Futaba _ Webs πΈπΈππΈπΈ
Should 3rd Party Vendors Be Trusted? πΈπΈππΈπΈ
Today's article is going to dabble into a little area regarding vendors in the Cyber Security landscape, specifically, the overall authenticity of one, which plays a crucial role in both picking one, as well as TRUSTING one.
π Article π Glossary π Catalog π Home π Search Modeπ Article Glossary
πΈ Synopsis πΈ
Today's article is going to dabble into a little area regarding vendors in the Cyber Security landscape, specifically, the overall authenticity of one, which plays a crucial role in both picking one, as well as TRUSTING one. All of which I'm saying could also be applied to anyone that tries to sell you a product, so do pay close attention so you don't get duped.
πΈ Article Topics πΈ
I'll be discussing the following topics in order: π Disclosure of Results π Leading By Example You can click on any of the topics to simply check that one out if it interests you! NOTE: Articles are read from LEFT to RIGHT via 2 columns! Read the first column all the way down and then move to the next one!
πΈ Key Links πΈ
Here's a quick run down on all the main links that are in the article in case you want to check them out first. π LinkedIn Version
π Should 3rd Party Vendors Be Trusted?
Disclosure of Results πΈπΈππΈπΈ
Should you get reports from Security companies that claim such and such in terms of overall results from whatever product they're selling?
Well... Yes, of course. Absolutely they should provide this information to the public so they can look it over as well as various other auditors to verify if such information is true. Now I'm not talking about PRIVATE PRIVATE INFORMATION because that's a given no no, but overall when you design security products, or ANY product for that matter, you should wanna show the fruits of your labor.
I've been noticing a trend lately with Cyber Security firms, specifically new and upcoming ones trying to compete, where "tell" but don't "show". They'll claim they have the best detection system and that it outdoes many others, but when you ask them to SHOW you, they refuse to show you the results on a basic level. It's as if they simply want you to take you on their word and just buy the product, doing whatever it takes to prevent you from having some sort of sample or review of any kind, which is bad practice considering the fact it involves "Cyber Security", where 3rd party vendors have been known to ahem.... cause "breaches". You pick up what I'm putting down?The laughable part? They take advantage of the fact most Cyber Security related services engagements are "Confidential" in order to get you to take their word for it. What do I mean by that? Ever been in an interview as someone's that worked in Cyber, but you couldn't really discuss what you specifically did there due to NDA's? Yeah that's what I mean by that.
Don't even get me started on how they exploit folks that don't understand much about Cyber in order to buy them into what they're selling.The funny part about this is there are OBVIOUSLY ways to advertise what their products do and the overall results without breaching any form of NDA. How? I dunno???? Show us some test results and then actual feedback from places that ran said product?
Leading By Example πΈπΈππΈπΈ
What is a good example of what I mean by SHOWING? Wiz For example. Not only do they advertise a good product as well as other services, but they CONSTANTLY show you their overall competency through the intricate findings via their whitepaper security research they rep with pride. This can also be seen through the very employees that work there that show it off as well such as Stacey Lokey-Day for example. Not only does this generate interest in their products/services, but it opens a window of TRUST, where I can SEE the results.
When you're confident in what you're selling, you'll never have issues showing people what your product is capable of.
I spoke good faith about him MANY times, even featured him in some of my past articles for people that wanted to break into Cyber, but he dropped the ball on this one.
He had the potential to become one of the greats when it came to Cyber Security training and industry certs. Now I have to take back what I said and revise a lot of that stuff.
If you enjoyed this post give it a thumbs up! Iβll be keeping track of whose reacting from now on as there is a βspecialβ reason for it. Just know the more you support my content the more there is in stored!
- The Hacker Who Laughs πΈπΈππΈπΈ
