View this email in your browser

Defense in Depth

Gartner Created Product Categories

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Our guest is Corey Elinburg, CISO, CommonSpirit Health. Here’s what we discussed:

Do new product categories help only vendors and not practitioners? Do we really need more categories of security products? This was the complaint of Caleb Sima, CSO of Robinhood who said, “This helps only vendors and not security practitioners. It’s over complicating a space that needs more simplification. Please stop." Every new Gartner Magic Quadrant may complicate the marketplace but at the same time helps us understand the other vectors we need to protect. Do new categories of security products help or hurt the industry?

New categories are a response to an evolving industry. "The fact that there are prior market constructs suggests that there will always be new constructs,” said Neal Hartsell of Mile1 Marketing. “To say otherwise means that one somehow adheres strictly to the prior set, which is a function of what we knew about data ingest, analysis, and output representation at the time. It's merely evolution." But Ian Tibble of Seven Stones Infosec sees category creation as a marketing tool: "With vendors, a new acronym helps to convince the uninitiated that their solution is a new solution, and not what it really is - a mix of old stuff."

We name it so we can all be on the same page. "Naming a technology makes communication easier. Where all this falls apart is when marketing is given the job of differentiating the product in their messaging,” said Adrian Sanabria, Valence Security. “Everyone wants to be in a bucket of ONE so they can claim to have no competition, to be unchallenged." Dick Wilkinson of Proof Labs agrees, "Yes, sales are driven by ‘newness’ or differentiation from other products and so vendors literally make up imaginary trends and then try to corner the market on that trend with a rebranded version of the same old tool.”

Categories are critical to be visible to analysts and thus sales. "Analysts would never include us in a report without a category, as we would never fit the criteria for their existing categories, or we'll be on the losing side of an existing quadrant, as we don't have the ‘basic features’ required to be a leader," said Lior Yaari of Grip Security. This greatly threatens the discoverability of innovative companies looking to deliver point solutions. 

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Thanks to our podcast sponsor, Egress

LIVE!

 Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Steve Zalewski, co-host, Defense in Depth.

Thanks to our Cyber Security Headlines sponsor, Tines

CISO Series Podcast LIVE!

[5-3-23] BSidesNOLA 2023 and CISO Series Podcast – It’s Happening!

Here’s a little preview video

of what’s going to happen at BSidesNOLA 2023. This is going to be a star studden cyber nerd event with Winn Schwartau and BSides co-founder Jack Daniel. We’ll be doing a live audience recording of CISO Series Podcast with my former co-host, Allan Alford, CISO Precedent and host of The Cyber Ranch Podcast and Mike Woods, corporate CISO, GE.

Here’s everything you need to know.

WHEN: May 3, 2023 (BSidesNOLA 2023 is a full day event. We’ll be closing out the fun at 3:20 PM ET.)

WHERE: Hyatt Centric French Quarter New Orleans (800 Iberville Street, New Orleans, Louisiana, 70112)

>> REGISTER HERE <<

Huge thanks to our sponsors: Conveyor, Nightfall AI, and Rapid7

Cyber chatter from around the web...

Jump in on these conversations 

"What do you do when people leave the org but yet they had access to lots of high profile passwords?" (

More here

)

"What are your recommended password vaults?" (

More here

)

"So my yearly raise was...2% Is the field still in demand, they threatened our low raises because of 'hiring freezes'" (

More here

)

Coming Up On Super Cyber Friday...

Coming up in the weeks ahead on Super Cyber Friday we have:

• [05-12-23] Hacking Security Culture

• [05-19-23] Hacking the Software Supply Chain

• [06-02-23] Hacking the Future of Risk Management

Save your spot

and register for them all now!

Thank you!

Thank you for supporting CISO Series and all our programming  

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.