Landmines
Six questions that flip the Proofpoint deal.
One per call. Don't stack. Let the silence work.
Q1
Proofpoint's VAP is fed by TAP email attack telemetry. What signals does the platform read outside the inbox?
Signal – exposes email-bound signal universe
Q2
VAP groups people into Very Attacked People at population level. Can the platform produce a 90-day individual risk trajectory?
Persona – exposes population-grouping vs individual
Q3
What is the Security Awareness renewal date, and would replacing just that licence keep the TAP and ITM contracts intact?
Provisioning – exposes bundle entanglement
Q4
What does Security Awareness produce for an EU NIS2 auditor at the Article 21(2)(f) level – training delivery, or behavioural change?
Compliance – exposes training-vs-evidence gap
Q5
When a regional sector attack lands through a non-email channel – credential stuffing, supply chain – does VAP reflect it?
Signal – exposes cross-system blindness
Q6
Security Awareness is part of Information Protection at a $1B+ email security company. How often does the SAT roadmap get prioritised against email security investment?
Architecture – exposes secondary-revenue roadmap risk