Stephanie Benoit Kurtz thought she had a good deal when, in one of her former CISO roles, she signed a three-year contract with a vendor for vulnerability management as a service.
Benoit Kurtz inked the deal thinking that her security operations program would make full use of all the offered features. But she found early into the three-year stretch that her team only used about 60% of them.
She says she was in a bind: paying for a product that wasn’t really the right fit with no way to get out of the contract.
“It’s hard to go back to the manufacturer and say, ‘I didn’t need that module so can I get my money back?” They don’t seem to want to engage in that conversation,” says Benoit Kurtz, a former security executive who is now lead faculty for the College of Information Systems and Technology at the University of Phoenix.