Magnifying Cyber Resources

When it comes to leveraging your cyber resources it is important not to forget the technology, however, the key point to make here is do not simply continue to do what you have always done. That can just lead to “busy work” and essentially you can’t solve all the problems in security just by employing technology, no matter how state of the art it is.

The security field is one that is ripe for greater adoption of technology tools to magnify the abilities of security teams – an obvious starting point is EventTracker’s website, which offers to process hundreds of millions of discrete log messages to deliver vital and actionable information. Organisations such as this claim to enable businesses to identify and address security risks, improve IT security, and maintain regulatory compliance requirements with simplified audit functionality.

Under use of technology solutions, or doing what you’ve always done can lead to work that keeps a person busy but has little value in itself, for example people used to run a disk defrag on a regular basis, now technology has evolved so that the computer operating system takes care of this for us.

It’s important to recognise that resourcing is a spectrum. There are many tools in the tool box so the art is to make sure you use the right ones.

FLEXIBILITY IS KEY

Organisations need flexibility in their operations. Flexibility to plan, but also to react as situations change, if you only consider one tool in the toolbox then you’re limiting your flexibility and ability to get the job done effectively and efficiently. The old saying: When you have a hammer everything looks like a nail, is still very true today.

The resourcing toolbox includes (in descending order of flexibility):

• Full Time Employee
• Part Time Employee
• Consulting / Interim
• Co-Sourced Service

Full Time Employees and Part Time Employees

Full Time Employees and Part Time Employees are good for maintaining appropriate in-house resource for core competencies, maintaining a key level of knowledge and understanding and for managing and ensuring organisational responsibility for the functions, be they in-house or provided by a third party.

Consulting & Interim

Consulting and Interim resources are good for specific pieces of work or projects that need to be undertaken, those with a clearly defined deliverable are my personal preference. Interim resources are particularly useful where you know the resource in question. Consulting resources are particularly useful in not only increasing team bandwidth, but also because they bring often vital external knowledge, experience and expertise.

Outsourcing

Out-sourcing is particularly good for (non-core) functions where there is a specific function to be performed. Good contract negotiations and vendor management is key to maintaining a good relationship, whilst realising the business case for entering into outsourcing.

Co-sourcing

Co-Sourcing allows a greater flexibility than the other options whilst offering many of the benefits of consulting resources. Co-sourcing differs from out-sourcing in that you will look for a partner to work more closely with your teams, augmenting their bandwidth and capabilities.

Co-sourcing is the way to go. It provides organisations with greater flexibility, better cost control and access to a greater breadth of knowledge and resources than any of the other models whether that is hiring full time or part time employees or even the consulting model for doing specific pieces of working. The co-sourcing model, however, is about getting close to an organisation working closely with existing employees supplementing and magnifying their capabilities.

Whereas a consulting arrangement might look at a specific project that can be benchmarked – saying the introduction of new software in a business – co-sourcing arrangement might seek to keep a company secure over a two-year period and evolves working with the existing team. Co-sourcing partners seek to augment existing capability and bandwidth.