The Silence that Sells
"We congratulate ourselves on eliminating noise, but we forget to ask what else we might be eliminating."
May 25, 2025
I took off my badge before I stepped into the vendor hall. People talk differently when they don’t know who’s listening, especially on day two of a cybersecurity conference, when everyone’s proving their product is the answer.
The booth was bright, orderly, quiet. Blue lighting. A three-word promise: Eliminate the Noise.
He greeted me with a sales-training smile. Young, confident, a bit too much gel in his hair.
“We’re built to eliminate noise,” he said. “Ninety percent fewer alerts. Your team will love you.”
I nodded. The story was familiar: too many false positives, too much alert fatigue, pressure on thinly stretched teams. Their platform filtered the noise. Models learned what mattered. Less noise, more peace of mind.
When he paused, I asked: “How do you handle false negatives?”
He blinked. “I mean,” I continued gently, “how do you test for what you don’t catch?”
A longer pause this time. Then honesty: “I’ve only been here a few weeks. Let me grab my supervisor.”
The supervisor was older, thoughtful, steady. We talked about tuning thresholds, balancing risk, and the strange silence that can follow a successful attack.
“It’s not that we don’t think about false negatives,” he said. “It’s just hard to talk about something no one can see.”
That line stayed with me.
Too much of our industry sells silence as safety. Tools are judged by how quiet they are, not how truthful. False positives are inconvenient but visible. They generate noise, tickets, fatigue. We learn to hate them.
False negatives don’t alert. They don’t complain. They slip by until the cost is too big to ignore.
And so we build systems that reward quiet over accuracy. Dashboards that light up less often. We congratulate ourselves on eliminating noise — and forget to ask what else we’re eliminating.
Better questions help. Not just: How much noise will this tool reduce? But: What might it miss to keep things quiet? We can practice asking vendors, and ourselves, questions like:
- What’s your false negative rate, and how do you know?
- How do you test for edge cases?
- What’s the cost of a missed alert in our environment?
We don't need to ask to provoke, but we need to ask.
When I left the booth, the conference floor was humming. A ransomware solution vendor waved from across the aisle, offering a stress ball and “total peace of mind.” I waved back.
I didn’t put my badge back on.