Meet the Atlanta Cyber Week Influencers: Georgia Pacific CISO Discusses Best Practices for Cutting Through the Noise of Cybersecurity Vendors

By Francis J. Cioffi, CISO, Georgia Pacific

In today’s world of technology, you can’t go a day without reading about yet another security incident, breach, attack or other type of cyber event.  It seems that no matter what you can do, there is yet another way an adversary can penetrate your defenses to cause harm to your business.  This causes companies to look to their vendors and providers to help them in developing defenses that can prevent cyber incidents and protect their organizations.

Therein lies the problem….  It seems like there is an unending line of vendors, tools and products that all claim to make your systems impenetrable and protect you from that next cyber event.  All “want to help” and spend countless hours demonstrating how their products and services are the silver bullet to your cyber woes.  Each vendor may indeed have a product or service that may be valuable to your organization.  They key is how do you navigate through what seems to be a plethora of solutions to balance costs and benefits.

The first step is to clearly understand “what is the problem you are trying to solve” vs. wading through solutions that are “looking” for a problem.  Too many times, we get enamored by the next shiny product and begin to amass an inventory of products and solutions that take a small army of technicians to manage, appear to overlap in areas and drive our costs higher each year.

Here are a few steps you can take to help in navigating down the road when shopping for cybersecurity services and solutions:

  1. Have a clear understanding of what the problem(s) are that you are trying to solve. This will enable you to focus your investigation on those areas where you have a well understood problem.  Don’t fall into the trap of “solutions looking for a problem”.
  2. Identify the leaders in the security space you are targeting (via research services, trade publications, etc.).
  3. Benchmark! Talk to customers using the product and reach out to your own internal network to gauge the value others are seeing.
  4. Have a tool strategy developed. Consider leveraging SAAS offerings as your first choice vs on-premises alternatives.  This will eliminate capex costs and enable you to rapidly get up and running.  Additionally, in today’s rapidly changing market, it will allow you the flexibility to exit a vendor without having the baggage of sunk costs.

These four simple steps will take some of the confusion out of the equation when seeking cybersecurity services and solutions. Want to learn more about how to choose the right security vendors for your business? Visit to learn more about the events of Atlanta Cyber Week happening October 2-6, 2017.