Cybersecurity teams are overloaded on multiple fronts with an ever-increasing pressure to keep up with the threats and vulnerabilities they face from threat actors. However, despite that pressure, the resources a cybersecurity team requires can often be hard to find — whether it’s a specific set of talents, a larger security team to handle responsibilities or just retaining the right personnel and tools. Of course, simply managing the department is a large task in and of itself.
Often, the solution can be to find a partner or outsource some of a cybersecurity department’s responsibilities. But how to find the right partner for you or even determine which tasks and duties are outsourced can be difficult. To better understand this process, we spoke to Mark Whitehead, Global VP of SpiderLabs Consulting at Trustwave.
What is your long-term cybersecurity plan?
Before making a decision on whether to seek a partner or how to go about doing so, Whitehead recommends taking a step back and looking at the long-term perspective. “What’s the overall company’s long-term commitment? Most organizations tend to have varying levels of support for how much investment they want to make to a security department.” This should help you set and manage expectations for your own department.
You should develop your department’s long-term strategy based on this and that’s when you can identify what you can work on in-house and what you can let an external partner handle. A security leader should make these considerations as a problem solved by a function of time and cost. What can you effectively build out in a year’s period? What does your team make-up look like? Do you have the resources and time and buy-in from the rest of the organization?
“As you look at roadmaps and spend”, Whitehead says, “you’re putting in place people or services and doling out responsibilities.” This process also helps you keep proactive. You’re much better off resource-planning proactively rather than doing so as a reaction to a breach scenario and responding to pressure from the board.
Finding the right partner to work with
The vendor and partner marketplace has shifted and most organizations work with partners as part of a hybrid approach rather than an all-or-nothing form of outsourcing cybersecurity responsibilities. When trying to find the right partner, Mark has some suggestions for security leaders.
Be clear about nomenclature
“How vendors talk about their products and features varies”, Mark says, “and that can be confusing for people who are focusing on the end-result only and aren’t getting the details on how a company is achieving the end-result.” Make sure what they say they’re offering is aligned to your own internal taxonomy. You don’t want to find out you’ve been using the same term for different outcomes after the contract has been signed.
Know the relationship you want (and can handle)
Knowing what you want and how you want it is key, according to Mark. Do you need 24/7 support? How many status calls will you have a quarter? A month? Knowing whether the provider can deliver on these expectations and knowing that your organization is capable of working with them in that way is also important.
Don’t wait until a breach happens
“Don’t make the first engagement happen after you’ve already been breached,” Mark added. It’s harder for a partner to work with your organization if your only touchpoint is after a breach occurs. In those cases, the pressure is extremely high, and it often doesn’t end well for the partner or the organization because a lot of time is spent doing preliminary work that could’ve been done in prior calls and engagements.
Consider testing a partner out first
Mark recommends taking the vendors out for a “test-drive” with one of their offerings before fully committing to a larger partnership. Whether it’s a pentest, an external investigation, conducting red or purple team testing, it’s important to know how they work with your organization, if their communication aligns with what you’re looking for in a partner, and if the overall teamwork is conducted well. If you do end up partnering with them, having this knowledge will pay off come crisis mode.
Simplification is key
The reason to consider a partner to augment your existing cybersecurity team is to simplify things for your team. Mark has seen cases where an organization is filled to the brim with tools and solutions that have been bought or brought in as a knee-jerk reaction. But without a roadmap or strategy, all these tools are only adding to your complexity and slowing you down against criminal hackers.
Working with a partner will help you build out a strategy and roadmap six or twelve months down the line that will alleviate your organization’s pain points and help it run more efficiently and effectively. It will also help you have a reactive and proactive team allowing you to solve problems and issues as they come while building out a more strategic 12, 18, or 24-month vision.
With no proactivity, you’re falling into a classic CISO trap of just putting out fires and playing whack-a-mole. Instead, invest the time to plan out your department’s strategy for the year and beyond, building out your vision knowing you’ll find yourself working with an external partner. Identifying exactly what your team will need will make your search for the right partner much more efficient and help you find one that will work with your department to bring cybersecurity success to your organization.