Other PrODuctS 245
rubbish. But how will the organization identify the good from the
bad? ey need an experienced security manager or architect to work
with security analysts (as opposed to IdM or SIEM consultants or
self-proclaimed “subject matter experts”) with deep technical skills to
look at the tech side of the products (as in do the products deliver what
is promised by the vendor, and what is the potential resource require-
ment for the company?), and then armed with the necessary tech info,
some thinking can be put into the business case. e security products
industry is only as big as it is because the aforementioned product
evaluation activities are rarely undertaken on the buying side of the
equation. e reason? e major theme in ...