How Best to Prepare Your Data for Your Tools

#1722348: How Best to Prepare Your Data for Your Tools

Description:	Full Transcript Intro 0:00.000 [David Spark] If customers want cybersecurity vendors to solve a problem, it should be clear how to market the solution. Unfortunately, too many vendors are marketing something buyers really don’t care about. [Voiceover] You’re listening to Defense in Depth. [David Spark] Welcome to Defense in Depth. My name is David Spark, I’m the producer of the CISO Series. And joining me as my co-host, it’s none other than the wonderful Steve Zalewski. Steve, say hello to the audience. [Steve Zalewski] Hellooo, audience! [David Spark] That is his Johnny Carson golf swing right there. You just heard it. [Steve Zalewski] [Laughter] [David Spark] Our sponsor for today’s episode, Steve, is Alteryx, brand-new sponsor of the CISO Series, thrilled that they’re on board, where analytics, automation, and AI come together. You’re going to learn all about just that a little bit later in the show, all about Alteryx. But first, let’s get to our topic. Look at the marketing for any number of cybersecurity vendors, and you’ll see how they’re touting “automated agentic AI.” It’s the first and industry-leading – I don’t know if you know this, but it is, whoever you’re talking to, it’s a first and industry-leading. And making it to market first or winning awards doesn’t answer the question of, “Can your product work in my environment for what I need it to do?” Patrick Garrity of VulnCheck pointed out on LinkedIn that buyers only care “about what problem you solve and if you solve the problem well.” It seems kind of straightforward, Steve, but there’s really a disconnect, isn’t there? [Steve Zalewski] Yes. And here’s why I would recharacterize is vendors solve a problem. That was great five years ago. What we need now is you need to own a problem that I care about. And when you make that transition, now we’re having a today conversation. [David Spark] Well, helping us with today’s conversation about this very topic is a gentleman I got to meet in person. We’ve had him on the show before, thrilled he’s joining us. He is the CISO over at Generate:Biomedicines, none other than Tom Doughty. Tom, thank you so much for joining us. [Tom Doughty] Thanks for having me today. Glad to be here. I didn’t think of these options. 2:16.350 [David Spark] Faruk Ulutas of CyberSkillsHub said, “You note buyers care about how well a vendor can solve the problem. For tight product and market fit, use the three M’s. Moment – where is it in the kill chain? Metric – MTTR, which is mean time to remediate, false positive rate, exposure. Motion – first click to value. And if any of these M’s are fuzzy, sharpen your product or your story.” Marcel Velica of Eventbrite said, “Every new startup or board and founder looks like they’re just sprinkling some LLM fairy dust on top [Laughter] of their app and pitching it like it’s magic. Implementation isn’t just about adding AI to your roadmap and thinking your product is done,” like you said, Steve, “It’s about owning the complexity that comes with putting it in front of real users with real expectations in real time.” So, I think both of these quotes are very interesting in that they focus on how to do your marketing right and how to hit your buyer, which is kind of what you want to do, right, Steve? [Steve Zalewski] So, I like the two quotes because they approach the problem from two very different perspectives. The first one I like because what is the metrics? How are you going to be measured for success? It doesn’t make any difference what you’re doing if the people that you’re doing it for don’t appreciate it. So, I really like that one. The second one really comes back to, hey, there’s 5,000 people now telling me that they can solve world hunger, but none of them are actually explaining what facet of the world hunger problem they own. And one way I look at it is when you go to Home Depot, you can hire all the temporary talent that’s sitting out there, but how do I know which one is good at drywall because they’ll all say they’re great at drywall. And that’s the agentic AI problem is we’re creating virtual identities, but we really don’t know if they can do the jobs that I need to have done. [David Spark] Tom, I’m sure you’ve been on the receiving end of these kinds of targeted and mistargeted pitches. What’s your advice here? [Tom Doughty] Constantly, day to day. And I think it really is true. The idea of if you look at those three M’s, it’s a rare pitch where all of them are cogent stories. So, I think one lens that I use to try to peel back the onion across all three of those M’s is what’s really changed in your solution set that you attribute to your AI marketing? So, is this really proprietary modeling? Is this really a new solution to an old problem? Or is it the new generation of buzzword? Like you’ve heard us talk before about how I hated the term SASE or ZTNA because what did they really mean? AI and agentification are levers, they’re multipliers, they’re not objectives in and of themselves. And if we really peel back the how are we adding simplicity, how are we adding focus, how are we moving further left in the kill chain, there are some answers to that. And I think the moment M is probably the best answers out of those three, but it’s a rare solution where we’re really talking about is it a point solution where your security product that is AI pixie-dusted is really a better play than, “Okay, we’re really still in some of the pillars of the fundamental tooling.” And maybe we need some LLM modeling across the top of it to integrate them and connect them. There’s not a lot of connective tissue in terms of how some of these outputs work. The tools that I see are really good in terms of the data source integration to try to use big data modeling in LLMs. What do we do to action them to help us do something about detecting further left in the kill chain is still a want, I believe, that is glassed over by the pixie dust. [Steve Zalewski] Well, and let me riff on that for a second too because I really like the LLM fairy dust and here’s why. The LLM fairy dust says, “Hey, what’s the easiest thing I can do?” I can try to make you more efficient. So, I can try to make you work faster. But what we’re trying to do is have security be more effective at stopping the attack, and all of a sudden, you kind of hit the wall when we try to ask it to do that because we’re trying to pick the low-hanging fruit. What would a successful engagement look like? 6:35.510 [David Spark] Nick Carroll with Zscaler said, “Disagree. Almost always, the people with the purchasing power are uninformed and easily swayed by buzzwords, which is why they work.” Ooh, these are fighting words, [Laughter] Nick. “Moreover, they work in most cases than selling an actual capability. See, for example, every company racing to adopt agentic AI for everything,” like we said. “It’s a non-intuitive truth that selling on actual capability is less effective, but not everyone has internalized that you’re usually not selling to the people who truly understand the problem space. Rather, you’re selling to people who think they know far more than they do,” to some of this, I’m going to agree here, “And those are the people for whom buzzwords are impressive. This is doubly true at conferences like Black Hat, in my experience, where most of the people attending are executives, not actual engineers.” Black Hat actually gets a good share of it engineers. And let me close here with Paolo Di Prodi of Priam Cyber AI who says, “When we started, we didn’t call ourselves any of those names and we didn’t advert ourselves as such. But now, the first thing they ask is, ‘Are you agentic based?’ etc. I think this meme misses some powerful confounding factors in the industry.” So, Tom, Nick comes out and says, “I know you say you don’t like it, but this is how it sells,” and my feeling is I’m sure you can sell something like that, yes? What’s your response? [Tom Doughty] You can sell something like that, but I always come back to the why and so what, all right? So, it’s not unlike a handful of years ago, everyone said, “We’ve got to get to the cloud.” Okay, you probably do need to get to the cloud, why? Now we don’t even call it cloud, it’s just infrastructure. It’s what we do. So, when you look at that why and so what, what’s your near to midterm outcome? Are you doing more with the same resource? Are you doing the same with less resource? Are you focusing your intellectual power of your smartest and most highly compensated people better? Read rest in the link
More info:	https://cisoseries.com/how-best-to-prepare-your-data-for-your-tools/

Description:

Full Transcript
Intro
0:00.000

[David Spark] If customers want cybersecurity vendors to solve a problem, it should be clear how to market the solution. Unfortunately, too many vendors are marketing something buyers really don’t care about.

[Voiceover] You’re listening to Defense in Depth.

[David Spark] Welcome to Defense in Depth. My name is David Spark, I’m the producer of the CISO Series. And joining me as my co-host, it’s none other than the wonderful Steve Zalewski. Steve, say hello to the audience.

[Steve Zalewski] Hellooo, audience!

[David Spark] That is his Johnny Carson golf swing right there. You just heard it.

[Steve Zalewski] [Laughter]

[David Spark] Our sponsor for today’s episode, Steve, is Alteryx, brand-new sponsor of the CISO Series, thrilled that they’re on board, where analytics, automation, and AI come together. You’re going to learn all about just that a little bit later in the show, all about Alteryx.

But first, let’s get to our topic. Look at the marketing for any number of cybersecurity vendors, and you’ll see how they’re touting “automated agentic AI.” It’s the first and industry-leading – I don’t know if you know this, but it is, whoever you’re talking to, it’s a first and industry-leading.

And making it to market first or winning awards doesn’t answer the question of, “Can your product work in my environment for what I need it to do?” Patrick Garrity of VulnCheck pointed out on LinkedIn that buyers only care “about what problem you solve and if you solve the problem well.” It seems kind of straightforward, Steve, but there’s really a disconnect, isn’t there?

[Steve Zalewski] Yes. And here’s why I would recharacterize is vendors solve a problem. That was great five years ago. What we need now is you need to own a problem that I care about. And when you make that transition, now we’re having a today conversation.

[David Spark] Well, helping us with today’s conversation about this very topic is a gentleman I got to meet in person. We’ve had him on the show before, thrilled he’s joining us. He is the CISO over at Generate:Biomedicines, none other than Tom Doughty.

Tom, thank you so much for joining us.

[Tom Doughty] Thanks for having me today. Glad to be here.

I didn’t think of these options.
2:16.350

[David Spark] Faruk Ulutas of CyberSkillsHub said, “You note buyers care about how well a vendor can solve the problem. For tight product and market fit, use the three M’s. Moment – where is it in the kill chain? Metric – MTTR, which is mean time to remediate, false positive rate, exposure.

Motion – first click to value. And if any of these M’s are fuzzy, sharpen your product or your story.”

Marcel Velica of Eventbrite said, “Every new startup or board and founder looks like they’re just sprinkling some LLM fairy dust on top [Laughter] of their app and pitching it like it’s magic. Implementation isn’t just about adding AI to your roadmap and thinking your product is done,” like you said, Steve, “It’s about owning the complexity that comes with putting it in front of real users with real expectations in real time.” So, I think both of these quotes are very interesting in that they focus on how to do your marketing right and how to hit your buyer, which is kind of what you want to do, right, Steve?

[Steve Zalewski] So, I like the two quotes because they approach the problem from two very different perspectives. The first one I like because what is the metrics? How are you going to be measured for success? It doesn’t make any difference what you’re doing if the people that you’re doing it for don’t appreciate it.

So, I really like that one. The second one really comes back to, hey, there’s 5,000 people now telling me that they can solve world hunger, but none of them are actually explaining what facet of the world hunger problem they own. And one way I look at it is when you go to Home Depot, you can hire all the temporary talent that’s sitting out there, but how do I know which one is good at drywall because they’ll all say they’re great at drywall.

And that’s the agentic AI problem is we’re creating virtual identities, but we really don’t know if they can do the jobs that I need to have done.

[David Spark] Tom, I’m sure you’ve been on the receiving end of these kinds of targeted and mistargeted pitches. What’s your advice here?

[Tom Doughty] Constantly, day to day. And I think it really is true. The idea of if you look at those three M’s, it’s a rare pitch where all of them are cogent stories. So, I think one lens that I use to try to peel back the onion across all three of those M’s is what’s really changed in your solution set that you attribute to your AI marketing?

So, is this really proprietary modeling? Is this really a new solution to an old problem? Or is it the new generation of buzzword? Like you’ve heard us talk before about how I hated the term SASE or ZTNA because what did they really mean? AI and agentification are levers, they’re multipliers, they’re not objectives in and of themselves.

And if we really peel back the how are we adding simplicity, how are we adding focus, how are we moving further left in the kill chain, there are some answers to that. And I think the moment M is probably the best answers out of those three, but it’s a rare solution where we’re really talking about is it a point solution where your security product that is AI pixie-dusted is really a better play than, “Okay, we’re really still in some of the pillars of the fundamental tooling.” And maybe we need some LLM modeling across the top of it to integrate them and connect them.

There’s not a lot of connective tissue in terms of how some of these outputs work. The tools that I see are really good in terms of the data source integration to try to use big data modeling in LLMs. What do we do to action them to help us do something about detecting further left in the kill chain is still a want, I believe, that is glassed over by the pixie dust.

[Steve Zalewski] Well, and let me riff on that for a second too because I really like the LLM fairy dust and here’s why. The LLM fairy dust says, “Hey, what’s the easiest thing I can do?” I can try to make you more efficient. So, I can try to make you work faster.

But what we’re trying to do is have security be more effective at stopping the attack, and all of a sudden, you kind of hit the wall when we try to ask it to do that because we’re trying to pick the low-hanging fruit.

What would a successful engagement look like?
6:35.510

[David Spark] Nick Carroll with Zscaler said, “Disagree. Almost always, the people with the purchasing power are uninformed and easily swayed by buzzwords, which is why they work.” Ooh, these are fighting words, [Laughter] Nick. “Moreover, they work in most cases than selling an actual capability.

See, for example, every company racing to adopt agentic AI for everything,” like we said. “It’s a non-intuitive truth that selling on actual capability is less effective, but not everyone has internalized that you’re usually not selling to the people who truly understand the problem space.

Rather, you’re selling to people who think they know far more than they do,” to some of this, I’m going to agree here, “And those are the people for whom buzzwords are impressive. This is doubly true at conferences like Black Hat, in my experience, where most of the people attending are executives, not actual engineers.” Black Hat actually gets a good share of it engineers.

And let me close here with Paolo Di Prodi of Priam Cyber AI who says, “When we started, we didn’t call ourselves any of those names and we didn’t advert ourselves as such. But now, the first thing they ask is, ‘Are you agentic based?’ etc. I think this meme misses some powerful confounding factors in the industry.” So, Tom, Nick comes out and says, “I know you say you don’t like it, but this is how it sells,” and my feeling is I’m sure you can sell something like that, yes?

What’s your response?

[Tom Doughty] You can sell something like that, but I always come back to the why and so what, all right? So, it’s not unlike a handful of years ago, everyone said, “We’ve got to get to the cloud.” Okay, you probably do need to get to the cloud, why?

Now we don’t even call it cloud, it’s just infrastructure. It’s what we do. So, when you look at that why and so what, what’s your near to midterm outcome? Are you doing more with the same resource? Are you doing the same with less resource? Are you focusing your intellectual power of your smartest and most highly compensated people better?

Read rest in the link

More info:

https://cisoseries.com/how-best-to-prepare-your-data-for-your-tools/

Date added	Jan. 31, 2026, 1:23 a.m.
Source	CISO Series
Subjects	How to Secure Data and Data Protection PodCasts / Webcast / Webinar / eSummit / Virtual Event etc. Security Management/Strategic Security/ROI/ROSI - CISO and Higher Level