In Tough Times, Be Efficient Not Cheap

Rafal Los
4 min readApr 22, 2020


We’re all dealing with an economic and social catastrophe the likes of which we have not witnessed in many generations, hell, maybe ever. The events over the last several months can give one pause about how to proceed forward with so much that is uncertain. Having been through a few similar types of cycles (for example, 9/11 and the economic downturn in 2008) I thought I would share some unfiltered advice.

Most importantly, things are never going to go back to the way they were before February 2020, ever. This is the reality. This has a significant impact on how enterprises big and small function. From the products and services that are most in-demand, to marketing strategies, hiring talent, IT strategies, and many virtually all other aspects of business.

While I understand the desire to clamp down on spending and find the least expensive way to do the things necessary to continue forward — I want to make sure I make a very clear distinction between cheap and inexpensive. I’ve written about this before. In fact, I feel like I write something about this every time things take an economic downturn.

There are two reasons for this. The obvious one you’ll jump to is that I work in the services space and I’m a vendor — I would like to see companies continue to spend, albeit wisely, for my own livelihood and that of our industry. But second and more important is that I’m a consumer as well. I buy things, I consume services for myself and my family. I need to rely on the fact that innovation will continue its march forward, and the brands I depended on in 2019 will make wise choices in 2020.

Let’s clear things up here. Cheap is a word ascribed to goods and services that are both low cost, and low quality. Inexpensive describes only low cost. I urge you to find inexpensive ways to do the things you need to do, without having to be cheap. You’ll pay more for cheap in the long run… just look at our relationship with China. “Made in China” has long been synonymous with cheap (low quality, low cost) but now America and moreover the global economy is paying dearly for giving the Chinese government so much economic power…but I digress.

This entry isn’t about cheap vs inexpensive, as the title suggests, it’s about cheap vs efficient. I already hinted earlier about the need to “spend wisely” — and that’s what I’d like you to walk away from this post thinking about. How do you reduce your spend commensurate with the times but still be strategic and wise about that spending? That’s a tough question, I believe. My focus is on cyber security so here are a few short thoughts…

  1. Criminals, nation-state adversaries, and random attackers aren’t going to give you a pass just because the world is currently on fire. Security leaders must continue to innovate, stay vigilant, and grow their defensive capabilities or else their organizations will face not only economic pressures but also regulatory and public sentiment in the event of an incident in these trying times.
  2. Building everything yourself is even less of a wise choice today, than it was 4 months ago. The cyber security market was already facing pressures on staffing long before the Covid-19 virus swept the globe. Building an empire in your cyber security team is and will continue to be a terrible idea. Our current economic situation is forcing your hand. Security leaders must look to strategically partner with managed providers, staffing agencies, and their vendors to leverage that power to stay small, keep your cyber workforce focused on strategic initiatives to the business, and keep the adversaries at bay. But choose wisely, remember look for efficiency, versus just the cheap provider.
  3. Look for value, not simply low-cost in your partners and vendors. Frankly, finding cheap alternatives to things you buy today and vendors you already use would be pretty easy. The problem, as you already know, is that it would likely end in disaster. But that doesn’t mean you shouldn’t be seriously working on cutting your costs, quite the opposite. If you didn’t have an initiative to bolster effectiveness from your tools, staff, and providers before — now you must. It’s good business sense, and now it might very well be a survival tactic.
  4. Focus on managing cost, reducing complexity, and increasing efficacy going forward. It’s been my soapbox for a few years now, but today is more important than ever before in my lifetime. Managing isn’t the same thing as reducing; but it may mean that you cut cost in one area to make room for innovation in another with a net $0 increase. It’s possible. I have been a part of strategies that executed on exactly this, and I know many of you have been as well. Share that knowledge. Reducing complexity is good for security, and it’s good for cost management so it feels like a no-brainer to me. But cloud computing, IoT/IIoT, and the piles of legacy we’re still dragging behind us have made reducing complexity that project you save for the next person…well, get after it. Today. Increasing efficacy should always be a project. It’s continuous improvement, and the very heart of what wise leaders I’ve learned from over the last 20 years have worked towards. All three of these things are tied together… and I suspect I’ll write on these three over the next few posts so stay tuned.

So, this has turned a bit longer than I expected, sorry about that. But it needed to be said, and I hope you find some value in the few minutes of time it took to read this. I’m going to expand on this last point in a few upcoming posts so if you have war stories or expertise to share please use the comments section. If you enjoy the content, I encourage you to share to colleagues who may need to hear this.

Thanks again, until next time.



Rafal Los

I’m Rafal, and I’m a 20+ year veteran of the Cyber Security and technology space. I tend to think with a wide-angle lens, and am unapologetically no-bullsh*t.