Subscribe for our Newsletter

In order to comply with privacy regulations in the European Union we’ll need you to provide consent before confirming you to our email list:

I consent to receive newsletter emails about our content and services.

We’ll send you occasional emails about new episodes, blogposts, partnerships and they might contain promotional content.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

If a tree falls in the forest does it make a sound?

July 6, 2021
Evgeniy Kharam
VP of Solution Architecture

If you are not around to observe an event or to validate it, how would you know it happened? One popular debate is if a tree falls in the forest and no one is around to hear the sound of the tree falling, does it really make one?

I will argue that, as we like to say in cybersecurity, “it depends”. Now, why are the trees, the forest, and the lack of people and sound related to cybersecurity?  

In my career, I have had the opportunity to talk to many vendors, as part of my job at HerjavecGroup and also as part of the Security Architecture Podcast. I see many great people and many ideas, and in many cases, the vendors have a great product, but they are failing to tell the world about it, as they make the assumption that people will eventually see their product and will be deeply impressed. Such an approach may have worked 10 or 15 years ago, but with more than 3500 cyber security vendors on the market, it will not be an effective one now. There is a lot of hype around vendors’ capabilities, but it's very hard to demonstrate the great work a vendor can do. It’s similar to a tree falling in the forest but no one is there to record it and to see if it made a falling sound or not.

I can probably end it here since my point is made, but I feel I need to provide more examples to help vendors better showcase their products. I believe it is very important to scream at the top of one’s lungs about the merits of a product, to make sure potential customers will be aware of them. This does not mean that you need to sacrifice the quality of the product. It means taking a different approach.

Cybersecurity practitioners tell companies that they need to include cybersecurity in the beginning of a new project and not try to duct tape it after that. In a similar vein, product vendors need to work on how they will go to market with their product and allocate a budget for marketing alongside the product development budget. For instance, they might want to create a list of podcasts to present their approach on how their product would solve a particular problem- or they might want to find industry experts to blog about their products. By marketing their vision early, the brand will be better known and customers’ awareness of the values of the product increases.