The Infosec Cold Call
WorkI get asked occasionally about ways to improve corporate information security or what kinds of things get easily missed, and while I’m no expert, and there are an endless number of little things you can miss these days, there’s one way I rarely hear mentioned and I like to remind technical leadership about:
Don’t talk to security sales cold calls!
Studio71, where I’m the CTO, isn’t some huge enterprise company or constantly in the news garnering press and attention, and yet I still get at least a couple of these kinds of calls every week.
ring
Me: “This is Mike Flynn”
Them: “Hi, this is ____ from WhateverSec. I just have a few questions for you.”
Me:
“Ok, but I really need to go.” (No I don’t.) Them: “Sure, I’d just like to tell you about our new AI-powered blah blah crypto currency security solution. Let me ask you, what are you doing now for your corporate security?”
Me: “Ah, we’re happy with our current solution.”
Them: “What is your current solution? What kind of firewall are you currently running in your office? Are you using any monitoring devices on the network?”
Me: “I’m not going to detail our security infrastructure over the phone to someone I don’t know.”
Them: …
Them: “Ok, right. That makes sense.”
Me: “Thanks for calling, but I have to go.” (No I don’t)
click
How many people do you think happily gave up the brand of firewall…maybe the software version…maybe the network appliances they have at their office? A lot, I bet…but please don’t. What this person trying to research a hack? Honestly, probably not, but it only takes one, and even if they are legit they don’t need to know anything anyway. Oh, did they say they were from Rapid7 or another established company? No they weren’t because they usually don’t ask those kinds of questions, but even if they did, it doesn’t matter.
Feel free to buy whatever it is they have to sell, but whatever it is they don’t need to know your security infrastructure to sell it!
Related Posts
Hacking the STLToday Paywall v2025
Welcome back to our continuing series of breaking new STLToday paywall versions. Want to hear something crazy? We’ve been doing this for over 10 years now! Or to put it another way, STLToday.com, the website for the St. Louis Post Dispatch, has been using a paywall for over a decade, and they haven’t been able to make one that isn’t cracked in a matter of minutes.
Read moreMy Current AI Workflow
Sometimes, after rebutting someone’s extreme exuberance over AI or cracking a joke, I feel like people may assume that I don’t like AI or I never use it. That’s not the case at all! I do use it and I integrate it (or advocate for its use) in my CTO role at Ten2 and when consulting but I do take care to use it in situations that make sense, such as text generation, and not places where it doesn’t make sense, such as decision-making.
Read moreLinkedIn is Going Great
🚨🔥AI will obviously solve everything because hype is never ever wrong. Do you want to know a thing that will help you?! I have an AI thing that does stuff like, I don’t know, let’s say sales or marketing…whatever. It’s amazing though and it won’t be replaced in a matter of days by a new model.
Read more