tag:blogger.com,1999:blog-13756280.post4824717669789385033..comments2024-02-08T03:44:23.780-08:00Comments on Jeremiah Grossman: Outsourcing and Top-Line Security Budget JustificationJeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comBlogger10125tag:blogger.com,1999:blog-13756280.post-82010392289776791812009-09-08T13:35:20.484-07:002009-09-08T13:35:20.484-07:00@Heidi, that is great, thank you for sharing. Very...@Heidi, that is great, thank you for sharing. Very interesting that they know enough to ask for a current pen-test report.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-54084072377754803592009-09-08T13:10:14.273-07:002009-09-08T13:10:14.273-07:00I won't mention our name on here, but if you h...I won't mention our name on here, but if you have more questions feel free to contact me directly.<br /><br />Or, you could send them over to Ireland with Tom Brennan - I'm speaking at the same conference as him on Thursday here in Dublin!<br /><br />DaveDavid Rookhttps://www.blogger.com/profile/17825866700317798112noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-47486499850956971222009-09-08T11:37:17.184-07:002009-09-08T11:37:17.184-07:00Customers are asking first for certifications and ...Customers are asking first for certifications and associated paperwork (aka SAS-70, Cybertrust cert), second they ask for vuln test results within 3 months currency, third they usually hit us with a questionnaire that is a variant of PCI. That's about all the detail I can go into.Planet Heidihttps://www.blogger.com/profile/07887831060071362491noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-10751967868309847122009-09-08T10:41:25.293-07:002009-09-08T10:41:25.293-07:00Talk about a security success story. Wow, well don...Talk about a security success story. Wow, well done! Feel free to name drop the company if you feel so inclined.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-50445391748023940392009-09-08T10:21:43.963-07:002009-09-08T10:21:43.963-07:00Hi Jeremiah,
Not quite yet but with the effort we...Hi Jeremiah,<br /><br />Not quite yet but with the effort we are putting into it I imagine we will see security effectively pay for itself through increased sales. Another one or two big clients who move to us for our security expertise and processes and that would definitely be true.<br /><br />I don't have any hard facts for that yet but I will keep an eye on it.<br /><br />DaveDavid Rookhttps://www.blogger.com/profile/17825866700317798112noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-43691323887687527132009-09-08T10:16:47.184-07:002009-09-08T10:16:47.184-07:00@David that is great! So in many ways are you seei...@David that is great! So in many ways are you seeing security pay for itself with respect to increase in sales?Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-52520721483730972852009-09-07T08:59:11.927-07:002009-09-07T08:59:11.927-07:00Hi Jeremiah
We are seeing security increasingly u...Hi Jeremiah<br /><br />We are seeing security increasingly used as a unique selling point for us as a company.<br /><br />We are in the process of signing a major client who's reason for outsourcing is security/risk related. They came to our offices and spent more time questioning/chatting with the security team than any other area.<br /><br />We find the fact that we have security (and development staff) involved in security projects such as OWASP and presenting at places like DEFCON a definite USP in our market space (payments BTW).<br /><br />We are seeing more and more people actually not accepting PCI compliance as enough assurance anymore. They want to see how we address the common flaws in our market space (secure app development being right up there) in a way which shows expert level security knowledge and processes above and beyond a compliance standard.<br /><br />In short, we invested heavily in security (even to the point that it is now a company value) because it not only keeps us in business but it clearly can win us business as well.<br /><br />DaveDavid Rookhttps://www.blogger.com/profile/17825866700317798112noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-88550238546427361482009-09-04T08:52:59.448-07:002009-09-04T08:52:59.448-07:00@Heidi, what types of security questions are custo...@Heidi, what types of security questions are customers asking? What assurances are they expecting? Whatever details you could provide would be quite helpful.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-75558154656265386182009-09-03T20:12:39.983-07:002009-09-03T20:12:39.983-07:00What she said. Suspect this is strongest in fin s...What she said. Suspect this is strongest in fin svcs and medical/pharma.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-13517792816484571142009-09-03T20:04:48.862-07:002009-09-03T20:04:48.862-07:00Absolutely. We're a Web financial SaaS provid...Absolutely. We're a Web financial SaaS provider and we're very much under the audit microscope from prospective and current customers. Good security means faster sales.... I've got testimonials from the sales team to prove it.Planet Heidihttps://www.blogger.com/profile/07887831060071362491noreply@blogger.com