On Wednesday 20 November, Cytix made a guest appearance at the DTX Cyber Leaders’ Summit in Manchester. Aside from participating in several networking sessions, our co-founder, Ben Armstrong, was invited to speak in a panel discussion on whether you should build your own cybersecurity solution in-house or purchase a product from a specialised vendor.

‍

The panel focused on the difference between building and buying, the difference between building methods, and whether design partnerships could be a happy medium for those looking for tailored solutions to particular use cases.

‍

The panel was hosted by our very own CISO advisor Jamie Whitecombe-Jones. Also participating in the panel wereDeepa Ramadoss, head of Security Risk Management at PXC, and Michael Heritage, the Global Vice President of Cyber Security for the Financial Times.

‍

Build Or Buy?

‍

A debate as old as time: store-bought or made from scratch?

‍

The panel opened with a discussion on the difference between building a needed solution and purchasing one outright.

‍

Building a solution in-house that is specific to your use case certainly has its benefits. It means that you can create a solution that is tailored exactly the way it’s needed to be, you have full control and culpability over it and can fit into your unique environment. The problem is that this ends up being expensive, time-consuming, and much more complex in the long run.

‍

Speaking from years of expertise, Ben said, “It’s not about whether we are capable of building a solution that works, it’s about whether or not we can support it post-build and keep it going.

‍

“Often, when we build, we’re building to solve a problem for our use case. What I’ve seen frequently over the years is that businesses will try to create a process to solve the problem, which then needs more time, more staff, more resources. And that isn’t always sustainable. More often than not, companies are left with an overly expensive solution to a problem, when they could have found a better way by buying a solution that could’ve done it for half the overhead.”

‍

It seems like store-bought is always best. Building takes a lot of time and resources, whereas pre-built solutions can be onboarded in a matter of weeks, days, or even hours. Purchased solutions also come with a lot more expertise from teams, tend to be more easily scaled, and come with compliance assurance. Most notably, it is also easier to deflect blame when something goes wrong, although the panel did accept that brand reputation is still damaged regardless of whether the out-sourced company was at fault or not.

Can Design Partnerships Be The Answer?

‍

Design partnerships are scenarios where large companies will hire an external company to create a product that is specific to their use case, often investing money to help realise this solution. It’s a method that is seen quite frequently in Silicon Valley, where enterprises invest in start-ups, looking for solutions to unique problems.

‍

It was agreed across the panel that it was definitely worth it and an ideal situation for a lot of companies, though it opened up a wider discussion of actually finding a company that is building what you need, securing the funding, and making sure the company in question actually wanted to partner with your organisation.

‍

From the startup’s perspective, the panel floated the question of whether or not this would be lucrative or even viable for a cybersecurity company if they were hired to create a niche product for a niche use case. If only one company needs this product, then is it financially viable and sustainable for the business?

‍

Ben pointed out that a lot of startups tend to live and die by this ethic and that a frequent challenge within this industry is that the capabilities of a product tend to change frequently, with acquisitions in particular vastly changing what an organisation actually does.

‍

Speaking on the problem, Ben added, “How long do these stay as niche requirements? Someone else might have an adjacent use case.

‍

“At Cytix, we found a company that was using AI to create tickets to address pen test requests, but they were suffering from a lack of resources and staffing. We got our LLM hooked up to their system and boosted their product. If there are gaps, there’s always a guarantee that someone will be working on emerging technologies that can help solve that problem.”

‍

Summary

‍

For most organisations, buying a product is often far more accessible than creating a solution, simply due to a lack of staffing, resources, and skillset. Building is a great method for those who have highly specific needs that “off-the-shelf” can’t meet, but it isn’t always achievable. That said, building from scratch allows for greater customisation, being able to determine how and when to test, and can achieve greater security and compliance – provided it is done right.

‍

The DTX Cyber Leaders’ Summit is held for senior cyber leaders, decision-makers, and budget-holders. The summit featured keynote speakers and panel discussions, with a focus on fostering connections and networking in an exciting and rapidly developing industry.

‍