A common trip up in cybersecurity: buying the best solutions (e.g. top right of Gartner or big league Forrester or whatever) and then not having the resources/skills/whatever to actually use the solution.

You can buy the best - can you run the best? If not, it ain't the best.
That isn't a slam of Gartner as they can be really good resource, particularly the detailed reports.

But aiming for the best in what you're told by externals doesn't always mirror the best in your situation.

You'll see it time and time again with, for example, SIEM in orgs.
A good sniff test is find out how many full time heads are needed to run a solution. If a vendor thinks zero, they're probably wrong. If they don't know, ask for a reference call with a similar org.

The last reference call I had, the customer admitted they didn't even use tool.
The replies on these 3 tweets are a pretty good summary of the kind of problems real world orgs have.

Here's an example of a classic. The WAF 'team' being some person who went on a training course once, solo
running a 24/7 critical service on side. https://twitter.com/ashu_barot/status/1385305262248980483?s=20
You can follow @GossiTheDog.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: