CyberWire Daily Why is the vendor role so contentious in the cyber ecosystem? [CISOP]
Mar 27, 2026
A candid look at why relationships between security teams and vendors have become strained. Stories about mismatched incentives, communication gaps, and trust issues. Practical expectations for clearer contracts, honest dialogue, and realistic engagements. A call for mutual respect and better alignment to reshape the cyber ecosystem.
AI Snips
Chapters
Books
Transcript
Episode notes
Colleague Lost CISO Access After Joining A Vendor
- Kim Jones recounts a friend-turned-vendor who was ostracized after leaving a CISO role and lost access to CISO events and meetings.
- The story illustrates how peers can treat former colleagues as 'just another vendor' despite prior relationships, creating friction when people change roles.
Egoism Of Motivation Drives Vendor Distrust
- Kim Jones labels part of the problem as 'egoism of motivation' where CISOs and vendors have different driving motivations and expectations.
- CISOs value service and mission-driven motives, while vendors often prioritize profit and quota, creating distrust.
Truth Standards Differ Between Geeks And Non Geeks
- Jones cites Paul Glenn's 'contractium' about lying to explain cultural gaps: geeks see truth as sacred while non-geeks treat exaggeration as normal speech.
- This mismatch makes CISOs find vendors disingenuous and fuels lengthy fact-checking after vendor pitches.
