In episode 59 of The Cyber5, we are joined by active security compliance practitioner, Dylan McKnight.

We discuss the business of security. We unpacked how security can be effective at driving profitability and not just be a cost center toward an organization. We discuss how compliance measures can drive meaningful metrics around profitability and avoiding breaches. And finally, we talk about where threat intelligence provides the proper risk-based approach for security teams in this process.

Five Key Takeaways:

1) Making “Security” Be Seen as More than Just a “Cost Center”

Prioritize external-facing business leaders and help them to become security stakeholders. Give Sales, Customer Success, and Marketing a reason to care about security. In the technology space it’s important to understand how your organization makes money. You must embed security practices into the contracts to ensure your organization is being a good steward of each department’s data. Third party risk management processes are an example of how this shows up in the everyday.

In the pre-close world, work with the sales team to ensure security functions are assisting to close deals faster. As a communicator, you must also improve customer relationships through privacy programs and a good incident notification policy after the sale.

You must still maintain key relationships with necessary internal stakeholders such as:

• Internal auditors who will answer to regulators (SOC2, ISO Cert, etc)
• Engineering team with product development cycle
• Legal and HR

2) Security Roadmap is Critical with Limited Resources

It’s critical for security practitioners to understand that the vortex of power within technology teams is centered around sales and product engineering teams. Security practitioners lament that they don’t get enough time in front of internal decision makers, that’s why they need to embed themselves in the sales cycle. Critical security functions like identity and access management (IAM) and file integrity monitoring are two examples of having value, but are time intensive and don’t necessarily improve the bottom line unless they are part of customer contracts.

However, privacy requirements are becoming critical to engineering and sales teams and a security program should be adapted to meet those needs first.

3) Developing the GTM-focused Security Playbooks that Scale with the Business Growth

Risk assessments for what could cause the most business loss are important to start, backed by standards and controls that align to this potential loss.

“Move fast and break things” could have monetary losses in security, so it’s important to go to quarterly business reviews with the sales team and understand the pain points in the sales process. Security should exist to make sales move through the process quicker and then by illuminating potential risk.

4) Compliance is Important for Maintaining Customers

It’s cheaper to keep existing customers than gain new customers. To keep existing customers, trust becomes a critical aspect. Transparency around security controls and incident notification with your customers can go a long way to keeping them satisfied during renewals.

Compliance standards that meet these transparency requirements are beneficial for building trust with customers including the right levels of monitoring of cloud infrastructure and managed detection and response. It’s important to understand how all the different teams use data in the environment and protect what really matters, which in technology companies is usually the “least privilege” permissions around the production environment.

5) The Role of Threat Intelligence in Risk Assessments

Risk-based approaches are always a good starting point. Threat intelligence should be geared to focusing on who, how, and why threat actors are actually attacking your organization. Simple defenses should be built around threats that are happening, not just what is possible. Not only monitoring the dark and open web, but closely analyzing your firewall logs and providing an “outside-in” inspection to closely enrich data your internal telemetry with external signals for more risk-based context and prioritization.