What does Car Sales and Real Estate dot com have in common with Cyber?

In our digital age where data is power and knowledge, I have spent over twenty years working on projects comparing Cyber Vendors to Client Needs:

"Problem #1 = Can it be solved by Cyber Tool #1 (Best), Cyber Tool #2 (Maybe), Tool #3 = Not a fit. What if Tool #2 had some of Tool #3? Is that better than Tool #1? How quickly can I get it?

We have heard it all before, Unique Value Proposition, Fit for Purpose, Best of Breed/Class... (Don't hate on me my Vendor friends and Reseller Partners).

As cyber risks evolve, coupled with growing Government and Industry Cyber Security Obligations and Regulations, speed to find the right cyber tool to mitigate today's risk and prevent future anticipated risks, has never been so complex.

The ACSC received over 76,000 cybercrime reports, an increase of nearly 13 per cent from the previous financial year. This equates to one report every 7 minutes, compared to every 8 minutes last financial year
https://www.cyber.gov.au/about-us/reports-and-statistics/acsc-annual-cyber-threat-report-july-2021-june-2022#:~:text=The%20ACSC%20received%20over%2076%2C000,8%20minutes%20last%20financial%20year..

Finding, Selecting, Testing Tools is very much like buying a car or property:

What do I need?

What do I want?

What are my MUST Haves?

What are my NICE to haves?

What can I live with/without?

Is it Safe/Good neighbourhood?

Can I AFFORD it?

How does it COMPARE to other Cars/Homes?

Who can provide it?

Is this the best price/value/fit for my current state, and how I intend use it in the future?

Unlike cars and property, even health insurance and energy suppliers, sourcing Cyber Vendors is modelled on a few basic steps:

1. Speak to existing Suppliers for recommendations.

2. User research aka "Google is my friend".

3. Asks Peers for recommendations.

4. Spend weeks with cyber vendors listening to presentations, demo's, POCs, Bake Offs etc.

Each process is time consuming and inherently based on biases, whether we choose to appreciate the bias or not e.g.

1. Existing Suppliers will only promote what they Supply.

2. User research is limited to your own understanding of the problem and possible solution.

3. Peers will recommend what they have used before, not what may be the best available tool for your specific needs.

4. Cyber Vendors will pitch their Use Cases based on "their strengths" to 'close' the deal.

Transparency in modelling solutions to problems is like finding a needle in a haystack of needles!

But no more...

Leveraging decades of working experience in RFP's, RFI's and RFQs, open and closed tenders, consulting for vendor selection, mapping capabilities to Comply, Partially Comply and Non Comply, has led me to develop the "World first, market leading best of breed, unique tool"- Jokes, you will not hear that here..!

You will however, find an independent tool, to which its sole purpose for existence, is to clearly, concisely, and constructively, map Cyber Vendor capabilities, with a Comply, PC, NC metric, purely based on Cyber Industry Standards such as NIST CSF.

No Bias.

No Preconceived Ideas.

No Vendor or Supplier pitches (at least at the first stage of your information gathering stage).

Again, can someone tell me why we have comparison tools for non IT related items, shoes, cars, property, health, but as industry leaders and veterans in our technology field, we do not have a Comparison Tool that makes our lives easy? Didn't think so.....

And with recent Australian Government Obligations such as CIRMP (Critical Infrastructure Risk Management Program, which is an annual requirement) dictating a 6 month period to Comply, which commenced Feb 2023, and with a 12 month grace period, can anyone please tell me how our CI Sector can efficiently step through the maddening process of Vendor Selection?

Here's a snapshot of your SIMPLE (?) choices.

Good luck sorting through all of that within 6 to 18 months.

Watch this space.

Positive Change is Coming.

SecureBID 2023.