Building a Security Program for Success

At one point or another, if you’ve been in cybersecurity long enough, you’ve experienced the pain of trying to build a complete cybersecurity program. Professional engineers are brought in to evaluate current tools, penetration testers to probe controls, and analysts to examine compliance and regulations. After weeks of conversations and testing, each team comes back with individual reports of technical details that need to be compiled into a single report to present to the budget-holders to justify the new spend. This entire process can take months, and in the end, there’s no guarantee that the budget will be approved for the most essential improvements. Then, a year or two later, it’s time to do it all again.

For decades this has been the pattern, and the result is a cybersecurity program that’s really a program in name only. Disconnected, siloed tools and disjointed teams slow down security processes and leave a cascading series of gaps and inefficiencies. Point-in-time snapshots and reports make it difficult to ascertain the true maturity of the program and remediate problems. Rotating teams of professional consultants have no connection to the teams that came before them, making it difficult to determine if the problems identified previously have actually been fixed, or just patched with short-term fixes.   

Over the course of over 25 years in the cybersecurity field, I’ve worked in many different security environments, including the U.S. Army electronic warfare operations, cellular communications backbone and validation services, and Internet Service Provider and web hosting services. Each of these environments was unique, and in each, I was working with customers, trying to understand the impact security had on their organizations. When web hosting had a turndown, I decided it was time to do something new. Reflecting on my career so far, I realized what I enjoyed most was working with my clients and finding solutions to protect their business, so I decided to go back to doing cybersecurity consulting. Over the next sixteen years, I held a dual role as both CISO of an organization and Vice President of Cybersecurity for their consulting team, and I worked with clients to understand the cybersecurity challenges they faced in their environments. This gave me an inside and outside viewpoint on cybersecurity and gave me an in-depth perspective on the challenges of building mature cybersecurity programs. 

I recall meeting with a customer as they explained to me that they received 11 different PDF reports for all the services that were performed by their various security partners. My customer explained that he thought he had paid to have these organizations provide the risk remediation plan and asked, “How do I take all the data from 11 PDFs and identify the top risks to our organization?”  He never realized that it would be his responsibility to read and understand 11 highly technical PDFs and have to make the risk decisions off of these documents.  When he looked at the data, he wasn’t sure what to do with the results of the findings, and I found that this was common for many companies that I met. I realized that we needed a solution that could take all the data from all our testing and consolidate the results to help cybersecurity teams make better risk decisions.  

From the beginning, GuidePoint Security has always been focused on delivering comprehensive services through our team of world-class cybersecurity experts. When I joined, I brought my vision for a completely unified cybersecurity program service, and today we’re proud to announce the newest service from GuidePoint Security: GPVUE. With GPVUE, we are taking all of our existing, industry-leading services and solutions and using them to develop holistic, customized programs that address our clients’ unique cybersecurity challenges. Every GPVUE engagement starts with a consultation to determine which services would best fit an organization’s needs, from which we develop a fully-bespoke roadmap that prioritizes the most important improvements to mature the cybersecurity program. Through ongoing testing and validation, GPVUE ensures each organization’s cybersecurity program is always operating at peak performance, and because every aspect of the program is managed through GuidePoint’s expert team, the entire GPVUE program will grow with the client’s maturity.

If you’ve struggled with creating and managing a complete cybersecurity program, my team and I are ready to help you improve your security posture and build a world-class program today. To learn more about how we can help you accelerate your cybersecurity maturity and enhance your capabilities, please contact us. We look forward to working with you.