Why do so many Vulnerability tests fail to produce remediation business?
1. If the test is done for IT, you won’t have visibility into the executive ranks
2. If the process doesn’t involve the executive team they won’t care much about the results
3. The report is too technical
4. The report uses jargon that disguises the problem and it’s urgency
5. The provider appears to be more focused on analytics than urgent issues
Eg. If I come to you and say, this is the problem, I’ll put together some options and pricing and get back to you next week, do you feel like the issues are urgent? What if you plumber did that after discovering a leaking pipe in your wall? You’d fire them! (But only because you know that is urgent.)
© 2010, David Stelzl