An InfoSec idea so good that it could grow hair even on Bruno Mars’ chest!

We’re continually asked, “How do you guys pick the products you do?”  When I’m back home in Texas or visiting my parents in Georgia, the question is a little different…  “How Y’ALL do what you do?”  (I much prefer the latter.)


We hope that laying out our process will give you insight about how to plan your own technology strategies and even how you manage your career & where you spend your time.


We start with research.  And no, we don’t start with Gartner, although their cool vendors & vendors to watch lists are pretty insightful and helpful.  They do a very good job there.  We have about 15 sources we watch, from a Boston-area venture capital publication to some sources in Silicon Valley to popular industry publications and a few others.


What keeps popping out of our selection process, is that we’re stumbling onto a lot of “game changers”.


The technologies we integrate must meet the following criteria:

  1. 80% of an IT security budget goes to “legacy technologies” – Cisco, McAfee, HP, Microsoft, Check Point, etc.  But the IT group spends 80% of its time/attention/frustration filling the gaps of those same technologies.  Our objective is for our solutions to leverage that 80% spend and make it more effective.
  2. Radically reduce the number of FTE’s, resources and/or time required to deploy & support.
  3. No “forklift replacements”!  Complement the existing investments into infrastructure, tools, people, knowledge & processes.
  4. We factor in each company’s leadership, culture, investors, customers, & product architecture/scalability/vision.
  5. It has to fit our focus on network/mobile/endpoint/cloud security.
  6. And, oh yeah, and to be blatantly honest … It helps us keep putting grub on the table.  We’d like to be doing this for a while and be able to relax on rainy Saturday afternoons in front of the biggest big-screen TVs we can show off to our friends.

There are some other factors such as…

  1. How quickly can its value be recognized by our customers?
  2. How much time will be needed by our customers to evaluate it?
  3. To what degree does it provides visualization into status/activity & promote actionable responses?
  4. How does it align with the compliance & reporting requirements?  We acknowledge that “marking off check boxes” isn’t the only areas where we should be focused.
  5. Does it serve a dual purpose that serves both security and compliance (or some other function)?


Two fundamental beliefs at InterWorks are that “Everything is a process!” and that “We’re ridiculously curious about how to improve things.”  Soooooooo… if you have ANY ideas about how we might improve our selection process or criteria, we’re 100% open to hearing about it.  We’re even willing to buy you a cup of coffee (or extremely strong adult beverage) to rap about it extensively.  Let us know!

Leave a Comment