CISOs, what's the secret ingredient to a healthy and productive relationship with your cybersecurity vendors?

Vendor Management Business Relationships

1k views2 Upvotes2 Comments

Sort by:

Director of IT in Software3 years ago

Continuous feedback and an open discussions about your needs, software features/updates needed, things that can be improved in the support etc.

Director of Information Security in Energy and Utilities3 years ago

Plenty of coffee dates. :) But on a more serious note you as a CISO need to know what you need and vendors need to have patience and understanding that not all technologies are relevant or needed for a particular organization. Pitching all the products your company offers doesn't make a lot of sense most of the time because there might be overlapping technologies in use and worst case scenario you end up looking desperate as a vendor if you pitch too many things.

Content you might like

If you currently work in the healthcare industry, how do you currently inventory medical, IoT, and IoMT devices?

Fully manual inventory17%

Automated software system with full visibility46%

Software system with limited visibility16%

Mix of automated/manual inventory15%

Other (please comment below)4%

View Results

What’s the best way to push back against a leader or peer who’s overzealous about adding AI where it isn’t needed?

My company has 2 Internet egress points behind 2 hide NAT IPs. One of those IPs is getting listed on Akamai's reputation list, and any Akamai customer who blocks traffic using their reputation score, is blocking my company (site forbidden with edgesuite error). We are not an Akamai customer, and when we ask their tech support for details on the reputation score, they will not provide; they simply point out the high level reasons why one might get a bad reputation. We have hunted for any internal host that might be sending out malicious traffic and causing this, and we have not identified any. We have 30k employees all using one of those 2 hide IPs, so this high traffic volume could be the trigger. Also, when we visit Akamai's reputational checker site, it says "your IP did not receive a bad risk score". So we get inconsistent reports from Akamai. Anyone else experience this and/or have suggestions on how to get Akamai to provide details so we can identify why we are on their reputation list?

CrowdStrike outage: Any quick advice for orgs affected? What immediate actions are your IT and other teams taking to mitigate the effects of the outage?

What do you do with unsolicited vendor gifts?

Keep it20%

I never accept them31%

Donate it12%

Depends on the dollar amount31%

Other (leave a comment)4%