It is critical to have meaningful security conversations with your vendors. Operators depend on their vendors to supply products and solutions that are secure. As all operators have experienced, “secure products” is almost always a vendor afterthought. This leads to an operational risk that in some cases turns deadly.
In this session, we will explore realistic expectations for “vendor security.” These expectations are based on 25 years of operator and vendor experience – with direct experience on some of the nastiest vulnerabilities, horrendous APT abuses, and industry-wide attack vectors. We’ll focus on “meaningful conversations” every operator should be having with their vendor (& providers). The session walked through a “conversation guide” that empowers the staff in an Operator with key questions that would drive and push the vendor to either deliver security, fix their security, or get out and sell their unsecured junk somewhere else.
The session is accompanied by a white paper “Meaningful Security Conversions – Questions to ask vendors to gauge their commitment to “Secure Products” and Demand Security.”
Don’t sit and wait for the next expensive exploit to impact your network. You do not need an expert to have these meaningful conversations. Start with following this meaningful security conversation script.
Vendors will only respond to security issues if their customers demand them to respond to security requests. In a world that facilitates innovation, time to market and competitive pressures dominate the vendor’s “top of mind thinking.” Security is only “top of mind” if their customers are consistently interacting with them to do their best to secure their products. These are the same products deployed on your network.
This session on meaningful security conversations provides the participants with a step-by-step conversation tool that can be used with any vendor. The object is to deliver results so that all parties can reduce risk.
Practical Security Conversations
If you find your organization needs help and worry about the FUD from the industry, reach out and ask for help. These sessions are conducted in conferences, internal workshops, and security group memberships. If you are interested, reach Barry Greene at bgreene@senki.org. These sessions are designed to provide practical, cost-effective, and actionable security assistance. The materials help organizations leverage the talent around them to get started with their security activities. Start with the DDoS Attack Preparation Workbook and Operator’s Security Toolkit. In the meantime, stay connected to the Senki Community to get updates on new empowerment and security insights. You can sign up to the mailing list for updates here: Stay Connected with Senki’s Updates.