Cyber Magazine March 2022 | Page 22

FIVE MINUTES WITH ...
effectively trapped . The hoops they must jump through to bring in new technology can become mind boggling . I know of one example where a global organisation had to wait 8 months for a simple security update on Active Directory , of course at a high change fee due to it being ‘ Out of Scope ’ .
There ’ s too much theoretical consultancy speak and not enough true operators that have worked at a front-line level to help and assist these organisations . It still amazes me how much money is pumped into consultancies to write a report for them , with very little operational payback . It allows you to tick a box to say you have a report from one of the big organisations , but when you ask the CISOs and CSOs , the true operators , they get very little value from that .
What is genuinely helpful for these individuals is to give them access to people who ’ ve already done what the organisation wants to do , not only to guide them but also help them avoid going down the wrong path as it is highly likely they have experienced multiple instances in their respective

“ WHEN IT COMES TO INNOVATION , I PASSIONATELY BELIEVE THAT WE ARE NOT GETTING NEW SOLUTIONS TO THE FRONT LINE QUICK ENOUGH ”

positions and organisations globally . Time is money after all .
There ’ s a lot of people that have that experience , but collating that and putting it in one place is rare .
Q . WHO HAS THE RIGHT TO ADVISE THEM ?

» It goes without saying that the big consultancy firms have incredible cyber security experts . They wouldn ’ t be where they are today without it . However , these folks are generally placed into ‘ red teams ’ putting out fires in response to incidents , rather than getting involved in the operational or strategic challenges these organisations require . It is using them in a reactive way , rather than proactive .

22 March 2022