Finding Opportunities Through Technology Rationalization

Show video

Welcome to another cybersecurity LinkedIn Live, brought to you by Optiv, the cyber advisory solutions leader. I'm Jon Miller, senior product marketing manager at Optiv. Today we're gonna be talking about security technology rationalization. Now it's not really a new concept, but recently it's becoming up more and more discussions in the cybersecurity industry. The question is, so why, why now? And how can security leaders apply this concept to help their organizations be more effective? With the help of my guests, I hope to answer these questions and some of yours along the way so you can walk away with an understanding of how powerful of a tool this exercise can be to improve your security posture, get more value out of the tools you already own, and potentially even save money over time.

So, without further ado, please welcome today's speakers. We have Max Shier, Optiv's chief Information Security Officer, who not only has a pulse on how effective tech rationalization can be for our clients, but also how it is internally in Optiv's own internal efficiency. And Justin Lam, analysts for 451 Research, S&P global market intelligence, who is no stranger to the topic, discussing it frequently with fellow analysts, end users, and technology and services vendors. Welcome. Now to kick off the conversation, Justin, you have a great view of the market. So why is technology rationalization such a hot topic right now and what factors are contributing to this? - Yeah, John, I think there are several factors that contribute to it.

I think number one is just taking a stock of the last few years, the breathtaking amount of technology innovation that has gone on has just led organizations down a path of trying many, many different things. And I just think that in order for enterprises, as they continue down their digital transformation, they're trying many, many things. Some of them stick, some of them don't stick. And I think coupled with that, now this rationalization process is undergoing where for enterprises the cost of capital is now no longer free, right? So interest rates are rising, alternative investments, you know, investors at the highest level are being more scrutiny, putting more scrutiny on the dollars that they invest into enterprises that are going through this digital transformation. So in the process of doing so, everyone's looking at it and saying, Hey, great, it was easier to innovate when the money was more free. But now we've gotta take a hard look at what's really good for the business, given the more limited resources we have.

So I think at a high levels, that's what's driving the need for technology rationalization. It's certainly something that we see at S&P Global for across all sectors, but also even for information security. - Yeah, and Justin, you make some great points there.

And I think if, you know, to take it from a CISO perspective, if anybody has been to the RSA exhibitor hall just this past couple months ago, I mean, you can see just the amount, the sheer amount of cybersecurity vendors that are out there now. And to Justin's point, when money was free flowing, it was pretty easy to add additional capabilities that were very singularly focused. And I think now we're looking at the other direction, right? How do I get to that single pane of glass? How do I get to a larger ROI on the security stack or tech stack I do have? And a lot of that is gonna surround around vendor consolidation, making sure that you have better integrations.

How do you integrate those tools better into your three year roadmap? So that way the tools that you are implementing makes sense. And you know, identifying where you do have gaps and then leveraging tech rationalization concepts and methodology to really integrate that into your day-to-day activities as a security professional. Where do you have those gaps? And I think that's really the first step.

Take that methodology and take it one application at a time You know, what are my current use cases? What are the vendor is saying our use cases should be, but really looking at what are my use cases for my environment? And then taking that methodology and looking at it as, what capability gaps do I have? And then where can I leverage that tool or leverage other tools that integrate with that to make it, you know, better for your environment, better for your tech stack and better for you as a security professional. Because I think that's what's most important here, is that, you know, you take the tech rationalization methodology and you make your security program better because of it. - Sure, good point. You brought up some points about how people can get more value out of looking at the platform capabilities. Can you go into more detail about that? How can clients extract more value out of the tools they already own? - Yeah, and you know, it's a good point.

It's really kind of goes back to that gap analysis. What capabilities do you currently have with your tools? And I think a lot of us purchase a tool, but we don't look at it in it's holistic nature, right? And I have a couple of examples. So right now we're utilizing a tool called Tessian, and we're using a singular function within that platform called Guardian to prevent mis-sent emails. Tessian in and of itself has several other modules that could be leveraged for email security and everything else that goes with it. And so, you know, from my point of view, it's am I utilizing everything that Tessian has to offer and really does it make sense to consolidate into that platform? Does it make sense that I'm only using a singular capability out of that? And I think that's something that, you know, at least from my example today is a great example of what we could do to look at, to see if we could better utilize that platform and better utilize that functionality.

And even within that functionality, am I utilizing it to its greatest extent? Do I have it integrated into Splunk and ServiceNow so that way it automatically notifies me that, you know, somebody is transferring data when they shouldn't be. Does it automatically notify me when somebody is sending emails to or mis-sending emails to another client that it shouldn't? And, you know, and those are things that I really need to look at. Secondly, I think, you know, you can look at platforms like, if you have a Microsoft D5 license, there's a ton of capabilities in that license that, you know, a lot of companies just aren't fully leveraging. They're utilizing several other tools that have the same capabilities and maybe it's, you know, it meets 90% of your use cases, so you have another tool that fulfills that 10%, but do you really need it? And I think that's something that you can look at to see, hey, so I'm paying X amount of dollars, which is a significant sum for that additional 10%, but is it something that I can eke out another 5% out of my Microsoft E5 license? You know. And so I think there's an another portion there that really I think people have that they can leverage, which is a crawl, walk, run methodology for implementation of tools.

So maybe you don't need the full license right now, which is another part of tech rationalization that I think a lot of people forget is, you know, if you purchase a license, maybe you don't need the full E5 right now because you can't leverage all of the capabilities because you're still fairly immature in your security program and you can't implement the rest of them. Or maybe you have capabilities that you're gonna implement in your three year roadmap that are one, two years down the road and right now you can't fully utilize that. So maybe you need a lesser license. And I think those are two situations really where you can leverage and really see a return on investment there to where you're not killing security capabilities because you're not fully leveraging them for one, or maybe you don't have the capacity to implement it.

But secondly, you really realize where those gaps are and then you can plan for it. And I think that's what's most important here, is that you're identifying those gaps, you're putting them into your roadmap, and then you're planning for those and then working with the vendors that you do have contracts with to ensure that you're right sized within that license for what you need. So that way you can leverage the most out of the license that you have. And then if you need additional capabilities, you can get those when you do need them and when you have the capacity to implement them.

- Yeah, and I think just, those are great points Max. And I think just to add onto that, I think we can't ignore just the perennial, the persistent staffing shortages issue that's out there. You know, and I really like what you had said about this crawl, walk run because, you know, the tools out there and you know, to your point about the RSA show floor, yes, there are literal literally thousands of capabilities out there. And yes, many of them have, most of them have, you know, a great set of, you know, niche use cases to go address. The question is that can the team actually operationalize it Can it actually fold it in? And this is where the crawl, walk, run, I think becomes incredibly important.

I think that in spite of, you know, some of the other broader trends that, you know, we study at our company, you know, the decrease in venture funding for example, you know, you've seen some of the, you know, the layoffs that have happened in the industry, in the broader tech industry, but security staffing remains still very, very critical. You know, everyone that we've surveyed still is actively looking to hire. No one is actually reducing the size of their security teams. And these are companies that are even, still trying to even keep the lights on, if you will.

They may be in a laggard kind of industry or maybe one that's growth isn't so hot, they're still trying to hire personnel. So given that whole secular effect in the industry, I think you really have to take a look at your crawl, walk, run. And as a security leader or as a technology leader, be prepared to have a lot more flexibility in how you apply the program. I think in previous years, you know, a CISO or a security leadership or technology leadership would have in mind, yes, these are the hard dollar amounts that I need to spend on particular spending categories. And now it's like, well, do I really need that? And I think this is where the rationalization comes into play.

If I can swap out maybe going with a crawling strategy with these particular tools, does that free up a headcount for me to improve the overall security program? And I think these are kinds of the trade-offs to, for security leaders to take into account and to keep those in mind as they mature their programs. - Yeah. Justin, if I may piggyback on that too, and I think, you know, a lot of us are feeling that, what you just said, you know, the staffing shortages, et cetera, I think that's something that, you know, is not gonna go away, I think in the near future because we're always trying to leverage efficiencies as businesses, and especially as money dries up, it's going to be where in some cases, you know, the cybersecurity teams are gonna be hit by that.

And so, you know, I think this is a good point to make where you can leverage efficiencies, simplify your security stack, and if you can consolidate into platforms where it makes sense to have, you know, a singular platform for your team to log into where you can leverage those efficiencies and really reduce the amount of administrative overhead, security overhead that is required for your tech stack or security stack, I think that's another good option for you to utilize tech rationalization to leverage those types of things. Because I think, to your point, you know, we, if you have 20 different tools, there's 20 different dashboards that you're gonna have to log into to really leverage the full capabilities of those tools. And let's be honest, I mean, most security staffs are already pretty thin anyways. And you know, if you don't have full integration, which is also part of tech rationalization is where can you better integrate and where can you better utilize efficiencies in the tools that you have? You know, you're gonna run into issues and you're gonna miss things.

And I think, you know, the efficiency piece there is truly important and making sure that your staff is not overwhelmed with the amount of tools or dashboards or capabilities that they're gonna have to try and utilize in investigations. So there is a case to be made for vendor consolidation platform use, et cetera. - You know, one other thing I'll just say on this Max and just, you know, I thought that, you know, it's been on my mind a lot is to, whether you're a security leader in the organization or a technology leader within an organization or an enterprise, whether you are a seller, I think the thing that we're seeing on a broad level as well is the sheer amount of growth, how do I say this? The growth in leverage points that you need in this rationalization, that it is not just a no longer a top-down solitary thing, but it is, there is some give and go that not only occurs within each particular leader's budget, but also within budgets overall.

So if I can somehow some way partner with other lines of business, maybe other technology leaders in my organization, and let's say, you know, I can trade, if you will, some of my budget or some of my short staffing for resources from some other line of business, if I can somehow some way encourage all the developers who might report to someone outside of the CISO's office, if I have an effective security champions program or a purple team or what have you, to be able to defray the security program and make it more diffuse, Hey, that's great, if, you know, developer specific tools that are primarily around security, like privilege access management or secrets management or those sorts of things, if that can be provisioned or procured by technology leaders in say, DevOps or you know, some of you know, product or some other lines of business, I feel like that is a really, really important leverage point in this rationalization process is that by being able to present something, you know, the CISO and the technology leaders and the engineering leaders combined to a procurement team, you know, they might be able to be able to have something that's gonna have more flexibility for all the players involved. But it doesn't necessarily have to be this zero sum game. It has, you know, there can be some give and go, you know, not only among the tools but also among the personnel as well. - Yeah, Justin, you make some great points there. And I think honestly it's one of the things that maybe when security may not look at all that often is how do you leverage existing IT tools that you may not currently have access to, right? Because I think there's some really unique capabilities and some IT tools out there in management software that really security can leverage and vice versa. And security tools, I think there's some reports and things that IT can leverage as well.

I mean, our IT team uses our Splunk exclusively for troubleshooting and identifying where there's issues. And where you have that cross-pollination and collaboration on helping each other have the right access to those tools, and I'm not saying giving each other a carte blanche to each other's tools, but you know, where it makes sense, give them access. See if you can utilize those capabilities.

And to Justin's point, I mean, you know, there's money to be saved there if you can leverage those capabilities instead of purchasing another tool to try and meet those same capabilities. It's a great point, Justin. - For sure. - For all those watching, if you have any other questions, anything you want to add to these pieces, what challenges and recommendations do you have, feel free to drop them in the chat. We'll be sure to read them and address them towards the end or if it fits into where we are at.

So Justin, you made some good recommendations there. What other recommendations do you have for those who are looking to go through a technology rationalization or is going through one? What's some challenges that you see, recommendations to fix that? - Yeah, I mean, I just say the number one thing is, is prepare to have it be a way of life and not necessarily just something where... I mean, I realize that, you know, hey, if there's a hard dollar number to achieve by, you know, December 31st, the end of this year, hey I get that. But I would just say that, you know, overall, I think for the good of the program and not necessarily of a particular project, you know, be able to take this discipline more holistically. I think that, you know, being able to consider, I'm always rationalizing based on what's good for the business. And I think that this is something where, you know, security teams are always trying to get a closer finger on what's good for the business and they want that seat, you know.

And you know, CISOs now have this board level responsibilities even at the highest levels. And I feel like that is well to, in order to keep earning that seat, I mean being sensitive to what the needs of the business are, not only in terms of like what is security going to cost, but moreover what is security going to enable for the products and the services that the company delivers. Having that being a discipline overall, just another touch point, another cadence for security leaders to have that leverage point with the lines of business. I feel like that is something that's gonna be really, really critical. As these times get tougher, you know, securities teams have always sort of implicitly done more with less.

Now can they actually explicitly demonstrate that they're doing more with less? You know, I think that's something where I think about technology rationalization is that it's something that is gonna be over time and it just makes the security program more agile, more fluid, more dynamic to the needs of the company. - Yeah, Justin, I love all of those points for several different reasons. But you know, I'm gonna touch upon the one point that you mentioned first with CISOs and the security team needs to understand the business and what can they do to enable the business.

And I think honestly that is probably one of the things that the security teams need to understand from the beginning is that, you know, as you implement tools, as you implement new policies, as you do things as a security team, one has to understand what you're actually doing to the business as you do those things. And you know, I know it's a little off topic from tech rationalization as I go down this path, but I think it's an important point to note. You have to keep that at the forefront of your mind because if you really start ratcheting down on security policies, you could be doing something to the business that prohibits them from doing their work. And that is something that you don't want to do. You want to implement automation, you want to implement things that enable the business while still keeping your company secure.

Secondly, I think, you know, to touch upon your first point, Justin, and that is really having a regular cadence and building this into what you do on a day-to-day basis, I think is extremely important. One of the things that I did when I first came on and for those of you that don't know, I've only been at Optiv for 11 months and so I'm still fairly new. Of course, that newness is starting to wear off. I can't use it, I blame my newness anymore, right? But, you know, one of the first things I did was, you know, set up a three year roadmap.

And part of that was identifying gaps and utilizing tech rationalization to understand what the maturity level of my security stack and team was. Because those both go hand in hand. It's not just the tools but the team that you also have. And then secondly, meeting with the vendors on a regular cadence, you know, whether it be quarterly business reviews with them or even on a biannual, or excuse me, semi-annual basis to understand maybe what new capabilities that they have because you know, obviously new capabilities are being implemented in vendor roadmaps all the time. And I think it's important to understand where they're at, not just with the vendors that you currently have, but also vendors that you're considering. And part of that tech rationalization is doing an assessment of what you have if you do have a license coming up.

And so we've built that into our three year roadmap to say, Hey look, I have a license coming up for expiration. We need to start doing our assessment six to 12 months out so that way I can properly assess, you know, best of breed, does it make sense to stick with the vendor that we have or with the incumbent? Do I have a platform I can move to? What are our current use cases and how did our use cases change from when we first bought the tool? And am I really utilizing everything that I could be as part of that tool or capability? And then what is the right path forward? And then taking that rationalization, looking at that gap analysis and then, you know, implementing test cases into a test environment so that way you can truly understand what that tool does as far as your environment and how it meets those use cases. And I think to touch upon your earlier point with staffing, I think the two things that a lot of projects fail in and what we fail in and maybe is a security career field, is we don't put enough emphasis on professional services and training. And I think those are two things, especially in this resource constrained environment are gonna be pulled right off the bat is, well, you know, if you've already used on-prem Splunk, you're gonna have the knowledge to deploy it in Splunk cloud, right? Well, the capabilities there are totally different and it is a different tool. There's a lot of similarities there, but it is different enough to throw some wrinkles into your deployment.

So definitely look at professional services and definitely look at training and then fight hard to keep those because that's gonna help you with your ROI and really reduce the issues that you have long term. - Yeah, and I just think that, you know, just to add on the training, and it's a little bit of a sidetrack from the tech rationalization, but I think it plays in in the long term. You know, I'll say that that training DNA is so important to address the staffing is that, you know, being able to recruit security professionals from other groups is sort of a pet project of mine. You know, no one really, I mean a lot of security professionals that we know, you know, they didn't start out in security, but they somehow, some way they gotta start some way.

So being able to formalize that, to build that sort of foreign team of talent is something that's really, really important to me. I mean, I'd like to see that happen and ultimately having that training DNA for the tools that you have, the professional services, having that handholding, you know, it's not a sign of defeat, it is a sign of no, we wanna make this work. It is a pathway to success. The people who can help us the best are gonna be the integrators, the professional services, the vendors to see us through so that we're successful, so that we have something solid to learn from. So I really can't, that point about the training really, really resonates with me personally.

Yeah. - And Justin, I think especially when it comes to this tech rationalization piece, you know, I think what's important here is that, you know, you don't do it alone and you don't do it in a vacuum. There's other resources out there that can help you do that, whether it be other stakeholders in the process, such as IT or finance or legal, if you're dealing with privacy, that sort of thing. But also there's companies out there that can help you do these types of activities, like Optiv, right? And or even have the vendors help you out if you're looking to better leverage those tools. So you know, don't work in a vacuum and leverage the resources that you do have or reach out to try and get other resources to help you throughout the journey because it is a journey. And I don't think that, to your point Justin, it's a day-to-day activity that you need to bake into your processes so that way you're not looking at this as a one-time project, you're looking at it as a program and an ongoing activity.

- Yeah, for sure, for sure. I mean that's the great thing about being in security is that there is such a rich set of communities that are out there that are willing to help. I mean, I know we have Black Hat DEF CON coming in just less than a month now, but also, you know, your local ISSA chapter or ISAKA chapter or you know what have you there, OASP chapter, there are just communities out there that are probably facing the same kinds of challenges around tech rationalization, hiring, program optimization, you name it, where they're willing to help. And that's the great security is that, you know, we're sort of all in the trenches together, fighting the good fight and I just can't stress that enough. - Max, you mentioned earlier how working with the stakeholders, the other groups in the organization, how do you avoid internal politics when deciding on a tool to move forward? I feel like there's gonna be a lot of strong feelings on certain tools.

Maybe they've staffed up or just like it, right? Maybe it's their favorite. So how do you avoid it given your experience and what you've been doing internally at Optiv? - Yeah, and that's a good question. And you know, I'll be honest, I think in security, especially when you work at a company like Optiv, you have so many great vendors that you can choose from, so many great partners. And it really makes it a struggle at some point to really choose best of breed and to get with a vendor that can, you can really leverage to meet your use cases. And I think the most important thing here is you really follow a repeatable and sustainable process and that way you can generate the evidence out of it on how you came to a conclusion and that that conclusion on a decision is then either communicated in a decision memo or other means that really makes everything transparent as far as the process. And I think that's what's most important.

And you know, when it comes to the politics, I think the biggest thing here is that there's transparency throughout the process because that way there's, you know, people don't think that you're trying to hide something. It's not like you're trying to, you know, make one vendor, you know, your primary focus over another or that you like one vendor over the other. It is truly transparent and they can see how you came to that decision. And I think that's what's most important is transparency. - And I think just to a corollary to that Max, is the idea of for the organization, what is a true north that the greater team understands, and can the decision be made in context to that true north, you know, whether it is about something specific to the security program, maybe it is something specific to the way your red team operates or what have you, okay, what is the true north for that particular group of people? By the same extension, what is the true north for the organization from the CEO and the CTO and the CISO and everyone on down? What is that true north and how do these decisions line up to that direction? I think that's something that's really, really important to suss out because what we're seeing, what I see in a lot of the industry is, you know, the left hand doesn't know what the right is doing. And I think it's really, really dangerous in organizations and you read about it sometimes in data breaches and what went wrong and it's this lack of communication.

So I think again, having this rationalization process, being a discipline where you are checking in, where you are having that, if you don't know the left, if you don't have a good definition of what true north is, you at least have the working rapport to establish what that is and you have that working rapport to adjust what that is given the changes in circumstance. - Yeah, and Justin, I think that's a great point and I think honestly it's, you know, we talked about stakeholders, right? And making sure that you have the right stakeholders involved from the beginning and that they provide their input and that it aligns with what the business wants and needs, and making sure that what you are implementing makes sense for the business too, you know, so that way it's not just a security decision, you know, it's a business decision. And I think we need to understand that from a security perspective. You know, to Justin's point, it is a business decision when you decide to purchase a tool to implement certain things within your environment, right? Are you enabling the business or are you hindering the business by implementing certain things? And so having those stakeholders, having transparency, understanding what those priorities are and really understanding what that true north is, to Justin's point, I think is gonna help reduce the politics in those types of decisions and, you know, hopefully reduce the sway that it has in your decision as a security team too. - For the organizations looking to do this and start that conversation, who should that key group of stakeholders be that they agree on that true north? Who should they work with and keep in mind who can help them achieve this ultimate goal? I guess I'll go to Justin. - Yeah, this is something where, I mean, I think you gotta start from somewhere, right? If you are looking at, if you have been handed the difficulty of rationalization and let's just say, you know, someone says to you, Hey Jess, you know, this is the security program spent, we have to get the dollars down to this amount by December 31st.

Don't go at it alone. That's the first thing I'll say is being able to set up, who are the stakeholders that you are familiar with and start there. If you are working with procurement teams, if you are working with other lines of business, if you are working with legal teams to show privacy, product teams to show, you know, compliance, maybe you're responsible for soc two kinds of compliance and it's lines up with, you know, what the service offering is, start with those immediate stakeholders in the organization and don't make it your own solitary battle. I think this is, you know, the point of, you know, if you haven't set up this discipline of checking in with other lines of business, no time like the present to start. So that's what I would just say is that who you actually gather together is never necessarily set in stone. Like 'cause then you're just gonna create another committee and then that committee is gonna be somehow some way gonna be something that's gonna be bypassed eventually and it's not gonna be pretty.

So being able to have that flexible dynamic of checking in where it makes sense for the particular activity, I feel like that's where it's gotta start. - Max, any key people you've worked with internally that you found has been really useful in building out your solution strategy and getting visibility to all the tools that you could use. - Yeah, you know, for me I think primarily it's been IT, funny enough, I mean it's, you know, it makes sense. But you know, other parts of the business I think are key. I mean we have a part of the business where we're providing services to several different clients through, you know, their own environment, you know, whether it's AFC or some other services.

And you know, a lot of the decisions that I make will vastly affect what they do and how they interface with their clients. And so, you know, I don't start necessarily from the top. I reach out to the doers and I think, you know, to get a true ground level view of how this is going to affect them and to make sure that they have input on, you know, what's gonna happen within their environment. I mean, yes you do go up through the chain and make sure that the right executives are involved in that type of decision, but I think it's also important to get that ground level viewpoint on things. You know, I think a lot of what's missed when we look at stakeholders is your own security team.

You know, and it kinda makes sense, right? The end users of the product really need to have a very good sense of what you're looking to do. You shouldn't be doing it in a silo even within your own security team, right? And so if I'm like right now, we're going through our own budget exercise and the first thing that I asked the entire team in my last team meeting was, what do you think we need, and what capabilities do you see we're missing? What do you not like about our current tool set that you think we can improve upon? And what do you think we should be moving to? And what are we not considering? And I think those are the types of questions that you need to ask even of your own team that could help you in that journey and just know that the stakeholders involves everybody, even your own team at the lowest levels. You know, to Justin's point, I think, you know, we just need to make sure that we're not siloing ourselves, but also making sure that we're getting the right level of people involved, not just executives. And I think that's important too.

- For sure, for sure. That's a great, great point Max 'cause you know, you want to, as you build out these leverage points, there's nothing better than being able to have it reflect reality. And talking to the doers, talking to the folks that are getting stuff done has so much weight to that story, to that desired leverage. I just think that that's a great point that you brought up. - So the final question here, what gets you excited about technology rationalization? I think when people first hear about it, they think, oh, it's cost cutting, it's removing capabilities, but what do you see Max as the opportunities here with it? - Well, you know, look, I think it's a way of life honestly. And you know, when I first started in security, funny enough I was selected to be our six Sigma rep for our security organization.

And so that, you know, that whole constant improvement or kaizen is really needs to be integrated into your day-to-day activities. And so I see several takeaways from tech rationalization and what you need to be looking at. Don't look at it as a cost cutting measure, you know, I think first and foremost. I think that is a benefit that comes out of it possibly.

But you could also, you know, depending on the capabilities that you see that you need, it could be an increase in cost in some instances, right? Maybe it makes total cost of ownership is cheaper, but it may have a higher upfront cost. So, you know, I wouldn't look at it necessarily just as a cost cutting measure. But I think there's some several things that you can glean out of tech rationalization and that is tech or security stack simplification. You can look at reducing redundancies in capabilities, which I think is also extremely important. How do you reduce that overlap in capabilities and how do you leverage what you currently have, which could be a cost savings. Increasing your efficiency as a security team.

We talked about staffing difficulties and it's always good to look at where you can leverage efficiencies, where you can. Improve your ROI on the things that you do have. And I think as a CISO that's one thing, again, we go back to that business acumen and making sure that we are reporting good metrics where we can, and then also includes increasing your ROI when you do so that way the board or your senior leadership or executive leadership understand where you're going with your security program. Most importantly, you get to identify gaps and fill those gaps and make your security program better. Which I think is probably the best benefit out of this is really improving your security program and increasing stakeholder involvement and increasing collaboration throughout this entire process. - Yeah, I mean there's so much, I think Jon, to the point, the glass is half full in my mind when I hear tech rationalization because you're ultimately, you're improving the security program so that you can improve the business, so that when the next set of opportunities come around the enterprise, your company, they can act on it.

And I think that is something where, you know, we might have some turbulence in our economy today, but I think that the long term view of where we are with so many technology that are out there, not just, you know, generative AI, which is sort of the buzz de jour today, but, you know, I think about all the other kinds of things that's just happening in innovation across technology, not just within security. You want to have your company, your organization, your team, you be in the position to be able to take advantage of that. And so not being encumbered and not being burdened by, you know, things that I should have taken care of or I should have optimized a long time ago, you know, burden you for future pursuits. I think that that's so important to be able to proactively engage that today. - Yeah, absolutely agree with everything you just said, Justin.

That was great. - Justin, Max, thank you all for your time. I really appreciate the insights.

I think everyone has something to take away with this and now we see why it's such a interesting conversation happening in the marketplace. I think the time is right for it, right? And there's a lot of things people can do with it. So thank you for your time Justin and Max.

Really appreciate it. And thank you to all of those watching. Thank you for joining Optiv for our discussion.

If you're interested in learning more about technology rationalization, please visit optiv.com and we'll see you all next time on Optiv's next LinkedIn live. - Grateful to have been with you. - Thank you. - Thank you so.

2023-08-17

Show video