The Infosec Cold Call

  • February 14, 2020

I get asked occasionally about ways to improve corporate information security or what kinds of things get easily missed, and while I’m no expert, and there are an endless number of little things you can miss these days, there’s one way I rarely hear mentioned and I like to remind technical leadership about:

Don’t talk to security sales cold calls!

Studio71, where I’m the CTO, isn’t some huge enterprise company or constantly in the news garnering press and attention, and yet I still get at least a couple of these kinds of calls every week.

ring

Me: “This is Mike Flynn”

Them: “Hi, this is ____ from WhateverSec. I just have a few questions for you.”

Me: “Ok, but I really need to go.” (No I don’t.)

Them: “Sure, I’d just like to tell you about our new AI-powered blah blah crypto currency security solution. Let me ask you, what are you doing now for your corporate security?”

Me: “Ah, we’re happy with our current solution.”

Them: “What is your current solution? What kind of firewall are you currently running in your office? Are you using any monitoring devices on the network?”

Me: “I’m not going to detail our security infrastructure over the phone to someone I don’t know.”

Them: …

Them: “Ok, right. That makes sense.”

Me: “Thanks for calling, but I have to go.” (No I don’t)

click

How many people do you think happily gave up the brand of firewall…maybe the software version…maybe the network appliances they have at their office? A lot, I bet…but please don’t. What this person trying to research a hack? Honestly, probably not, but it only takes one, and even if they are legit they don’t need to know anything anyway. Oh, did they say they were from Rapid7 or another established company? No they weren’t because they usually don’t ask those kinds of questions, but even if they did, it doesn’t matter.

Feel free to buy whatever it is they have to sell, but whatever it is they don’t need to know your security infrastructure to sell it!

Related Posts

Thoughts on Apple Bloggers and Vision Pro Coverage

I posted this on Mastodon, but I figured I would cross-post it here as well. I wonder if we’re headed for a weird place with the #Apple Blogosphere (AKA the Apple Blog Mafia). All of the main players are talking about Vision Pro all the time and saying things like “I lose track of time in here!

Read more

The Simple Pleasures of a Mobile Office Whiteboard

I’ve built a lot of stuff for my home office over the last few years of working from home, but my current favorite is something so simple: A custom rolling whiteboard A couple of weeks ago I gave myself a Saturday challenge to take my existing old whiteboard and build a rolling stand for it only with materials I had in my workshop.

Read more

I Made Myself a JARVIS Over the Weekend

With some spare parts, a USB speakerphone, and my Home Assistant server, I was able to make a competent JARVIS for my home office over the weekend…and the exciting part is that it’s only going to keep getting better! Last year was the “Year of Voice” for Home Assistant, the open source home automation platform, and the team accomplished a ton of work that enables Home Assistant users to make their own voice assistants.

Read more