So, what is it we do?

16:09 18 April in analysis, cloud security, consultancy, Cyber security, Incident Response, Management, monitoring, security monitoring, security operations, small business, staff awareness, training

So, what is it you do?

I’m often asked by people outside the cyber security industry what is it, in fact, that I do. A reasonable question, and my usual answer is ‘stuff, for people’. Partly that is a hangover from the government days, and partly because consultancy is quite tricky to define in a short conversation. However, marketing ‘stuff, for people’ is hard, so with a recently revamped website we have also developed more detail on our services, and I thought I’d explain them in a shortish post.

I have already blogged about our Security Monitoring Service. That leaves Security Training and Strategy & Consulting.

I’ll start with Security Training. Over the past few years we’ve done a lot of training across a range of cyber security topics. Awareness training features heavily in that but we have also delivered courses on incident response, OSINT techniques and conducting covert secure investigations, SOC analyst skills and network intrusion detection, board level briefings and more. The length of course we’ve delivered has also varied, from a two-week SOC analyst course, a five day ‘Cyber Security Introduction’ and one-hour security awareness sessions.

Whilst we have now a large library of training materials, everything we deliver is tailored to the specific needs of the client. We don’t yet do any ‘open door’ training, by which I mean run courses which anyone can sign up to. We have considered this, and may do something in the future, possibly around an introduction to cyber security for SMEs (and if that’s something that you’d be interested in, let us know).

So, whatever your training needs, let us know. And rest assured, we promise that if it’s not something we have expertise in, we won’t try and bluff our way through!

Which leaves us with Strategy & Consultancy. Consultancy is obviously a catch all, but hopefully the diagram on the top of that page gives you some idea of what it is I was trying to describe. Quite a lot of our work involves helping people identify the potential weaknesses in their organisation and coming up with a plan of action to fix all of those things and improve overall security. In other (grander) words, helping our customers define a security strategy. Sometimes, or probably more accurately frequently, we don’t meet the customer at the beginning of that process and are called when something has gone wrong or something isn’t working properly. Sometimes that is an outsourcing arrangement which has gone wrong and which we work to turn around, sometimes it is a security project that is stalled, sometimes people have simply tried and failed to get started and sometimes something else entirely. Cyber security is a complex place, and it can be easy to find yourself stuck, especially if you have little prior experience in the area.

Really, wherever you are in your cyber security journey if you find yourself stalled, or in need of advice then get in touch. Once again, I can promise if we can’t answer your question, or you are dealing with something we don’t have experience in, we will not try and bluff.

So that is how we have tried to define the work that we do, and the services we offer. I have ambitions to expand this; we plan on launching a ‘virtual CISO’ service, and some targeted training for people who might be subject to the attention of particularly capable threat actors. But I’ll blog about that in due course.

Finally, I think I need to talk about two items missing from our services list, and which used to be on our old website: incident response and penetration testing. Given I can, as anyone who has been on one of my training courses can attest, wax lyrical on the importance of incident response for hours it might seem an odd omission. I decided to remove it as a service primarily because we are too small to drop everything and be on site tomorrow, which is what people often want or expect from an IR service. Which doesn’t mean we can’t help of course – we’ve worked with lots of people to recover from incidents and have advised customers dealing with a crisis. If you need a large team on site tomorrow, we’re not the right people but if you’re stuck and don’t know what to do next or need help with the longer-term recovery – please do get in touch (and of course we absolutely can help with incident response preparations).

Penetration testing is gone for two reasons. Firstly, we just didn’t do enough of it really to stay current and secondly we have always done much more work in the preparation and defence space, and offering pen testing alongside that felt like marking our own homework, so I would end up referring clients on to other people anyway who would then test our work. If you’re looking for a pen tester I know good people I can refer you on to, and they do that kind of work all the time, and do it very well.

I hope that provides some clarity on how we have tried to define what it is we do. If you have questions, requirements or comments, please get in touch.

Thanks for reading, Rob