A common trip up in cybersecurity: buying the best solutions (e.g. top right of Gartner or big league Forrester or whatever) and then not having the resources/skills/whatever to actually use the solution.

You can buy the best - can you run the best? If not, it ain& #39;t the best.
That isn& #39;t a slam of Gartner as they can be really good resource, particularly the detailed reports.

But aiming for the best in what you& #39;re told by externals doesn& #39;t always mirror the best in your situation.

You& #39;ll see it time and time again with, for example, SIEM in orgs.
A good sniff test is find out how many full time heads are needed to run a solution. If a vendor thinks zero, they& #39;re probably wrong. If they don& #39;t know, ask for a reference call with a similar org.

The last reference call I had, the customer admitted they didn& #39;t even use tool.
The replies on these 3 tweets are a pretty good summary of the kind of problems real world orgs have.

Here& #39;s an example of a classic. The WAF & #39;team& #39; being some person who went on a training course once, solo
running a 24/7 critical service on side. https://twitter.com/ashu_barot/status/1385305262248980483?s=20">https://twitter.com/ashu_baro...
You can follow @GossiTheDog.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: