Hey my company recently got a new CIO. He had a company come in to do a cyber security assessment (good idea) but that company only specializes in Microsoft solutions. To me seams like a sales pitch for what our CIO knows. We’ve already had our infrastructure manager quit because of different views then the new CIO. Should I be worried? I used to be in the finance industry and I’ve never seen a vendor specific cyber security assessment, they’ve always been vendor neutral. One example from their finding is to get Azure MFA, but we already have Cisco Duo product? I was like what the hell. They want us to get msft defender for endpoint to replace both Sophos and carbon black!