How to Choose the BestSecurity Partner to Maximize Team Value

Rex Tolman, CISO, Sr. Director Enterprise Security, Kforce

Rex Tolman, CISO, Sr. Director Enterprise Security, Kforce

The mission of my security operations center (SOC) team is to protect our company’s ability to generate revenue and profit and to fulfill the firm’s overall mission. This is a strategic goal. It doesn’t speak to the number of threats or intrusion attempts we respond to each day, but instead focuses on business outcomes. Our managed security service provider (MSSP) is fundamental to us fulfilling that mission by providing the full-time support needed to maintain our risk posture while freeing up more personnel for value-add activities. As a long-term relationship, a MSSP can become an essential part of your security roadmap and strategy. However not all MSSPs are created equal, and it’s essential to find the right fit before enlisting a partner.

Set strategy and objectives within your SOC

Ideally, your MSSP will act as an extension of your overall SOC, so it’s important to start by pinpointing your areas of strength and weakness. As you consider this journey, be honest with yourself about what capabilities you have within your team. We found that our most immediate need was 24/7/365 monitoring as our first level of security response for identifying alerts, running initial investigations and opening tickets for us to resolve anomalies. Our SOC would have required a minimum of four to five people doing nothing but that job to achieve the same results, which would take resources away from higher value-add activities and our ultimate strategic goals.

Bring your team along with you during the process by communicating that their jobs aren’t being outsourced, but instead they will be part of a more dynamic group with a focus on adding value.Then discuss your gaps and activities that do not contribute to a more secure risk posture or competitive advantage. If it’s not a strategic advantage for you to do it within the firm, then outsourcing those activities will likely be more efficient and cost effective.

Socialize requirements with internal stakeholders

Before choosing a partner, talk with your internal stakeholders to socialize the concept of working with a MSSP. A common barrier to the process is a lack of trust in sharing security activities externally. By making leaders throughout the organization part of the conversation, they may realize they share in the benefits and become an advocate for the program. You’ll also want to bring in your procurement team early to help with the process and define contractual requirements that set the partnership up for success.

“MSSPs can provide many different services to help your SOC become a more value-add group if you can strategically choose the right partner and services”

Finally, ask your network for their experience. What has gone well with their MSSP? What do they wish they had done differently? This can help weed out potential partners that are not a fit for your organization’s size, industry or culture.

Find a partner with proven expertise

Even if it’s a relatively new or startup MSSP, make sure their services extend beyond day-to-day tasks to include thought leadership and expertise. Ask about the background of their leadership team and look for whether they are conducting their own threat research. It’s important to know that they have a powerful supporting cast of experts to provide additional intelligence.

There may also be cases where you need a provider with more niche knowledge. For example, a banking firm with regulatory requirements like PCI needs to find a MSSP with clear abilities in that area. Outside of your firm requirements, you’ll want to consider the requirements of your clients. At Kforce, we have specific security requirements we must fulfill to meet client requirements—our MSSP is a key part of that compliance.

Start with only the services you need today

The most common obstacle to enlisting a security partner is cost, and it’s important to remember that one size does not fit all. MSSPs often offer a large suite of services that can quickly become expensive if you try to leverage all of them at once. Make sure you stick to your list of immediate needs up front and allow the relationship to mature before adding to the scope of work.

A MSSP is a long-term investment that will grow in efficiency over time as resources get up to speed and gain meaningful data for increased confidence responding to malicious activity. The MSSP our firm uses was relatively small at the time we initially partnered, but this worked in our favor because as our systems have matured and grown, so have they. They are now one of the leading MSSPs with a global footprint.

Set expectations for the ongoing relationship

To provide communication and transparency throughout the relationship, find a MSSP that will commit to key performance indicators (KPIs) and consistent reporting. This will allow for regular reviews to openly discuss where the team is performing well and where there’s room for improvement. It’s also helpful if they offer a maturity rating as a continuous barometer of how effective their services are over time.

Our SOC is fortunate to have a great partnership with our MSSP.We have a dedicated representative on each side who are in frequent communication with each other. From our first onboarding, the MSSP CEO even made it clear that they were only a phone call away in the event of a security emergency. It has truly become an extension of our own SOC.

The bottom line is MSSPs can provide many different services to help your SOC become a more value-add group if you can strategically choose the right partner and services. Find your sweet spot to ensure you are not overspending and underutilizing their services and it will lay a strong foundation for you to build on as you continue to mature your cybersecurity program.

Read Also

Intentionality Is The Key To Increasing Diversity In Information Technology

Intentionality Is The Key To Increasing Diversity In Information...

Rosemarie Lee, Vice President and Chief Information Security Officer at BlueCross BlueShield of Tennessee
Dear CIO, You Must Support The CISO: It's For Your Own Good

Dear CIO, You Must Support The CISO: It's For Your Own Good

Christos Syngelakis, Group CISO, MOTOR OIL [MOH: GA]
Ensuring Cyber Security through Cloud technologies

Ensuring Cyber Security through Cloud technologies

Eric McKinney, Enterprise Infrastructure Director, G & J Pepsi-Cola Bottlers