If you're old enough, you might remember commercials in the '80s that encouraged people to take the Pepsi Challenge.
A bottle of market share leader Coke and a bottle of runner-up Pepsi were side by side but hidden behind a box for a blind taste test.
People would pick the winner based solely on taste instead of brand recognition and (surprise!) Pepsi often won, even among Coke lovers.
Now there is a sort of Pepsi Challenge in the works where cybersecurity controls and technology solutions can be vetted in the same way.
In 2018, the U.S. government launched an effort with a consulting firm to gamify the anticipated success of tools to secure government, and eventually, business:
“This effort tackles longstanding cyber-risk challenges to understanding the efficacy of cybersecurity controls and incentivizing the socialization of that knowledge,” says CYRIE Program Manager Erin Kenneally. “The novel approach aims to change how cyber-risk management and controls investment decisions are made."
We like the way NextGov covered this story:
"The system would offer descriptions of each tools’ attributes without revealing who developed them, allowing companies to anonymously crowdsource expert advice on potential threats and weaknesses."
Gee, that sounds like the Pepsi Challenge, doesn't it?
What this could mean for cybersecurity vendors
If you sell cybersecurity solutions, you'll want to keep a close eye on the development of this effort to standardize the evaluation of security solutions and controls. And continue to make connections with leaders in the cybersecurity space so you can personally share about your solutions in 2019.
What this could mean for security practitioners
If this "pure" type of evaluation for security solutions and controls actually works, it sounds like the federal government would like to create additional information sharing between government and industry.
Even the project's working title drives home this point: "Benchmarking Cyber Threat Controls Through Crowdsourcing."
In the meantime, join your peers who are collaborating on best practices at SecureWorld regional cybersecurity conferences.
The type of crowdsourcing and evaluating the government is proposing could lead to some surprising results in the security space, just like the Pepsi Challenge did in the beverage space many years ago.
[Cover photo: Wikipedia]
