While in presales, I went to many customers talking about security technologies.
At that time, we would sell and implement the next technology. From next-generation firewalls to endpoint security. Of course, we also sold Identity and Access Management solutions.
I remember a customer asking “What is the new security box I have to put to be secure?”
His point was that now and then he had to put another box to feel secure.
He said he had put more boxes than he cared about, and he said it was always the same:
– A vendor came and talked about one new scary threat.
– That same vendor said he could feel safe by putting another box.
– The new box took all of his security budget.
– The new box needed an additional budget: support, maintenance, and operations.
He said it like a prisoner on death row.
He had accepted it, as unavoidable as death and taxes.
At that moment it looked to me like a rational point of view.
You put an antivirus, anti-spam, Network Intrusion Detection, Network Access Control, Mobile Device Manager, etc.
What took me time to realize was this guy did not have any kind of plan, strategy, or preparation. He was simply reacting to the new thing with more money.
It may work if the amount of money you have is huge. It does not work if the budget is tight.
If the budget is tight, and in most cases it is, you need to think about what to do next.
Without a big picture and an organized set of priorities, you spend big on fixing problems you don’t have, while ignoring others you do have.
I help companies with a tight budget that want to change the path they have in security management.
Companies that don’t have the budget to change things do not need me.
Companies that have enough budget they can implement everything do not need me either.
I help companies in between those two figuring out what is the best way to spend their budget to improve security.
If you enjoyed this content, come to the newsletter. You will enjoy it even more.