Effective security requires a magical blend of people, process and technology. There are literally thousands of technology vendors covering everything from malware detection, training and security awareness, data analytics and dozens of other spaces. We do not have a dearth of technology.
For a large organization – a bank, a telco, a government division – they can hire (with difficulty, sometimes) a large team, build out processes based on frameworks like NIST/ISO/PCI/other standards, and buy the technology they need. Or, if they don’t hire a team internally, they might outsource to a large Big4 consultancy or MSSP to handle a big chunk of their day-to-day security. Although it is a struggle for any large organization, it is an understood approach that needs to pivot and adjust based on new technologies, business, industry, threat profiles – but a solvable problem.
For mid-sized and smaller organizations, the problem is more complex. Instead of a security team, they often have a single individual – perhaps even an external consultant, responsible for IT security, policy, process, compliance. Independent consultants are often some of the most talented people in the security industry, but they lack access to colleagues and teams to bounce ideas off of, build processes that can be shared and scaled. They might be experts in firewalls, compliance, SIEM – some aspect of policy or technology, but because security is incredibly diverse no one person can be an expert in everything. Smaller organizations can also typically not get the time, attention or care from a large security firm. They deserve someone with close, intimate knowledge of their business.
So – how do you solve the problem of access to people with skills across a diverse set of security disciplines, reach hundreds of thousands of small to mid-sized businesses, and have repeatable, scalable processes?
Well, we haven’t ‘solved’ it yet, but our idea and approach is to work through the independent IT and security consultants. There are thousands of them with direct, deep relationships with their small and mid-sized clients. They’re the trusted advisors, and the front door to solving their clients needs. By combining them into an alliance, where they can draw on the expertise, skills and resources of other in the community, the hope is we can reach a scale of addressing the people, process and technology needs of smaller customers and start to tackle this problem once and for all.
So – if you’re an independent consultant or small boutique – that wants to maintain their independence but join with a community of like-minded individuals trying to make a dent in the security problem – reach out. If you’re a small or mid-sized business, trying to crack the security nut and need a trusted advisor who will give you personal, direct attention to your problems – reach out. Together, we can start to tackle this Gordian knot.
Kobalt.io assesses, develops and runs cyber security programs for small and mid-sized organizations. We provide security operations and advisory services to your organization – to empower your ability to embrace cloud infrastructure; protect data stored in critical SaaS applications and your corporate environments, and ensure confidence in your security visibility.