About the good list

With so many vendors in the information and "cyber" security industry, it's no small task to find the handful that will actually help you address your business risks effectively.

Considering the vast landscape of solutions being peddled to today's security leaders, there can only be a small percentage of those that provide legitimate value - or at least deliver the majority of what they are promising.

We've put together the good list to share clear-headed feedback on the security vendors and services that CISO's are truly satisfied with; vendors that reduce risk and genuinely improve our ability to operate at scale.

What makes a good'un

To keep the list as unbiased as possible, we don't allow sales tactics or vendor sponsorships, and we've laid out strict criteria for considering any vendor as one of the good'uns.

For any vendor to be considered for the good list, a few things have to happen:

1. A qualified security leader needs to recommend the vendor as a good'un.
2. The vendor needs to provide a sales-pitch free overview of their value proposition in three sentences or less.
3. All leaders that recommended the vendor must agree that they are seeing that value in earnest.
4. An anonymous sales inquiry is placed with the vendor to review their:

• Honesty: Do they stick to the truth about their products?
• Alignment: How close is their pitch to the value proposition?
• Expertise: How well do they understand the business problem?
• Passion: Do they help you see the value without being overly aggressive?

The list isn't meant to shame or endorse any companies or products over another, but to keep a running account of who industry leaders feel are worth working with.

If you have a vendor that you feel is one of the good'uns, let us know!

Supporting the good list

Interested in contributing to the good list, but not sure where to start? Reach out to us at good@ciso.tools to see how you can support the good list today.

Volunteer opportunities

We're happy to have new volunteers to act as anonymous reviewers.

Buy us a drink

Want to support the list without losing your spare time? Donations to help with the operating costs are welcome.

Who we are

The good list is provided as a community project by eCISO, an executive development consulting firm, and maintained by an odd consortium of security leaders composed of Directors, VP's, CISO's and board members across North America.

Why keep a list

Although we typically have a higher risk tolerance than most in our personal lives, we care deeply about improving the security posture of the organizations we serve. The good list is one step towards making that goal accessible for everyone.