This is not an easy question to answer and one that many CISOs, CIOs and CSOs struggle with. The fact that you need an IT security program is well understood now by most companies’ leadership teams. CISOs are no longer getting the same pushback that they used to face when proposing new IT security programs but they are still going to be challenged to justify their approach to addressing cybersecurity threats.
In a perfect world, I’d be a big proponent of building your own team of IT security experts that intimately know your environment and your business goals and challenges and who can fully align with your IT ops team to mount the best fortress around your data and business applications.
That perfect world picture is often faced with the reality of the industry that we’re in and the market conditions that surround us.
Globally, for every 40 open positions in the industry, there is one qualified resource. So if you’re a new graduate in IT reading this blog, stop right now and go get your CISSP. You can find more information about it here.
To avoid the above challenges, CISOs are turning over to MSSPs to outsource some of their security operations to allow them to mount a reasonable defense against cybersecurity threats. But that also comes with its own host of challenges:
If your provider can positively answer these two questions, then you are onto something.
To find out whether you really need an MSSP, download this free checklist.
Regardless of the approach that you will take, it’s worthwhile to have an external field expert or a trusted advisor onboard with you that you can consult with from time to time to validate your or your service provider's approach and make sure your blind spots are well covered.