Here are seven minutes of the best moments from “Hacking Tool Optimization: An hour of critical thinking on improving the efficiency of your security products”.

To watch the entire video chat and see the discussion, go here.

Joining me in the discussion were Chris Kennedy, CISO, AttackIQ and Craig Goodwin (@mrcraiggoodwin), chief trust & risk officer, Fujitsu.

Got feedback? Join the conversation on LinkedIn.

Thanks to our sponsor AttackIQ

AttackIQ is pleased to extend a special invitation for you and your team to participate in AttackIQ Academy for advanced cybersecurity training. AttackIQ Academy was designed to educate security professionals on the MITRE ATT&CK framework, breach and attack simulation, and purple teaming. Course attendees are eligible for (ISC)2 Continuing Professional Education (CPE) credits. Best of all, there is no cost to attend!

Already, more than 1,500 security practitioners around the world have registered to learn state-of-the-art defense best practices and get hands-on with the Academy’s cyber range labs. You can check out all the content and register here.

Winner of “Department of YES”

Winner of BEST BAD IDEA, Matthew Thomson, vp, IT security, Community First Credit Union – Appleton Wisconsin

Honorable bad ideas:

“Buy all your security tools from whichever company the CEO’s spouse has heard of.” – Ian Poynter

“Buy different vendors for every layer because ‘WHAT IF THEY ARE HACKED?’ The more vendors you use the safer you are.” – Chase Pettet, Wikimedia Foundation

“If one tool is good, more is better.” – Matthew J. Winkeler

Best quotes from the chat room

“I think as an industry we have outside influences that push us to purchase tools to ‘fix’ the problems, but really they create more care and feeding. We see so much of the marketing of what each tool can do and how it can integrate with everything else we have, however we don’t plan the projects out enough to actually use all those integrations before we’re moving onto the next product.” – Matthew Thomson, vp, IT security, Community First Credit Union – Appleton Wisconsin

“It’s amazing how many tools one will find that don’t actually fill any of the requirements, especially in organizations that acquire first and ask questions later.” – Ian Poynter

“The moment you purchase tech, you are at a negative ROI, you don’t have positive ROI until you can prove a level of protection from a control.” – Dan Holden, The Home Depot

“Some people don’t know the purpose, so they might not know the problem which they solving for. Bringing tools when you don’t understand the problem is a flawed implementation from the beginning.” – Christophe Foulon, GRIMM

“You need to constantly optimize your Risk and Risk Quantification, a tool can be fully optimized but the RISK increased X3 , just see what is happening with Ransomware in the last months , the ‘mid level’ fully optimized tool are barely cutting it, optimization must be from both Tools and Risks, constantly adjusting.” – Eli Migdal, Boardish

Follow us on Crowdcast

For as long as we can handle it, our video chats will be happening every Friday at 10 AM Pacific/1 PM Eastern. Please follow us on Crowdcast to be alerted the moment a video chat goes live.