Being in a leadership position for a large company, I get bogged down with phone calls beyond belief from security vendors that have the magic solution for all the worlds security problems. It's gotten to the point where I answer zero phone calls in the office and ignore pretty much anything coming in. I decided to do a fun little capture of how many security vendor calls I get. These range from DLP, APT, GRC, PCI, consulting, and everything else under the sun. I am very much against the purchasing of products to solve a need. That's not saying all products are evil (although 99 percent are). If you have a program that is mature in nature and there is some sort of automation that can be applied to make things easier, then I'm all for purchasing a tool. If you don't have a program, your just throwing your money away. There is no APT Preventer 2000XLS piece of hardware that will solve your APT needs. Most of us know this but the industry around product sales continue to have record growth. The folks that are building security programs the right way are practically minimum wage and the ones that make shiny appliances with slick interfaces make millions. Anyways... Here's my results for a two week timeframe. Week 1 - 37 calls for security related vendors - 28 of them left voicemails Week 2 - 42 calls for security related vendors - 36 of them left voicemails Think about fielding that type of calls. Most want an hour of my time. 36 hours is almost an entire work week just talking to vendors. A lot of people I know fall into this circle of life.. Security folks... When are you going to get out of this malicious cycle by feeding into false prophets. Stop spending and focus on developing programs. Remember, there is no silver bullet for security, it actually requires *hard work*. Anyways, back into hiding.