Founder & CEO @ Hacker in Heels • Award-Winning Advocate for Women in Cybersecurity • Certified Cybersecurity Career Coach • vCISO for Women Entrepreneurs • Military Spouse 👩💻✨
FINALLY. I have been waiting years in my career for this. The moment when someone calls out the rampant corruption taking place between CISOs, security vendors, and VCs. As an *ethical* security practitioner and founder, witnessing this behavior has been maddening. For all the people who haven’t been able to break into the CISO role they’re more than qualified for, Consider the machine that is enabling these people to rotate among companies. These CISOs hop over and over again, rip out perfectly good solutions, invest in poorly built ones, upset the teams, and pocket a very very big penny despite causing chaos and wasting heaps of money. ➡️ How many times has your CISO brought in a new tool and as a practitioner you had to spend more time teaching THEM how to build the product, than you actually using and getting value out of it? This behavior puts our society at risk, and drives cybersecurity talent out of our industry. Its time for CISOs to be held accountable, with this conflict of interest put to an end. Thank you Brian Krebs for sharing this article. #cybersecurity #ciso #vc
Chad Loder
7mo
This is so unethical! Glad to see it getting some attention.
It is maddening. You already know how hard they make it to break into this CISO club - only to see that the same 10 CISO move about AND NOW TO FIND OUT THEY ARE UNETHICAL TO BOOT. My gosh, this industry is so broken. Disappointed.
Gentry Lane
7mo
Are we the same person, Stacey Champagne I think we might be twins.
Kristen W.
7mo
We have seen a bit of this too. As an independent security product company, we have been displaced by inferior products that our customer's IT and security teams did not want. The practitioners put business cases together for their CISO of why they should not make the change. But the CISO, who is often a short-termer, mandates the purchase of other products sold through a portfolio company. This not only compounds the burn out in security teams, but it also wastes money, while also potentially making them less secure.
🛡️ Rob Babb 🛡️
7mo
Transparency is what’s important in this context and it’s severely lacking. As a security industry we’ve seen time and time again how there is a perceived security through obscurity. In the sense of maintaining the obscurity of these “loyalty programs”, there’s a outward perception that these startups are more “valuable” or have more “interest”, “hype”, or “momentum”. But as this shows, that is all fictional and propped up falsehoods and lies. I’m reminded of other procurement cycles that are more public RFI/RFP driven with public notification of which projects are being worked on/budgeted. That level of transparency would do a lot to change our industry and eliminate much of this mess. The biggest challenge of most startups is 1) finding customers looking to solve the challenge they are fit for, and 2) getting access into the process when there is a project. If every company was more transparent with 1) which projects they are working on and when, 2) had an open and transparent criteria process, and 3) had an open submission and evaluation process, then the ability to have a “loyalty program” would be much more difficult and all the companies would compete in more fair ways.
Duane Gran
7mo
I won't even accept a Yeti Mug as thanks for taking a sales call because it may have the appearance of corruption. All of us need to aspire to a high standard because we are in the business of trust.
Peter Rus
7mo
Hacker in 👠 ok .. well i think it has to do with the board members saying we have a bag of money but no strategy, the vendors we have shiny brochures amd a lot of vulnerabilities but 100% security doesnt exist and Gartner getting paid to parrot sollutions that are than easily bought because Gartner says so .. and the consultants dont know the difference between a backup and snaphot environment and production environment amd that you always run one version lower than in production..really do have to do lifecycle b management with our soc monitoring too.. guess what yes . 70% of the fortune 100 and 50% of the fortune 500 found out that a DR plan on saas isnt the same as a risk based exercise on your supply chain #NIS2 #DORA #time4achange
Chris Tillett
7mo
Take that 2 million away and would Wiz be where they are now? Doubtful.
Mark Fullbrook
7mo
Could I perhaps suggest a “slight” change to your post? The moment when someone calls out the rampant corruption taking place between “some” CISOs, “some” security vendors, and “some” VCs. There are some great start up vendors out there that are trying to build a business without this type of help, and there are some amazing CISOs who are making good, business driven decisions to invest in cutting edge technology. It’s hard enough for small vendors to be heard above the millions and millions of marketing dollars being spent by some large security players or the insistence of analysts on grading tech on how many thousands of customers a vendor has , without tarring us all with the same brush. I’m not saying that’s what you’re doing, but that first paragraph does read that way. Have a great weekend.
Senior Director | Technology Sector | Cybersecurity | Cloud | Leadership & Workforce Development | Lifelong Learner | TS Cleared
7moYou would have thought the pharma industry would have taught them something, as mentioned in the article. Also one interesting point, am I missing something… “They report directly to the CEO” …that was stated directly about CISOs and there is a lot of debate of where they should report but I have found most report to the CIO, maybe CFO, possibly the COO, but only rarely and probably only in small start-ups the CEO. Small point relatively irrelevant to the article, but it caught my eye.