Landmines
Six questions that flip the CyberPilot deal.
One per call. Don't stack. Let the silence work.
Q1
CyberPilot's Security Culture is a 10-question survey of self-reported attitudes. What signals does the platform capture from actual workday behaviour?
Metric – exposes self-report vs observation
Q2
Phishing runs 4 times per year, manually crafted. What happens to risk profiles between scheduled campaigns?
Cadence – exposes quarterly programme rhythm
Q3
CyberPilot's positioning is explicitly anti-AI. What does that mean for adaptive intervention based on individual risk?
Architecture – exposes anti-adaptive stance
Q4
Can the platform produce a 90-day individual risk trajectory at role level today?
Persona – exposes cohort-only reporting
Q5
What does the platform produce for an EU NIS2 auditor at the Article 21(2)(f) level – training delivery records or behavioural change evidence?
Compliance – exposes NIS2-as-course-topic limit
Q6
Above 20 users, CyberPilot's pricing becomes quote-only. Has the buyer modelled the actual TCO for managed-service-led delivery at scale?
Provisioning – exposes managed-service ceiling