Non-executive Director at ParaFlare.
November 7, 2022
5 min read.
I've been a C-level technology executive for over 15 years. I’ve served some of Australia's largest ASX-listed organisations and been accountable for all things digital, technology, information and cyber. This means I'm generally called upon to lead enterprise-wide conversations and responses to cyber security risk management and cyber resilience (among many other things!).
I’ve worked across a wide range of sectors including retail, gaming, education and consulting, and I can tell you that many cyber security challenges are consistent across different industries.
If you’re going to market to find a cyber security provider, you need to choose a partner who will help your organisation to build resilience and a positive security culture as your threat environment changes and organisational maturity evolves. Cyber security partners who uplift your existing security posture are a critical component of your organisation's cyber defences.
As a customer there are three key differentiators that I look for when going to market to appoint a security provider. These are 'add-ons' to performing your due diligence of their technical capabilities versus requirements:
(1) Quality humans who power cyber security providers
A cyber security provider is only as good as its people. In an exceptionally competitive and tight cyber talent market, the organisations who can attract and retain the best and brightest talent are the organisations we want to be partnering with.
When you're in the market, ask potential cyber security partners about:
- their culture
- team member retention and engagement rates
- remuneration policies
- how they onboard, support and develop their teams, and
- their inclusion and diversity strategies.
If the partner has a highly engaged workforce, then your organisation will inevitably benefit through their proactivity in unlocking value in the tools/services provided; responsiveness to alerts and changes in the threat environment; curiosity to dig deeper when there is an anomaly in your environment.
Partner with security providers who bring the right mindset and skillset to your business; they should be a 'culture add' and proactive partner.
(2) Global perspective, local presence
Today, digital business and cyber threats transcend geographical boundaries. Your organisation must maintain both a national and global perspective on events, trends, regulation, and, most importantly, learning from the experiences others.
Cyber security partners can play a critical role in helping organisations to keep their finger on the pulse when it comes to cyber threats and better practice. Some questions to pose when engaging with potential partners include:
- How does your organisation contribute to the cyber security sector, nationally and globally?
- How can your customers best leverage and benefit from your organisation's cyber expertise?
- What are some of the key trends you're seeing in cyber security that are of most relevance to my business/sector?
- What kind of insights and metrics can I expect you to bring to our organisation?
Organisations can become quite deep and insular - particularly with all of the competing demands for your attention, time and focus. Cyber is but one of many critical priorities for any business today. Cyber security providers who are a genuine participant in the cyber sector and who live and breathe cyber each and every day, can play a key role in surfacing the insights and learnings that matter most to you and your business - helping you to elevate the important and urgent.
(3) Experts at communicating 'the why'
Gone are the days when Boards and CEOs were willing to write a blank cheque for multi-year cyber security programs out of pure fear, without understanding quite specifically how this investment will move the dial on (or maintain) the organisation's cyber risk profile and build resilience.
Generally, 'the why' will centre around cyber risk reduction and crown jewels protection, but how do we make this tangible? How can we help Boards and CEOs make sense of this, supporting them to perform their duties? Security leaders must articulate the benefits of a cyber security program and all the contributing activities in a manner that can be comprehended by all decision-makers.
If you are in the early stages of your cyber journey, leverage your security partners to help you to construct your value narrative...'the why' for engaging a cyber security service / capability.
A final word...
All cyber security providers are not created equally. I would encourage you to support your teams in their technical due diligence - and once that hurdle has been cleared - spend some time learning more about the provider's cultural DNA and partnership potential. If, or more likely, when your organisation is facing a cyber-attack, you want to be surrounded by cyber security partners who know your business and, most importantly, have your back.
Have a comment? Join the conversation on LinkedIn