Business Challenge

How to Target the Right Cybersecurity Services for your Consulting firm

Over the last several years, I have been asked to lead or coach a business seeking to develop cybersecurity-managed services to extend its consulting and/or cybersecurity consulting practice. These firms include the largest of firms, such as EY, through regional MSPs serving SMB clients. Finding the right mix of cybersecurity services can be challenging, as it depends on a variety of factors, such as the size and complexity of the organization, the nature of the data being handled, its regulatory requirements, and the level of cybersecurity maturity that you are seeking to achieve based on your unique requirements, threats, and vulnerabilities. Based on my experience, I wanted to share some initial thoughts on how to frame the problem and begin to develop the right mix of cybersecurity services for your target group of clients. The complexity of this review changes significantly between large enterprises and SMBs but at a high level, the major categories remain the same.

  1. Assess your client’s needs: The first step is to assess the organization’s needs for cybersecurity services. This can involve identifying the assets that need to be protected, the potential threats and vulnerabilities, and the risks associated with each. Often best practice is to

  2. Determine your client’s current and stretch budget: All Cybersecurity needs to fit into an approachable and prioritized budget, and choices will have to be made based on the unique and changing risk score of the organization. Once the organization’s cybersecurity needs have been identified, the next step is to determine the budget available for these services. This will help to prioritize which services are most critical and feasible to implement.

  3. Identify potential 3rd party cybersecurity solutions: Based on the needs assessment and budget, the organization can identify potential cybersecurity solutions, such as firewalls, intrusion detection and prevention systems, endpoint protection, vulnerability scanning, and security information and event management (SIEM) systems.

  4. Consider outsourcing options: Depending on the organization’s budget and expertise, it may be more cost-effective to outsource some or all of its cybersecurity services. Outsourcing options can include managed security service providers (MSSPs), security operations centers (SOCs), and consulting firms.

  5. Determine the right mix: Once potential solutions have been identified, the organization can determine the right mix of cybersecurity services to implement. This will depend on factors such as the budget, the organization’s internal resources and expertise, and the level of risk associated with each asset or system.

  6. Continuously monitor and adjust: Cybersecurity threats and vulnerabilities are constantly evolving, so it’s important to continuously monitor the effectiveness of cybersecurity services and adjust them as needed.

Developing the right mix of cybersecurity services for your clients requires a thorough understanding of their needs, budget constraints, and potential solutions. By following the steps we outline above and leveraging reputable third-party sources, such as NIST, Gartner, Forrester, and CIS, you can establish a comprehensive cybersecurity strategy that addresses your client’s unique requirements and significantly improve their cybersecurity posture. And as always, continuously evaluate and reassess the vendors and capabilities required to support your clients, as new threats and vulnerabilities can change the mix of services required at any point. If you want to talk about this more and how our team can help you think through these issues, please reach out to me or anyone on our team. My email is included below.

 

Ben Trowbridge

Recent Posts

  • Business Challenge
  • Contract
  • Function
  • Governance
  • IT Applications
  • IT Infrastructure & Applications
  • Multisourcing
  • Service Level Agreement (SLA)
  • Time to Market
  • Transition
  • Vendor Management

The Meat and Potatoes of Multi-Vendors

While the glamorous multi-vendor deals are the ones garnering most of the attention in outsourcing,…

26 years ago
  • Contract
  • Function
  • Governance
  • IT Applications
  • Multisourcing
  • Procurement
  • Service Level Agreement (SLA)
  • Vendor Management

Teaming: Making Multi-Vendor Relationships Work

Since the late 1980's, outsourcing vendors have relied on subcontractors to perform part of the…

26 years ago
  • Business Challenge
  • Communication
  • Contract
  • Energy & Utilities
  • Financial Services & Insurance
  • Governance
  • Industry
  • Manufacturing
  • Time to Market
  • Vendor Management

Lateral Leadership For Organizations That Are Outsourcing

American firms continue their rapid expansion of service and product outsourcing. Companies signed major new…

26 years ago
  • Business Challenge
  • Communication
  • Contract
  • Financial Services & Insurance
  • Governance
  • Healthcare
  • Industry
  • Manufacturing
  • Pricing
  • Service Level Agreement (SLA)
  • Time to Market
  • Vendor Management

The Many Sides of a Re-Do

Outsourcing's maturation as an industry has created a substantial body of experience in 'renegotiating' and…

26 years ago
  • Business Challenge
  • Contract
  • Cost Reduction & Avoidance
  • CPG/Retail
  • Financial Services & Insurance
  • Government
  • Industry
  • Pricing
  • Risk-Reward
  • Service Level Agreement (SLA)
  • Time to Market
  • Transition
  • Vendor Management

EURO: Ready or Not, Here It Comes

On January 1, 1999, eleven member countries of the European Union (EU) will adopt the…

26 years ago
  • Business Challenge
  • Cost Reduction & Avoidance
  • Financial Services & Insurance
  • Function
  • Global Service Delivery
  • Industry
  • IT Applications
  • Manufacturing
  • Procurement

The Rise of Global Business Process Outsourcing

Business Process Outsourcing (BPO) is paving the way for leading companies to compete globally and…

26 years ago