Our Security Strategy leverages every part of your organization to strengthen the whole.
Security is not a bolt-on accessory to your company, but part of creating and protecting its value. Our vision of security extends to all parts of your organization so that every piece supports the whole. You get better participation, buy-in, value, and results.
Our strategy has eight parts that work together. They’re not steps: they can be pursued in parallel, and you may already have some of these components already. Our vision is to strengthen each piece individually, set up its relationship with the rest of the organization, and connect the parts into a whole.
Part 1: Get a real risk assessment
Our process takes you from the infinite possibility of threat to the real-world likelihood of risk. You get a roadmap that doesn’t just guide you, but helps you communicate with the rest of the organization and explain your decisions. We reduce the noise so you have more confidence in the security choices you have to make.
Part 2: Harden your systems
Our threat-based risk assessment shows you the systems that are critical to your company’s value and that are targets for capable and motivated adversaries. We work with you to assess whether the security tools you have are properly configured and utilized to address the threats you face. If you need more, we suggest additional tools to help you. Our goal is to make the most of your existing security investment and make every additional security dollar count.
Part 3: Harden your people
Some say that people are your greatest security liability. We believe that when you equip and inform people, they become your strongest security resource. Give your people the context and training they need to understand the threat landscape and their role in your security, and they become your eyes and ears. Give them the tools to help recognize and respond to security threats, and they become a resource. We help with training and information that transforms your workforce into a security force.
Part 4: Block targeting
Before you are attacked, you are targeted. As former U.S. Intelligence officers, we studied national security targets to find human and technical vulnerabilities, and we use the same analytic process and operational thinking to help you improve your security. Our Targeting Studies show you how an adversary can profile your organization and people from the outside, making his attack more effective. We suggest ways to reduce the information leaks you can control and how to embrace the leaks you can’t.
Part 5: Work with your supply chain
These days, their security is your security. We help you strengthen your security relationship with your trusted supply chain partners. If a supplier is in a risky environment, we show you ways to protect yourself while still maintaining your business relationship. We help with market entry strategy, security plans, and contract reviews to make your supply chain as secure as possible.
Part 6: Develop industry awareness
Predators divide the herd into individuals. If you don’t stick together with your peers and use every defensive resource in your environment, you risk being picked off. We facilitate industry exchanges with discussions, seminars, and topical presentations. We can help you get more from your government liaison relationships by asking the right questions and understanding the roles (and limitations) of each agency. Isolation breeds ignorance, and ignorance sets you up to be compromised!
Part 7: Develop adversary awareness
Your threat landscape is constantly evolving: as your security improves, your adversaries have to work harder to penetrate you. We track your adversaries for you and keep you updated on their new capabilities so you can prepare for what’s next.
Part 8: Learn from what is happening to you
Every security incident has a silver lining: you can improve your security if you learn from these events. Our idea of incident response covers past, present, and future: what happened to enable the incident, what the true extent of the incident is now, and what the adversary will try next.