The Current State of Disservice of Security Products and their Vendors

Outstanding Keynote given at VB2019 in London in early October from Haroon Meer & Adrian Sanabria.

Here are some highlights:

2:15 - Visual representation of a “crowded” provider market from Momentum Cyber

5:55 - “Median time for attackers to exist on a network before being discovered is 205 days”

7:00 - “For Infosec, VC model is broken”

9:10 - “Is you security software actually good? Most people can’t tell.”

12:10 - “Complexity is the opposite of Security.”

16:35 - “30% of the security vulnerabilities in the US Government come from Security Products.”

18:15 - “Most security products are not going under any sort of security review.”

20:20 - “Inferior tech is OK - as long as you have a good go-to-market plan.”

21:10 - “Bank of America CISO single biggest security challenge? Dealing with the bazillion vendors knocking on my door.”

25:30 - Hacking industry and product awards.

37:40 - Definition of Market failure “We have all these products but none of them do anything”

38:50 - Hope kernel #1 - 2FAC at Facebook (https://www.youtube.com/watch?v=pY4FBGI7bHM)

40:20 - Hope kernel #2 - bottom up product / market growth

42:27 - The new way - “You can go pretty far by caring about your product and caring about your users.”