Balance Budget and Tools by Rationalizing Your Security Stack

The New CISO - A podcast by Steve Moore - Joi

Categories:

Gorka Sadowski, the CSO of Exabeam, joins us on this episode to speak about his decades of experience in cybersecurity and what he’s learned about acquiring new technology.  Gorka’s Journey Although Gorka became Chief Strategy Officer for Exabeam only three months ago, he has over 30 years of experience in cybersecurity. Gorka has learned many valuable lessons along the way, especially during his time at Gartner, the global IT service management company.    Each year, Gorka spoke to over 600-700 clients and vendors about their successes and failures. Although rigorous, the beauty of this is that by speaking to many different clients, he was able to recognize patterns on what works and what does not. Both vendors and clients benefit from these conversations. Newfound knowledge emerges, which is then studied in a more formal setting and is later published as research by Gartner.   Non- Gartner research then compliments what is learned in the conversations of Gartner clients and vendors.   The Pitch Problem  One of the biggest issues that Gorka has identified is a misalignment with expectations of a product and the value proposition it’s supposed to fill. He feels that vendors oftentimes like to take liberties on pitch of their products and sometimes, the readers of the pitch can get caught up in wishful thinking.    As someone who has spoken with both sides of this problem, Gorka feels it’s best to begin with why—why does someone need your tool? Then work your way through the how and the what. He discusses Toyota and their message as an example of the why aligns with the what. Listen to the episode to hear more on what Gorka means by this.   Building Trust There are no shortages of huge claims or startups that promise everything. The CISO or the client organization need to learn how to pierce through the veil and filter the messaging they receive, and they need to do so diligently.    Gorka advises vendors to build trust by being consistent and have the humility to admit when your technology cannot accomplish what the client wants. Ultimately, this will help you. It takes time to build trust, which Gorka reminds us, is not a binary quantity. Growing trust occurs with baby steps. Ultimately, things don’t have to be perfect for things to be great.  What Covid Revealed  Gorka believes that Covid revealed that many companies are using outdated or underutilized technology. But the pandemic also brought out the need to take stock of what a company has and question if it needs to be changed, updated, or encouraged. If you realize there is some old technology that isn’t useful anymore, you benefit from not just getting rid of it, but from saving yourself the cost of maintenance. This will free up your budget for new technology.  The CISO and the Vendor Many times, the CISO is—and should be—skeptical. Gorka believes you need a healthy dose of reality so that you can understand the factors at play and to avoid being burned. By the time someone reaches the position of CISO, they can “smell the BS,” as they know how to pay attention to body language and asking the qualifying questions.    Gorka also stresses the importance of the CISO creating an engaged process to buy new technology. He encourages CISOs to bring in many people and get more of the company involved. Listen to the episode to hear more of his thoughts on this.  The Why, the How, and the What  Gorka gives advice for the pitch itself. He iterates that the vendor and the client have to both understand why the tool is needed, in addition to how one can operationalize this tool. The organization must clearly see how they can embrace and implement this new tool.    It’s important to follow up with the specific question of what value can this specific company...

Visit the podcast's native language site