Is the cybersecurity industry solving our problems? We’ve got lots of new entrants. Are they doing anything new, or just doing the same thing slightly better?



Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel.  Our guest this week is Taylor Lehmann (@BostonCyberGuy), CISO, Wellforce.

Got feedback? Join the conversation on LinkedIn.

Thanks to this week’s podcast sponsor, Remediant


Eighty one percent of cyberattacks utilize stolen administrative credentials. Yet, legacy enterprise password vaults solve only a fraction of the problem and are difficult to rollout. Remediant’s SecureONE takes a new approach to privileged access management: offering agent-less, vault-less, continuous detection and just-in-time-administration. Learn what Remediant can do in a half-day POC deployment.

On this episode of Defense in Depth, you’ll learn:

  • Industry is just growing symptoms to core issues.
  • The cybersecurity industry is motivated by marketplace which justifies investment. As one might expect many security solutions are just hyped rather than built on innovations.
  • While many of our listeners are rather savvy, we expect most purchases are reactive rather proactive. And if this continues, then the profit-minded vendors will still deliver reactive-based solutions.
  • We’ve got a radical increase in problems. We’re just chasing the problems by spending more money.
  • Security people know that the solution is people, process, and technology, but far too often we’re looking for a ‘box’ to solve our problems. We don’t look at the tougher challenge of people and processes.
  • So much of the security market is reactive in its purchase decision. To improve your success rate in cybersecurity you need to be forward-thinking about building out your security program and your spend.
  • One area of opportunity that not enough companies are taking advantage of is offering dramatically cheaper solutions than alternatives even though they don’t perform as well. There is a definite market for those types of solutions.
  • We always lean on security products to solve our problems rather looking internally at our people and processes.
  • There is always a losing comparison between attackers and defenders. An attacker can come up with a new variant of attack in minutes to hours. Defenders in enterprises often take months to implement patches for known vulnerabilities.