History is rife with examples of enterprising salesmen rushing into lucrative markets to fill a void, real or perceived. Contractors and roofers who work the hurricane and tornado circuits, lawyers pitching the massive settlements they’ve secured for their clients, and even gameshow hosts selling reverse mortgages and arthritis balms. Like the Wizard in Oz, when you pull the curtain back, it’s a simple snake oil salesman with a good story. And the cybersecurity world has been a growth industry for those who overpromise but underdeliver.

Testing A Bulletproof Vest With A Water Gun

Gizmodo recently ran a story about the prevalence of such operations, including the perspective of an industry veteran in the pen-testing arena. The long and short of it, from his perspective, is that the promise of absolute security is a pipe dream, and those who guarantee it are naive at best and scammers at worst. But most consumers, even the most gifted inhabitants of the C-Suite, would have difficulty discerning the sincerity from the snake oil, especially since the promise of security is only truly disproven when things go south. The hard truth is there are no magic formulas or fixes. Your security requires steady vigilance with the flow of fresh eyes and ideas, and even that offers no bulletproof vest.

A True Partnership

Just as it is true that one solution doesn’t fit all problems, it is also true that there is a finite spectrum of cybersecurity threats, most variations on a handful of exploits. Experience gained over time is one of the quiet assets of ICS. We might not have seen it all, but we’ve seen enough to know where to look. And sometimes a fresh perspective is all it takes to dodge a bullet.