Having held senior strategy, architecture and security roles for the last 10 years our CTO Adam Gwinnett has witnessed first-hand trends in recruitment, outsourcing, tooling and implementation shift as organisational priorities and commercial strategies have changed. In a trend that started with Cloud infrastructure, Hybrid models are becoming the norm for enterprises or those companies in highly regulated or compliant sectors. This is coupled with a move from classic client/provider relationships into a greater focus on strategic partnering, with relationships offering mutual benefits to each party rather than focusing purely on strictly contracted outcomes.
Cyber Security roles are in high demand with companies in a wide array of industries struggling to attract, recruit and retain sufficient capacity within their teams to address the ever-increasing demands that modern digital systems face. Motivated and capable threat actor groups (typically classified as Advanced Persistent Threats or APTs) typically have industries or sectors that they focus on, maximising the opportunities for them to re-use intelligence and context from attacks with related companies that are likely to have some commonality of technologies. The context of these industries is often seen as key and so companies frequently try to hire resources with experience in that sector, meaning that they are often competing for the same resources.
Tooling and Challenges
Automation is helping with some of this pressure as can be seen in the rapid expansion of the Security Orchestration, Automation and Response (SOAR) market and with increasing marketing focus being given to native automation capabilities in wider tooling (SIEM, NDR, firewalls etc). This can help manage the demand growth aspect, but your automations and playbooks are only as advanced as the threat intelligence and the experience of the analysts and engineers writing them. If you’re struggling to hire and hang onto those people, then this isn’t necessarily going to be great news for you.
With this ongoing pressure outsourcing options are rapidly becoming prevalent again in numerous sectors with companies seeking to offset some of their risk and accelerate their own maturity through leveraging relationships with strategic partners.
CSaaS Benefits & Approach
Cyber Security as a Service (CSaaS) is increasingly forming part of companies management plans for dealing with this pressure. Leveraging a mature industry partner has numerous benefits to an organisation:
- Capacity – Access to a pool of skilled resources 24/7, easing recruitment and shift management pressures.
- Specialism – Tooling expertise, additional protective technologies and threat intelligence without the need to conduct multiple additional procurements directly, allowing rapid improvements to existing investments. Partners can be selected based on their experience with your existing stack.
- Sector diversity – whilst your industry sector no doubt has context and challenges that are unique to it, Organised Criminal Gangs and opportunistic attackers move between industry sectors. On top of this the most common attack types seen in all industries have commonalities meaning that any experienced resources are likely to be able to add value to your environment rapidly.
Increasingly the favoured commercial model for this is a Hybrid structure, with partner resources working directly alongside internal teams, viewing the same dashboards and splitting activities between them. This allows the client organisation to act as an intelligent customer by retaining a pool of resources that understand the job at hand whilst relieving a large proportion of the demand overhead, allowing teams the space to focus on improving their automations, threat hunting and other higher value-add tasks which can also lead to higher job satisfaction. The ability to share administrative load with the partner can also free up capacity for internal teams to conduct supplier assurance activities and handle internal investigations as needed without the fear that they are “taking their eye off the ball” as alerts continue to mount up. A good partnership can offer the best of both worlds.
Written by Adam Gwinnett, CTO of Nine23
Adam Gwinnett is the Chief Technology Officer for Nine23Ltd and heads their cyber security advisory service as well as acting as service owner for their CSaaS offering amongst other functions. Having held senior strategy, architecture and security roles for the last 10 years Adam has witnessed first-hand trends in recruitment, outsourcing, tooling and implementation shift as organisational priorities and commercial strategies have changed.
Nine23 are your trusted partner, we are here to help you from start to finish and it is our mission to deliver complete, secure IT solutions to enable the end-users in today’s workplace.
We have consistently achieved the highest levels of accreditation (ISO 9001, 27001, ISO/IEC 20000) from national bodies to provide confidence that the systems we develop can be used at highly classified levels of cyber security (OFFICIAL-Sensitive or Sensitive).
To start your Cyber Security journey with us please fill in the contact form or call us on 023 8202 0300.