We are in preparation for an executive forum called The Great Conversation in Security.
I participate in many forums, but this one is special. It is the culmination of conversations we have had throughout the year, and those conversations seem to be taking on a level of urgency we have not seen in quite some time.
Here are some of the “front of mind” issues that senior security executives and the vendor ecosystem (consultants, integrators and technology providers) are wrestling with:
- What is the framework and discipline that can help us assess and manage threats to our organizations?
- What is the methodology and evaluation scorecard I can use to assess, manage and sustain the defense of my security applications and devices on my network?
- How do I assess if and when I use a third-party provider for the following:
- Managing and maintaining my access control and video systems;
- Monitoring my facilities;
- Monitoring the health and performance of my network devices;
- Managing and maintaining the cyber defensibility of my network devices;
- Hosting my critical security applications like access control and video?
- How do I vet the viability of my technology providers: their business, their leadership and their ability to execute to my needs?
- How do I stay abreast of rapidly changing technology that can change the way I manage and measure my security program today?
- How do I provide predictive threat analysis by leveraging the wisdom of my people?
- How do I construct a business intelligence platform for security?
- How should I lay the foundation for machine learning and artificial intelligence? Or should I?
- How do I move from intercom to intelligent communications to increase my ability to respond to any incident or to improve business operations?
- Why is creating a security culture with your employees critical to the success of my security program?
Why do we need a great conversation with the entire ecosystem? Because the questions answered through the unique perspective of each consultant, integrator and technology vendor can begin to shape a security executive’s path to value.
We are taking this as a challenge ourselves. For example, we know that Managed Services will require the next generation integrator to leverage subject matter experts (SME) in Enterprise Security Risk Management to understand the “Why” – that is, the business process and measures of performance that are the foundation of a security program. This should be supported by SME in business analytics and information technology to support this effort. Finally, they will need access to a business operations center (a business oriented SOC or NOC) to provide 24/7 support. Are these insights valuable? Are they worthy of a conversation?
We also know that cybersecurity of a physical security infrastructure will require SME in standards and measures of performance that many integrators will not be able to invest in, as well as an advanced capability and business process to deploy and sustain the cybersecurity program over time. Are we ready for this conversation?
By the time I write my next column, I will be able to provide you some of the insights we gather from this forum.
Editor’s note: The Great Conversation in Security is March 5 & 6 on the waterfront in Seattle. Security Magazine is a sponsor. Register here: www.the-great-conversation.com/