Sara Madden

hire and deploy all the controls.

And you're not going to mess with that in the middle of a one or two year license.

And so came up for renewal last year with most of our three year vendors, and I put them in either one or two year licenses intentionally for that that reason.

But you run into a situation where you have to continually air your grievances with your vendors to force them to do the right things.

And you leverage the stick of I won't renew, right?

We're in challenging times where the majority of the tool sets that we have are SaaS products and they're going up and down.

They're unavailable a lot.

I think product development has taken a shift where we used to do N minus one because you don't trust the latest release.

And we've got tons of vendors now that are saying, don't trust until I have like a preferred release.

And that could be months, if not quarters, if not nine months out.

So I've been pressing a lot of vendors lately of just sticking to fundamentals of software development and being confident about the software that you ship to us.

And if you get into a situation with your vendors where they're shipping product that isn't stable, isn't good, is causing issues, I'm all over them all the time now because I think we're taking a shift into...

low quality releases.

And this is across most of the vendors we have in our tool set right now.

It's happening across the board.

So I'm pushing on that a lot as a CISO because I don't want that to be like a new normal.

We can't get ourselves into a situation where we used to be an N minus one and we thought that was okay.

And then we're dragging further beyond that.

Like that's not a good position for us to be in.

Right.