Finding a security vendor that is the best fit for your company’s business objectives, culture, risk profile, and budget is challenging today. The purpose of this blog is to suggest that working with a “vendor partner” is more than working with a standard technology vendor in that a partner aligns not only with “Technology” concerns but also with “People and Process” concerns.

Prior to my time at Tripwire, I spent close to seven years in the Integrator space of Information Security. Strictly speaking, this space exists to bridge the gaps created and/or neglected by technology vendors with regard to services related to their specific technologies, in particular audits, assessments, consulting, deployment, health checks and optimizations.

AWS Builder Community Hub

During my time as an Integrator, I was continually amazed at the relative disregard and disdain that many technology vendors demonstrated toward services. Part of these views stem from costs, resources and scalability concerns, but ultimately, these views also reflect something of a disconnect between standard technology vendors and their customers.

Technology, Process and People

Many technology vendors do not acknowledge the full scope of the challenges customers face on a daily basis, which is to say customers have challenges not only in Technology but also People and Process. In point of fact, with 3500+ vendors in the information security space today, Technology may be the one area in which customers have a comfort zone.

How to fit Technology into holistic security programs, taking into account increasingly regulated environments (Process) as well as who will manage the Technology (People) often represent larger issues.

Concerning Process, as Paul Watts, CISO for Domino’s Pizza, UK and England told Infosecurity Europe 2018,

“All the compliance and certification in the world is no substitute for a solid foundation for cyber defenses, and I know of organizations that (Read more...)