It was during an interview at Infosecurity Europe when my interviewee said to me “Every single vendor in this exhibition hall does exactly the same thing” when I realized that I’m actually quite protective about our industry’s vendor community. The man, who I won’t name (nor will I interview again) proceeded to tell me that his company was the exception to this ‘rule’. I’m rolling my eyes even as I recount this conversation.
I’m not going to pretend I’ve never criticized the marketing methods of the industry’s players, or that I believe each and every company to be doing something unique, because that would be a falsity. That aside, our vendor community is a concoction of some – perhaps most – of the best minds and talent in information security. The investment these companies are pouring into research and development is not only impressive, but it’s the foundation on which much of our intelligence pivots upon.
Of the twenty interviews I conducted during the three-day spectacle that is Infosecurity Europe, the conversations that stand out in my mind as the most interesting and engaging were all ones with vendors. Take Jack Daniel (Tenable) for example, or James Lyne (Sophos), or Trey Ford (Rapid 7) or Kevin Mandia (Mandiant), or Rik Ferguson (Trend Micro)…I could go on, but I won’t. Not only are the aforementioned all hugely respected and give a really good interview, but they’re actually changing the shape of the industry. How often could you say the same of a CISO or an end-user?
It’s absolutely no coincidence that when scouting for the Infosecurity magazine Summer Virtual Conference keynote interviewees that my search led me to James Lyne and Steven Chabinsky, chief risk officer of CrowdStrike. I invited Chabinsky to deliver the US event’s keynote address hot on the heels of his company’s release of the Putter Panda report, which alleges to uncover a second Shanghai-based PLA hacking group targeting US and European organizations.
And as for Lyne, I quizzed him on his latest research, the vulnerability he wished he’d have discovered and, quite frankly, what goes on in that brilliantly scientific brain of his. If you didn’t catch it live, it’s absolutely worth a listen on-demand.
But I digress. The vendor community employs many of the brightest minds and most innovative developers, researchers and coders. Sure, they are also responsible for a lot of FUD showered across the industry, and yes, their marketing messages are often questionable. But is there an industry that isn’t guilty of dubious marketing? I could use L’Oréal shampoo every day for the rest of my life and my hair would no closer resemble Cheryl Cole’s than it does today.
During my eight years in this industry, I’ve watched as the end-user superiority complex has grown. There’s an absolute power imbalance, and this is completely logical: end-users hold the budget that the vendors are fighting for. But, I guess my plea is this: Let’s not be dismissive of the vendor community. They have a lot to offer, and a lot that we need.
And to the man who I referenced at the beginning of this editorial – don’t believe your own hype!
Before I sign off, let me share some exciting news with you: infosecurity-magazine.com will be re-launching in August and is looking absolutely amazing. The Infosecurity team (especially – and big shout out to – Rebecca Harper) have been working really hard to create a site that you, our loyal readers, can’t live without. So you should look forward to that...