I re-stumbled across this well-worn meme of the 7 deadly sins and social media so, as many of you come back from Las Vegas I thought it would be too take a light hearted view of this from the angle of security products.

1. Gluttony: The All-You-Can-Eat Security Buffet

The insatiable urge to consume more, even when you're already bursting at the seams. The team that simply cannot say no to the next shiny new product, appliance, platform, or service. Their security stack resembles a digital hoarder’s paradise, a monument to every vendor demo they’ve ever attended. Their data lake is less a lake and more an ocean, overflowing with logs from systems they bought three years ago and still haven't fully integrated. You ask them what they need, and they respond, "Everything, but more." 

2. Greed: The Penny-Pinching Perfectionist

Not hoarding money, but hoarding features at the lowest possible cost. This team will spend weeks, perhaps months, negotiating the price down to the absolute bare minimum, squeezing every last drop of discount from a vendor. They demand enterprise-grade features for small-business budgets, and then act genuinely surprised when the support isn't white-glove 24x7. Their RFPs are legendary for their intricate demands for every conceivable bell and whistle, often for technologies they haven't fully researched. It’s like the coupon clipper who spends more time calculating their savings than they do enjoying the product.

3. Sloth: The "Good Enough" Security Posture

This team buys security solutions as if they were purchasing a particularly comfortable armchair. Their procurement strategy is driven by "what we've always done" or "what the vendor with the best golf outing suggested." They’re content with a basic firewall and antivirus, even as the threat landscape shifts beneath their feet. Their security investments are less about proactive defense and more about hoping for the best. It’s like the person who buys a treadmill, uses it as a clothes hanger, and then wonders why their fitness isn't improving.

4. Lust: The Infatuation with the "Next Big Thing"

The passionate yearning for something new and exciting - an almost obsessive pursuit of the "next big thing" – the AI-powered, blockchain-secured, quantum-resistant, cloud-native whatever-it-is-this-week. They're first in line for every beta program, every early access release, and every vendor's "revolutionary" new product. Their current security tools are abandoned faster than a New Year's resolution.

5. Envy: The "Keeping Up with the Joneses" Mentality

The gnawing feeling of discontent at another's possessions. This team's procurement decisions are heavily influenced by what their peers are buying, particularly those in larger, more well-funded organizations. "If Company X has a SOAR platform, we must have a SOAR platform," they declare, often without a clear understanding of their own specific needs or existing capabilities. Their budget justifications often begin with, "Our competitors are doing X, so we need to do X plus Y." 

6. Wrath: The "Vendors Are All Liars" Approach

This team approaches every vendor interaction with an inherent distrust, a deep-seated suspicion that they are being actively misled. Their RFPs are less about understanding capabilities and more about laying traps. Every product demo is an interrogation, every sales call a cross-examination. They assume malice where there is often just over-eager marketing. Their procurement process is a battle, not a collaboration, resulting in strained relationships and often, less-than-optimal solutions. 

7. Pride: The "We Can Build It Better Ourselves" Hubris

The excessive belief in one's own abilities. This team, particularly common in larger enterprises, believes they can engineer, develop, and integrate every security solution better than any commercial vendor. They view off-the-shelf products with disdain, preferring to cobble together open-source components or build bespoke tools from scratch. While commendable in spirit, this often leads to endlessly delayed projects, ballooning internal costs, and solutions that lack the robust support and maintenance of established products. 

_________________________

I’ve committed several of these sins over the years - especially trying to build vs. buy. How many sins are on you?