Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon

In my previous column, I discussed the importance of knowing your audience when speaking to security practitioners.  I touched on a few practical points that vendors can leverage to show their prospects that they know how to walk the walk and not just talk the talk.  It occurred to me that it would also be interesting to look at this issue from the opposite angle – that of the security practitioner.

Along those lines, I’d like to offer some tips to my past self – when I was an operational security practitioner.  How could I have been more astute and known when I was dealing with someone who truly had something to offer me, rather than someone who was merely a fast talker?  Here are seven possible ways:

1. Word soup: Do you find that the person you are dealing with has a more than ample supply of words, yet you are struggling to discern any meaning from all of them?  One of my favorite jokes goes a bit like this: “Sometimes I use big words I don’t fully understand in an effort to make myself sound more photosynthesis.”  All joking aside, this is a very common technique. Fast talkers will throw words at us faster than we can process them. Their hope is that we will feel intimidated and shy away from asking for clarity. Don’t fall for it – ask the person you are speaking with to speak clearly and concisely. If they can’t convey their meaning clearly in just a few words, chances are you’re dealing with a fast talker.
2. Big promises: As the saying notes, talk is cheap. Action requires far more effort than talk does, and accomplishing a goal requires a series of premeditated actions. We’ve all found ourselves talking to people who make promises we like to hear. The question is, do we take the time to observe who follows through and who does not?  If we did, we would likely learn who is big on promises and small on follow through versus who gets the job done for us time after time.  Those that can repeatedly deliver are the ones that have something of value to offer us.
3. Cliches: “Think outside the box.”  “Play your cards right.”  “Grab the bull by the horns.”  “Push the envelope.”  You get the idea. There are some fun cliche catch phrases out there for sure. They can be leveraged strategically from time to time to emphasize a point or to put something in familiar terms for the audience.  Beware though that overusing cliches is a common distraction tactic for fast talkers.  Cliches are often used to get the listener to let their guard down, which usually causes that person to listen less critically. Thus, it is no surprise that fast talkers leverage this technique when looking to run away from tough questions around functionality, strategy, plans, timelines, and the like.
4. Monopolizing discussions: Few meetings are open-ended – most of them have a prescribed start and stop time.  In the case of a fast talker, when the person does not have such insightful or informative answers to provide, they are often looking to monopolize as much time as possible during the meeting.  Thus, it is no surprise that fast talkers are often looking to dominate the floor during a meeting.  Doing so allows them to fill the time with what the words and the messages they’re comfortable with, without having to expose themselves to tough dialogue and pointed questions.
5. Over-complimenting: Complimenting people is a great way to get them to let their guard down. All the more so when over-complimenting them. While some people are aware of this tactic when it is being used on them, many people are not. That is what makes it an effective technique that many fast talkers use. Beware when there is more focus on flattery than on problem solving. It could be a red flag.
6. Something doesn’t add up: I’m sure we’ve all experienced people say something one minute and then something that seems to contradict that earlier statement the next minute. Of course, sometimes people misspeak or recall something incorrectly. If this is a repeated pattern that you notice when speaking to someone, look out. Saying what needs to be said in the moment is part of the fast talker’s repertoire.  The trouble with that is that after enough time, the astute listener will begin to notice that things aren’t adding up.  For example, a fast talker may say that they have been working in a given field for X number of years. A few minutes later, they may say that they were working in a different field at a time that was during that same time period. It’s easy to miss details like this, but if you pick up on them, it can help you assemble the puzzle pieces and realize that you are dealing with someone who isn’t telling it like it is.
7. Swiping: Some people have the ability to see right through a fast talker. You might not be surprised to learn that fast talkers don’t like this – they feel threatened by it.  As a result, fast talkers often get reactive when someone questions incongruous statements they may have made or attempts to dive deeper or probe into one or more claims or statements they may have made.  If you ask a real question of your meeting counterpart and find yourself getting swiped at in return, be aware that you may have a fast talker on your hands.

Most security practitioners are bombarded by pitches on a regular basis.  There are a lot of amazing security professionals out there, whether they work on the operational side or on the vendor side. Every so often, however, we encounter a fast talker.  It is important to understand how to know when we have, so that we can adjust our approach accordingly.  As a security industry, it is far more productive for us to focus our energies on those professionals among us who know how to walk the walk.

Related: Are Cybersecurity Vendors Pushing Snake Oil?

Related: Can You Trust Security Vendor Surveys?