As a CISO for a large enterprise, many times my first engagement with members of our internal teams was when they approached my team for assistance with evaluating the security of a vendor they were considering.  They worried that if they didn't involve us early enough, they would reach a point where a tool had been selected, but the security team wouldn't sign-off on it, resulting in many wasted hours of effort.  The challenge on my side was always that often times the team had multiple vendors they were evaluating at that point, and performing these risk assessments was a fairly time-inte

Subscribe to csa