While recently attending a seminar for security professionals at the University of Pennsylvania Wharton School, I happened upon “Benjamin Franklin's Way,“ a newly constructed campus walkway incorporating a collection of granite pavers with selected maxims from the famous founding father. While walking along I noticed the following quote: “Distrust and Caution are the Parents of Security – 1733.“ Although computers did not exist in Franklin's era, his words bear witness that concerns over security transcend time and his advice applies equally well today. In 2010, our adversaries include malicious hackers and state-sponsored cyber terrorists who routinely target U.S. critical cyber infrastructure in an attempt to steal, alter and destroy vital government data. The likely theater for global warfare in the 21st century will not be on land, sea or air, but in cyberspace. The threat of cyber warfare is real and pervasive, threatening the stability of both government and commercial institutions. While our federal government moves forward in taking steps to secure cyberspace, as federal contractors there are some core principles that we can observe in the coming decade to guide us in serving the needs of our clients in accomplishing their cyber security missions.
Building Trust-Based Relationships
While distrust and caution may be the parents of security, the best way to serve clients is by establishing a firm foundation of trust early on. Demonstrating competence by delivering sound advice and cyber security solutions is a key requirement toward developing your client's confidence in your firm's abilities. As the cyber security industry matures, there are more options for federal CISOs and other cyber security executives to choose from when selecting cyber consulting expertise. Why should a potential client retain you to help them safeguard their critical cyber assets? Highly-qualified personnel, solid past performance, and corporate stability are often good indicators of quality firms. In this time of tight budgets and constrained resources, federal security executives need to know that the contractors they hire are able to deliver value on multiple levels. Deep knowledge in multiple areas of cyber security, coupled with proven expertise in strategic thinking as well as tactical execution, are the characteristics of today's successful cyber security consultant.
A Holistic View of Cyber Security
Because cyber security is about more than just technology, professionals who are adept at envisioning and communicating a big-picture view of cyber security ““ as opposed to the traditional narrow-focused, technical perspective ““ will fare better in communicating with C-level federal executives. Managers who are able to understand stakeholder perspectives and skillfully construct a clear business case for cyber security expenditures will experience better results in meeting their goals. Mandates to ensure openness and transparency in government systems have placed increased expectations on cyber security managers across the government space. A more flexible, adaptive approach to cyber security will be needed in the years to come as we face increased demand to support new services and applications that will force us to challenge closely held beliefs about what is acceptable. As technology advances, our jobs will become more complicated, and we must retool and retrain on a frequent basis to better meet that challenge.
One Size Does Not Fit All
Some consulting firms attempt to leverage existing solutions and products developed for a single client across multiple agencies, but this approach usually fails in the cyber security arena. Anyone who has supported cyber security programs at multiple agencies understands that while some commonalities do exist across the federal cyber security space, the needs and requirements of each agency are as diverse as their departmental missions. Moreover, many agencies are themselves comprised of component entities with extremely diverse missions, further challenging the efficacy of a boilerplate approach to cyber security within individual agencies. Successful consultants make the effort to get to know their individual client and work to understand their unique needs and requirements as well as the context and constraints that the client is operating under. Tailoring solutions to meet the unique needs of each client is critical to success.
Walking the Talk
The concept of “eating one's own dog food“ applies to all businesses, but especially to the cyber security consulting business. Many firms fail to exercise due diligence in protecting their critical business and information assets, leaving their data and systems vulnerable to compromise. Moreover, when contractor firms store, process, or transmit government data on their systems, they have a special duty to ensure that these systems are protected. Adequate policies, procedures, and safeguards must be in place and continuously monitored. Regardless of the size of the firm, appropriate and cost-effective measures can be taken to ensure the security of vital data.
Albert Lewis is Vice President and Chief Security Officer (CSO) for Edgewater Federal Solutions, Inc., a premier provider of IT and cyber security consulting services to federal government organizations. For more information, please contact Al at: [email protected] or visit www.EdgewaterIT.com.