The Infosec Cold Call

  • February 14, 2020
Work

I get asked occasionally about ways to improve corporate information security or what kinds of things get easily missed, and while I’m no expert, and there are an endless number of little things you can miss these days, there’s one way I rarely hear mentioned and I like to remind technical leadership about:

Don’t talk to security sales cold calls!

Studio71, where I’m the CTO, isn’t some huge enterprise company or constantly in the news garnering press and attention, and yet I still get at least a couple of these kinds of calls every week.

ring

Me: “This is Mike Flynn”

Them: “Hi, this is ____ from WhateverSec. I just have a few questions for you.”

Me: “Ok, but I really need to go.” (No I don’t.)

Them: “Sure, I’d just like to tell you about our new AI-powered blah blah crypto currency security solution. Let me ask you, what are you doing now for your corporate security?”

Me: “Ah, we’re happy with our current solution.”

Them: “What is your current solution? What kind of firewall are you currently running in your office? Are you using any monitoring devices on the network?”

Me: “I’m not going to detail our security infrastructure over the phone to someone I don’t know.”

Them: …

Them: “Ok, right. That makes sense.”

Me: “Thanks for calling, but I have to go.” (No I don’t)

click

How many people do you think happily gave up the brand of firewall…maybe the software version…maybe the network appliances they have at their office? A lot, I bet…but please don’t. What this person trying to research a hack? Honestly, probably not, but it only takes one, and even if they are legit they don’t need to know anything anyway. Oh, did they say they were from Rapid7 or another established company? No they weren’t because they usually don’t ask those kinds of questions, but even if they did, it doesn’t matter.

Feel free to buy whatever it is they have to sell, but whatever it is they don’t need to know your security infrastructure to sell it!

Related Posts

Apple Intelligence Summaries Are a Mess

Jason Snell over at Six Colors takes Apple to task over the current state of their Apple Intelligence notification summaries. He’s 100% right. They are bad, especially when summarizing news, and that’s unacceptable even with the “beta” tag. Take a look at his included example: A non-apology and the promise of a warning label isn’t enough.

Read more

Thoughts on Apple Bloggers and Vision Pro Coverage

I posted this on Mastodon, but I figured I would cross-post it here as well. I wonder if we’re headed for a weird place with the #Apple Blogosphere (AKA the Apple Blog Mafia). All of the main players are talking about Vision Pro all the time and saying things like “I lose track of time in here!

Read more

The Simple Pleasures of a Mobile Office Whiteboard

I’ve built a lot of stuff for my home office over the last few years of working from home, but my current favorite is something so simple: A custom rolling whiteboard A couple of weeks ago I gave myself a Saturday challenge to take my existing old whiteboard and build a rolling stand for it only with materials I had in my workshop.

Read more