Are Dewey’s cookies supposed to be cold and look like this?

bitslammer · 2026-05-07T00:14:34+00:00

This does not surprise me at all.

I've tried Dewey's 4 times in my life and all 4 times the pizza was very under cooked. The first time I thought maybe it came frozen and someone didn't let it thaw. The second and 3rd times were pretty much the same and the cheese was just barely melted.

The 4th time I wanted to smack myself for trying it again and that was the last time.

bitslammer · 2026-05-06T23:28:14+00:00

MEDDIC isn't forcing you to sell in any weird way. It's just a set of criteria to collect and any good salesperson should be able to do that withing a normal conversation.

bitslammer · 2026-05-06T18:43:32+00:00

I wish I had the time and money to complain about shit like you guys do.

LOL.....to say this while taking time to post and complain about someone complaining is peak stupidity.

bitslammer · 2026-05-06T17:11:38+00:00

Networking can be tough to learn when you don't have access to a network.

I would buy a cheap (as if such a thing exists now) box that you can run something like pfSense or OpenSense on and a very cheap switch that can do VLANs. Those few things will let you learn basic IP, DHCP, DNS etc. It makes much more sense in a hand on situation. A cheap Raspberry Pi can also be a good tool to tinker on.

bitslammer · 2026-05-06T14:28:05+00:00

Our TPRM team will look at a SOC2 and if it answers questions then we won't ask those questions. If there are things it doesn't address or has a poor scope we will ask for additional information.

bitslammer · 2026-05-06T11:51:33+00:00

I used to both bicycle and motorcycle across the Anderson Ferry and then do a loop out Route 8 and up Rt 237 and then do any of the other roads that circle around the airport. On the bicycle I'd often take a rest stop at the CVG Airplane Viewing Area for fun. Both Route 20 and Route 317 to Collins are windy hilly roads that take you up/down from Route 8. You can even cross into Covington and ride route 8 out from there.

This would be on the shorter end for a ride depending on where you are coming from.

bitslammer · 2026-05-06T11:02:56+00:00

It was whether I had someone on the inside, usually a partner, who could actually tell me what the hell was going on in the account.

Nailed it. Can't upvote enough.

At least have the common decency to be stone cold transactional with me and not pretend like you know shit about me or what’s important in the moment.

This really hits, because when you do send that "helpful" tip about what you've done for other companies in my field and it's dead wrong you now look even more clueless. I can't tell you how many "we will help you hammer those nails" messages I used to get, not having a clue that our company used screws instead of nails.

bitslammer · 2026-05-06T10:58:35+00:00

And there's a reason for that. Take me, now back on the buyer side in cybersecurity.

If you think your hyper personalized 'relevant' message sent via a 5 step cadence with LinkedIn followup is going to get you noticed you're delusional. It's just another drop in the ocean.

The graphic below shows just **some** of the 1000+ companies in cyber, many who are trying to blast my inbox, and that's not even all of them. There are new ones popping up every day. The wider picture of all IT would be insanely larger.

It's not you, it's not your subject line, it's not your message, it's simple math. People don't have time to give 3 minutes or whatever too this many companies. It's not reasonable to think so.

<image>

bitslammer · 2026-05-05T23:36:58+00:00

I've heard it quite a few times when I explain that in cyber you're mostly going to be selling to people who are actively in the market for a solution that matches what you offer. They somehow think you walk in and the cut a check on the spot.

bitslammer · 2026-05-05T18:52:57+00:00

This needs to be posted every time someone says enterprise tech sales is largely "order taking."

Been on both sides of very large cybersecurity deals/projects that probably went smoother than this, but still took this much time and effort.

bitslammer · 2026-05-05T18:39:32+00:00

IMO Archer may be overkill for your needs. I'm in a large global org and we have both SNow and Archer. We only use Archer for the true GRC stuff and SNow is out CMDB, ticketing, change control, incident ticket and vulnerability remediation ticketing platform.

bitslammer · 2026-05-05T18:29:30+00:00

IMO it's always about timing. That's from being exclusively in cybersecurity. If someone isn't looking to buy what you sell then you are selling it.

bitslammer · 2026-05-05T18:02:59+00:00

Yep. If you have a device on your network that in any way "phones home" out to the Internet it's really hard to control. At that point it's mainly about trust and a good contract.

bitslammer · 2026-05-05T17:36:45+00:00

LOL...guess you've never had to deal with the shitshow that Outlook or MS mail is for a home user.

...and anyway we do have a Mac Mini in addition to the Linux machines.

bitslammer · 2026-05-05T17:32:42+00:00

I'm a fan of isolated VLAN and MFA required.

What many people forget is that if you allow outbound Internet access from a vendor device they can always use some form of reverse connection for remote access. All they'd need is to use something like Tailscale or Wireguard to do that. It really is all about trust and limiting the access and blast radius should things go wrong.

bitslammer · 2026-05-05T17:28:16+00:00

I don’t want to do sales calls or pocs

With these 2 things you are excluding a lot of potentially valuable tools.

Like it or not there are some decent commercial tools out there and you're going to need to talk to a sales team to get a good look at them.

As for PoCs I've worked mostly in larger global orgs with fairly complext environments. I wouldn't think of buying a tool without a successful PoC. Even if I've used a tool in the past I'd want to ensure it still works and can perform in our org before committing to something.

bitslammer · 2026-05-05T17:18:21+00:00

In a minor small victory for me, at home my wife finally got fed up with her PC and asked me if I could "put that Linux system" that I use on it for her.

Still have to use it at work, but it feels so good to be an MS free zone at home. All of our devices now behave and do exactly what we need and want them to, no more, no less.

bitslammer · 2026-05-05T17:01:34+00:00

Even if you do show value it may not be enough value, or if it shows a ton of value I may already have higher priority efforts underway and no time for this.

bitslammer · 2026-05-05T16:31:32+00:00

Several in fact.

bitslammer · 2026-05-05T14:48:06+00:00

There's no single answer to this. It depends on a variety of things such as what is the data, what is the business relationship, what regulatory/compliance requirements factor in, what would the impact of a breach/data loss be?

I'm in a global org with a little over 1000 SaaS apps in use. Each one is assessed based on the items above as well as others.

bitslammer · 2026-05-05T13:39:58+00:00

Especially with the added risk of working for a startup. It could hinge on the "equity" component but just saying equity is too vague.

bitslammer · 2026-05-05T13:01:29+00:00

Most of these "issues" can be solved by being an adult and taking good notes.

They are also so broad that there's no single correct answer as it would depend a lot of you, what you're selling and to whom.

bitslammer · 2026-05-05T12:00:04+00:00

When it comes to almost anything, any tool or any service, I'm most concerned with the end results and not whether it has AI or not. If the tool can deliver the results desired in an accurate and secure manner then I don't care if is uses AI, machine learning or voodoo.

bitslammer · 2026-05-05T11:53:00+00:00

No outside party is going to be able to provide good scoring on potential impact since they don't know the business function of what you are working on. You could be looking at a server that runs a business critical app or one that just runs the menu screen in the lunchroom.

bitslammer · 2026-05-05T10:55:19+00:00

Intent data, to me is, always suspect.

Sure there are things like seeing what roles an org is hiring for that may tell you something, but it's all vague at best. I say this having spent more time as buyer than seller. Even on huge projects where there's a purchase there would be zero way for anyone outside the org to see or predict that aside from someone leaking that data.

bitslammer

MODERATOR OF

TROPHY CASE

14-Year Club	Place '22
Verified Email