An IT security salesman told me his software doesn't work

A random encounter with a professional reveals the inherent issues with IT security.
Written by Chris Matyszczyk, Contributing Writer

Someone, somewhere can always get in.


I just wanted a day off.

So I wandered to a public golf course for some sunshine and the hope of just one decent tee-shot.

When you wander out to play golf on your own, you never know whom you might meet.

I've learned what it feels like to go into a burning building, thanks to a golfing firefighter. I've learned what it feels like to fly a covert mission to Iraq from a young golfing Air Force pilot.

This time, the play was slow, and two men caught up with me. One was instantly affable and a good golfer.

He wanted to chat, and he was good at that, too.

Given that this was a weekday, I asked him how often he played.

"Around three times a week," he replied.

"How can you do that?" I wondered.

"I have a great boss who only cares about me making my quotas."

"So you're a salesman? What do you sell?"

"IT security software," he said.

If there's one product that most businesses crave these days, it's this one. Hacks cost businesses millions. Why some cities are even paying hefty ransoms to get their data back.

Many IT and security professionals blame ignorant, careless employees for most of the issues. Some research suggests that millennial employees are the most blasé about the whole thing.

Yet my conversation with this IT security salesman took a strange turn.

We were waiting to tee off, and suddenly he said, entirely unprompted: "You know, our product doesn't work."

Ah. Oh.

What do you say to that? Did he want to unburden himself? Perhaps he merely wanted to be disarming just before I (tried to) hit the ball.

His company is, how can I put it, quite well known in its field. So I had to ask: "Wait, you're selling stuff you know doesn't work?"

"Most of the hackers are always one step ahead," he said. "It doesn't matter what the security software is, they'll find a way around it."

"And there's no way of catching them?"

"Most of them are overseas. If you can even find where they are. Even if you know what country they're in, their government doesn't care and won't do anything about it," he explained.

"So there's nothing anyone can do?"

"Not really, no," he said after he hit a very nice three-iron.

What a strange place we're in when businesses are fighting mysterious adversaries and apparently don't have the tools to truly defend themselves.

It doesn't matter if the company is small or large. It doesn't seem to matter, even, if the company is supposed to have some sort of software expertise.

It seems as if every new piece of software -- and the old pieces, for that matter -- has at least one cat-flap through which a hacker can enter.

It was, indeed, disarming to hear this salesman talk about his job with a benign resignation. He wasn't arrogant, merely matter-of-fact.

I had to ask the obvious question: "Don't you feel bad about selling something that you know doesn't work?"

"Our software is pretty good, compared to most of the others, so no, I don't feel bad. And anyway, I get to play golf three times a week."

Cloud computing winners, IT security job salaries, 5G network plans: Tech research round-up

Editorial standards