It's all checkbox driven development. I'm a PM in the space and it's all snake oil. At least we have amazing ACVs compared to other B2B sectors and a captive market.
F** Gartner and Forrester for forcing us to concentrate on this instead of actually solving problems
Sure, but there are SOME that aren't selling snake oil. I'm invested in one of them. But yeah, most are. I guess the interesting question for me is how long does it take for the real wheat to stand out from the chaff.
You might have an amazing product that solves a relevant security issue but Enterprise sales cycles and checkbox driven procurement force you to incorporate half baked features in order to capture the next fad.
Look at the XDR hype train 3 years ago, ZTNA 2 years ago, and the whole CNAPP/CASB/CSPM buzzword BS
Tbf, I am being a bit dramatic about it, but I feel the split persona sales cycles we're forced to deal with incentivizes checkbox driven development.
Such is as it's always been. A few years ago, I worked for a B2B enterprise data security firm. We didn't sell snake oil at all -- but our customers were so used to hearing snake oil salesmen talk that they had very odd demands that didn't improve their security. And in some cases, reduced it.
Dealing with those expectations was always an issue.
Agreed! I was a bit dramatic with the whole "snake oil" statement, but managing buyer expectations and competitive pressures is definetly a grating experience.
So how much would it cost to hire a hacker to breach a system deploying their solution?
I bet you if you asked their VP of engineering: “If I had one skilled hacker and a year, are there any non-trivial customer deployments that could stop me?” The answer would either be a resounding no or they would not be able to point to a single shred of evidence supporting their assertion like a red team exercise with those parameters.
I work at one vendor currently and have worked at a few prior. The difference is astounding - my previous gigs, including one of the biggest vendors ever was exactly as you said. My current gig is exactly the opposite - strong focus on real security insights and value, none of the box-ticking bs, and a great roadmap. It is rare, but when everyone at the org, and especially the product side really know how attacks play out - you can make a real impact on the world.
Okay, but how much would it cost to hire a hacker or red team to breach your systems? Is it more or less than $10M? If I had one competent hacker and a year do you think you could stop me? How about three people and a year?
Between tax software and security software, I really need to shift careers into something so boring and bureaucratic that all I do every day is stamp my seal on random requirements documents that meet some qualification. Imagine working at Avatax and just getting money hand over foot because the US can't make a decent tax code system
F** Gartner and Forrester for forcing us to concentrate on this instead of actually solving problems