Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon

As a security industry, we need to focus our energies on those professionals among us who know how to walk the walk.

In my previous column, I discussed the importance of knowing your audience when speaking to security practitioners.  I touched on a few practical points that vendors can leverage to show their prospects that they know how to walk the walk and not just talk the talk.  It occurred to me that it would also be interesting to look at this issue from the opposite angle – that of the security practitioner.

Along those lines, I’d like to offer some tips to my past self – when I was an operational security practitioner.  How could I have been more astute and known when I was dealing with someone who truly had something to offer me, rather than someone who was merely a fast talker?  Here are seven possible ways:

  1. Word soup: Do you find that the person you are dealing with has a more than ample supply of words, yet you are struggling to discern any meaning from all of them?  One of my favorite jokes goes a bit like this: “Sometimes I use big words I don’t fully understand in an effort to make myself sound more photosynthesis.”  All joking aside, this is a very common technique. Fast talkers will throw words at us faster than we can process them. Their hope is that we will feel intimidated and shy away from asking for clarity. Don’t fall for it – ask the person you are speaking with to speak clearly and concisely. If they can’t convey their meaning clearly in just a few words, chances are you’re dealing with a fast talker.
  2. Big promises: As the saying notes, talk is cheap. Action requires far more effort than talk does, and accomplishing a goal requires a series of premeditated actions. We’ve all found ourselves talking to people who make promises we like to hear. The question is, do we take the time to observe who follows through and who does not?  If we did, we would likely learn who is big on promises and small on follow through versus who gets the job done for us time after time.  Those that can repeatedly deliver are the ones that have something of value to offer us.
  3. Cliches: “Think outside the box.”  “Play your cards right.”  “Grab the bull by the horns.”  “Push the envelope.”  You get the idea. There are some fun cliche catch phrases out there for sure. They can be leveraged strategically from time to time to emphasize a point or to put something in familiar terms for the audience.  Beware though that overusing cliches is a common distraction tactic for fast talkers.  Cliches are often used to get the listener to let their guard down, which usually causes that person to listen less critically. Thus, it is no surprise that fast talkers leverage this technique when looking to run away from tough questions around functionality, strategy, plans, timelines, and the like.
  4. Monopolizing discussions: Few meetings are open-ended – most of them have a prescribed start and stop time.  In the case of a fast talker, when the person does not have such insightful or informative answers to provide, they are often looking to monopolize as much time as possible during the meeting.  Thus, it is no surprise that fast talkers are often looking to dominate the floor during a meeting.  Doing so allows them to fill the time with what the words and the messages they’re comfortable with, without having to expose themselves to tough dialogue and pointed questions.
  5. Over-complimenting: Complimenting people is a great way to get them to let their guard down. All the more so when over-complimenting them. While some people are aware of this tactic when it is being used on them, many people are not. That is what makes it an effective technique that many fast talkers use. Beware when there is more focus on flattery than on problem solving. It could be a red flag.
  6. Something doesn’t add up: I’m sure we’ve all experienced people say something one minute and then something that seems to contradict that earlier statement the next minute. Of course, sometimes people misspeak or recall something incorrectly. If this is a repeated pattern that you notice when speaking to someone, look out. Saying what needs to be said in the moment is part of the fast talker’s repertoire.  The trouble with that is that after enough time, the astute listener will begin to notice that things aren’t adding up.  For example, a fast talker may say that they have been working in a given field for X number of years. A few minutes later, they may say that they were working in a different field at a time that was during that same time period. It’s easy to miss details like this, but if you pick up on them, it can help you assemble the puzzle pieces and realize that you are dealing with someone who isn’t telling it like it is.
  7. Swiping: Some people have the ability to see right through a fast talker. You might not be surprised to learn that fast talkers don’t like this – they feel threatened by it.  As a result, fast talkers often get reactive when someone questions incongruous statements they may have made or attempts to dive deeper or probe into one or more claims or statements they may have made.  If you ask a real question of your meeting counterpart and find yourself getting swiped at in return, be aware that you may have a fast talker on your hands.

Most security practitioners are bombarded by pitches on a regular basis.  There are a lot of amazing security professionals out there, whether they work on the operational side or on the vendor side. Every so often, however, we encounter a fast talker.  It is important to understand how to know when we have, so that we can adjust our approach accordingly.  As a security industry, it is far more productive for us to focus our energies on those professionals among us who know how to walk the walk.

Related: Are Cybersecurity Vendors Pushing Snake Oil?

RelatedCan You Trust Security Vendor Surveys?

Written By

Joshua Goldfarb (Twitter: @ananalytical) is currently Global Solutions Architect - Security at F5. Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights