Hello and welcome to the ICM Blog. I wanted to take a moment of your time to discuss a growing trend in the market, namely the mindset of valuing Profit over Principles.
I am sure most of you have seen the cyber industry articles outlining some interesting business practices from a few organizations that are engaged in both offensive and defensive activities within the cyber realm. These organizations are comprised of a traditional value-added-reseller business unit and a threat development lab business unit.
It can be argued that developing hacking toolsets for use by the reseller’s and client’s threat hunters can be an invaluable tool in understanding an organization’s vulnerabilities.
I would consider this a white-hat activity.
However, when the reseller takes those same hacking toolsets and makes them available for sale to organizations or nation-states who intend to use those tools for offensive cyber operations; the reseller has abandoned principles for profit. I would consider this black-hat activity.
That reseller is potentially creating a threat crisis that they will ultimately sell a solution to mitigate said crisis - profiting from both sides of the cyber world. To me that’s unethical.
Let’s take it a level deeper. What if you’re a cyber defense sales specialist that can make more profit by selling a new solution, maybe even an inferior solution, instead of fixing the client’s existing production toolset through consulting services. The cyber defense sales specialist has an obligation to their company and themselves to make a profit; some might even argue to maximize profit. But don’t they also have an obligation to the client? An obligation to insure the client is successful in their cyber defense programs and realizing
a value for their investment?
I would assume that if you polled the industry, everyone would affirm that client success is core to their reseller activities. But do their actual practices align with that philosophy? Sadly, I think in a fast-paced, me-focused, employment-churning world we are starting to see more people value Profits over Principles. More people that value what is in it for them, versus solving the actual problem.
I came to ICM Cyber seven years ago because the CEO had a philosophy – good works are more important than short-term profits. Mr. Black states “You cannot buy integrity with money, and if you don’t have your integrity, you really have nothing”.
I am a firm believer that quality of execution and standing up for your clients in the worst of
times has positive impact in the world, even if you do not profit from those actions. It does something to improve our collective ability to defend what we value.
Mr. Black’s tenants permeate our culture at ICM Cyber, it’s in our DNA. Do we make a profit? Absolutely. Do we profit because of our principles? Absolutely.
So, if you value an organization that places Principles Over Profit and you want to engage us to help you, or maybe you would like to be part of an execution-driven team, give us a call.
We are, of course, here to help
Vice President of Strategy & Execution