Find a Trusted Cybersecurity Provider: Avoid Fear and Make Progress Forward
June 18, 2021
25 min read
Between news of breaches, new ransomware, and a near-constant slew of attacks on businesses and organizations of all sizes, the importance of cyber security is undeniable.
When the pressure is on from members of the executive team, customers are asking for specific requirements, and the threat of risks hangs over the security team, finding a trust-worthy security provider is more important than ever. With a myriad of provider options, huge claims, and confusing information about cyber security, it’s hard to navigate all the services, teams, resources, and technology.
CISOSHARE Founder, President, and CEO Mike Gentile shares tips and insight from his experience in cyber security to make it easier to find the right cyber security provider for your organization.
It’s Not Just About Security Services, It’s About Trust
While cyber security might be at the forefront of every business owner and security leader’s mind, it isn’t really about cyber security for its own sake, but fear. With news of breaches, new ransomware, and large-scale incidents in companies of all sizes and industries, many organizations are motivated by fear of something similar happening to them.
Fear might be a motivating factor in exploring cyber security program development, it can’t be the only thing that drives an organization’s decisions. Fear can lead to haste and creating more work for yourself and the security team in the long run.
Keep your team from succumbing to fear and getting lost in the sea of cyber security solutions by finding a trusted resource for your cyber security needs and questions. Start by asking around in your professional network or partners you currently work with to get recommendations for security professionals, teams, or providers that they’ve worked with before and would be willing to help you navigate your security needs.
Starting these conversations within your network and trusted security professionals can lead you in the right direction when it comes to finding a provider or solution for your needs.
How Do You Know When You’ve Found the Right Security Partner?
As you start reaching out to security professionals, solution providers, and others in the cyber security space, you’ll start to get a feel for what would be a good fit for your organization. It isn’t only about the solutions or technology they can provide, but the guidance they can offer your team and your organization as a whole.
A good partner will be one that you can detect early on in your conversations with them. Can they explain cyber security clearly without getting lost in the jargon? Do they understand the problems your organization is facing? Can they show you how cyber security impacts your larger business goals?
Having open and unstructured conversations with a cyber security partner is a good opportunity to get quick answers and explanations that will help you connect the dots in cyber security to your business.
The right security partner will take the time to explain each phase of a security project’s process, the potential impacts and results it could have on your organization, as well as how a security projects correlates to larger goals and needs within the organization.
The process of security program development, even in small to mid-sized organizations can be a multi-year project, so it’s worth taking some time to find a partner that offers both managed program development as well as professional services to take on additional security projects as needed.
Taking an Effective Approach to Cyber Security Program Development
There’s no one way to build a cyber security program. Every program is unique to the team that builds it and the organization that needs it built. There is, however, a repeatable security program development methodology we’ve written about before that can be used to establish a program in organizations of any size and industry.
While your cyber security provider doesn’t have to build a security program with the same principles in mind, there are a few things that you and your chosen provider can do to ensure that your cyber security program is effective and efficient.
Start with an assessment to understand your current state. This is the time to be honest about existing policies and processes — don’t treat this like an audit. Your cyber security provider can use the assessment to kick off the development program and blend any findings that need to be addressed into the plan moving forward.
Before building new areas of your security program or improving existing ones, make sure you and your chosen security provider really understand the goals you want to accomplish — it often isn’t as simple as aligning to best practices. Security is often motivated by meeting customer needs, enabling sales, or addressing the real risk of a breach. Understanding these goals and ranking them by priority will guide process and program development.
Starting with a firm definition of cyber security within your organization and your ideal future state will ensure that you find the right solution providers to bring you forward. While there are providers that claim that they can help you with every aspect of security program development, you’ll often find that you need specialists in specific areas.