Contracting out work to third-party IT vendors is often challenging.

From licensing issues, regulations forcing companies to submit multiple bids, and the arcane art of negotiation, anything could make or break a deal. And there’s also the possibility of threat-surface expansion. But there are ways to make the process easier.

Vendors are important because there are many things that companies need to do that would be better to have a third party manage. And that doesn’t end with the contract itself; in some cases, negotiation is done by a separate vendor.

Getting help. Oftentimes buyers will turn to third-party negotiators like consulting firm West Monroe. Nate Buniva, a partner at the firm, told IT Brew that clients generally approach the company when they’re already in a bind and need help to get a good price and the most appropriate solution. That goes from the request for proposal, which they structure to be quickly converted to a contract, to working with vendors to answer their questions and shape their proposals for the best fit. Contracting can be a “wild card,” he said, and so the role of a firm like West Monroe is to ensure the proposal delivers on the client’s needs.

Learn all about dealing with vendors.—EH

The Biden administration issued two sweeping directives addressing cybersecurity needs for the federal government, including one that materialized just days before President Donald Trump took office. The current president did not rescind the cybersecurity executive orders (EOs) the way he did others.

Now, in the midst of cybersecurity concerns surrounding Elon Musk’s Department of Government Efficiency (DOGE), along with productivity and waste-reducing directives from the Trump administration, it’s unclear whether or not the EOs are still a priority for the federal government.

Well, this is what it looks like. The Trump administration’s new EOs focus heavily on government efficiency and direct agencies to only work on statutorily required activities, which could override tasks from previous directives.

“Until middle of last month, a lot of interagency work was blocked,” one IT professional in the federal government wrote to IT Brew. “This all caused a lot of work stoppage on those EOs, especially anything that required multi-agency collaboration. Folks aren’t really working on the last couple Biden EOs on cyber for example, they just went ‘poof.’”

How DOGE is upending US cybersecurity efforts.—CN

Who needs chatbots when you have a panel of IT pros to ask your burning security questions? We asked practitioners: How do you ensure data is secure when everyone is hooked on ChatGPT?

Babson College Chief Information Officer Patty Patria shared how the Massachusetts school enforces restrictions on certain LLMs and trains employees on acceptable use.

“You either need to use what we’re providing to you, or if it’s a student or faculty and they want to use their own proprietary data, use something that we’re paying for that’s closed,” Patria told us in a June 2 story.

Here’s what other industry pros had to say:

Responses have been edited for length and clarity.

Pete Nicoletti, global CISO, Americas, Check Point Software Technologies: ChatGPT has a couple of different levels…The unlicensed [version] goes into a big mosh pit of everybody else’s data. The licensed [version] is going to give you some exclusivity of your data being sequestered.

How to break the fever.—BH