Stephen and Rich answer our viewers' questions. This month...

"I'm new to a company as the Head of IT, it's my second head of IT role but it's the first time I've had Cyber Security in my remit. This is great, and it's one of the reasons I took the role because I'd really like to move into Cyber Security. Some decisions were made prior to me starting, for example their AV & MDR, their not critical national infrastructure. I think that it's overkill, as they both perform similar functions and AV would have been fine. There is no SIEM but there are a bunch of SAS products but there is no security alerting on that. The previous guy put out a tender for a SIEM provider, he selected one but the contract wasn't signed. Needless to say everyone here was onboard with it and I've come in and I'm questioning things. I think if we have a SIEM, great. But who has time to monitor it? Not me. There been a lot of buying here and no use made of those purchases. I've come in and I look like I'm being difficult for the sake of it. I feel I need to take a breath and actually look at the problems before blowing my small budget that was given to the previous trigger happy guy."

Questions: Do we kill off the login we currently have? What should I do here? Move forward with SIEM to keep my position politically not literally or trample on it and start again knowing that I'm going to piss off a whole bunch of people?