Security's Everyman

Security's Everyman

Thursday, September 14, 2006

FUD vs. Truth

One of the things that I've noticed as I find new blogs to read is that there is a lot of good natured disagreements between bloggers. One will make a comment on a topic and the other will blast him (but then it's almost as if you can see them going out to get a cup of coffee together later). Alan Shimmel currently has a debate going with most everyone else, but here he is in the ring with Mike Rothman regarding FUD and Vendor honesty.

Here is my two cents worth. Most vendors that I've talked with, especially if they are with a large company, will try to sell you using FUD until they find out that you didn't just fall off the turnip truck. Then many of them will continue this route because they don't know their own product well enough to debate it's merits with you. They know enough about technology to be dangerous and enough about sales and marketing to be stupid. And as long as they can find the people who will listen to their FUD and then buy based on that they will continue down the same path. I read a quote once the went something like this "As long as there is someone who will buy a cheaper product there will be someone to make it." The same could be said for sales. As long as people buy based on fear the sales people will pitch their product based on fear.

As security professionals, no matter what level you are on in the company, we must continue to fight to be involved in the vendor and product selection process. I've been handed a product too many times that was purchased without IT input and told to make it work. As long as this happens then we are at the mercy of the vendor.

2 comments:

alan shimel said...

Andy- thanks for reading the blog. Your right, like Forrest's mom says, stupid is, as stupid does. I don't think security software buyers are as naive as it is made out. Sales people just do not find that many "easy marks" that they can FUD into buying software. Also, I can't recall selling any software to a company where the IT department is not involved. I am going to write further on this today in my blog.

Andy, ITGuy said...

Alan, Thanks for the comment. Sorry for the mispelling of your name.

You are right. I didn't mean to sound like that was always the case. My career has been with SMB's and in many cases having IT involved meant that the CIO was there, but he was not a "real" IT guy. I'm lucky now b/c my CIO is from an IT background but he knows his limits and has me intimately involved in these things.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.