catch-up trying to become a cloud-first company.

So, who do they trust to help them solve their cloud problems? The legacy vendors slowly lurching their way towards the cloud? The unproven cloud-born startup fresh off a Series A? KPIXTV’s evening weather forecaster Paul Deanno?

New ways of doing business

We are in the midst of perhaps the largest shift in a decade: the shift to cloud. That creates opportunities for startups to flip the old way of doing things on their head. We need to do things differently.

The old ways — wining-and-dining until every last penny is squeezed into a signed contract — are coming to an end. Buyers are more savvy and knowledgeable than ever before; they want, and deserve, products that drive business value. They know the use cases they need help with, and they know companies and products are out there that can help.

As security providers, how can we stand out and get our products seen, tested, and used?

We can do this by holding ourselves to a higher standard. We can be transparent about our pricing. We can have meaningful conversations to solve problems collaboratively, instead of one-way sales pitches. We can focus on what our products are capable of today and build the future together with our customers. We can educate, rather than to dictate.

We can rise above the noise and make the lives of the people we partner with easier by being truthful, transparent, and extending our hands as partners, not sellers.

Thoughts on the changing landscape of security/IT/cloud, creating startups and thinking differently. CEO/Co-Founder Insight Engines: