How to Hire Cybersecurity Companies and talent?
Alexander Poizner, President of Parabellyx Cybersecurity has created a video to help you to understand what questions you should ask when hiring a Cybersecurity firm.
By finding the right partner, you improve your defensive strategies and ensure that your team, customers and company are safe from threats and breaches.
The following questions outlined in the video should help you find the right cybersecurity partner for your business.
1. How long have they held onto their clients?
How many clients have retained their services and/or have been engaged repeatedly by their customer base? You want to know that the company has a good, loyal and longstanding customer base, as this indicates the customer satisfaction of their clients and likely shows a consistency in team staffing as well. Listing clients on the company website is always a red flag, since this attracts unnecessary attention to both clients and the company, increasing the risk of attacks for both. Always request referrals and talk with their customers about the capabilities and their experience with the potential company.
2. Can the company work with large and small budgets?
Your cybersecurity needs will change and evolve over time and you need a partner that can adapt to those changes as well. Evaluating what types of clients each cybersecurity company retains on their roster will give you an idea of whether that company can adapt to your budget, whether it is big or small. Some companies will be able to adapt to both. Do your due diligence and realize that smaller companies will have smaller budgets. Even if a larger security company can adapt to your budget, will you be a priority or a line item for their teams? Keep this in mind when asking for referrals from larger vendors. Ask for some smaller companies references as well as the more known brands.
3. Is cybersecurity the core business of the company?
This is a key consideration as more companies are now offering cybersecurity services to their clients. If cybersecurity isn’t a core service in their business, you will need to understand how experienced their team is and how knowledgeable is the company about the always changing cybersecurity landscape. If the company doesn’t maintain seasoned , they are less likely to understand the environment and even less likely to understand how to hire a cybersecurity team to manage their clients needs. They will be more focused on selling you a point solution, rather than being able to help guide you strategically. Great cybersecurity talent doesn’t want to work for a boss who doesn’t understand cybersecurity, which is why many larger companies who have cybersecurity as a service add-on usually have more junior staff with higher turnover rates. This brings us to our next point…
4. Is the company security or sales focused?
Is the company focused on security or sales? For instance, are there 20 engineers, but 30 sales executives. That tells you that they are really sales focused rather than investing in the development of their technical expertise and team. It also may be an indicator that they don’t have the staff to properly execute the projects, as they are spending more on resources to hunt for new sales opportunities than growing the implementation team. This often leads to less client retention. So, ask how often they are turning over clients and request more referrals so you can understand how well they can handle your business. You will also want to know that the team who sold you on the company will be the team that works on your strategy and manages the execution. The people selling the solution should be the same people who work with you after the contract is signed.
5. What is the team composition of the cybersecurity company?
How experienced is their team? What is the depth of experience in the team and in what areas of cybersecurity? Today, you have many different specializations in cybersecurity and it’s hard for even a generalist to comprehend more than five or seven areas of cybersecurity. And if they are a specialist, they are probably focusing on one, two or maybe three areas of cybersecurity. While architects may still be generalists, you may require something more specific for your needs. If this is the case, you have to ask how much in-depth knowledge and skill and experience the engineer has in the particular field you need. You may find that you should be selecting more than one company and putting a cross-vendor team together to execute all of your needs.
6. What is the customer service level during the execution of the strategy and what is after the execution post-launch?
When you’re looking for a cybersecurity company, you’re looking for a long-term partner and not somebody who comes in, executes the engagement and moves on. You will want to know what you can expect from the service levels of the team during the execution, frequency of contact and expectations for collaboration. You will also want to know if you have access to the original team who can perhaps meet with you once a month and discuss some additional issues, regardless of whether additional opportunities will come up, or not post project. Their incentive should be to develop a long-term relationship.
7. Finally, Is the company technology agnostic or are they primarily focused on one or a few types of technology?
Your cybersecurity strategy will require technology as part of the solution. You will want to understand if the company you are considering is primarily focused on one or two technology solutions or are they technology agnostic. This is important because you want the best solution tailored to your specific business needs. You also want to understand if the cybersecurity company is receiving payment for implementing any technology as well as their direct fees to you. They could be acting as a channel partner for the technology company instead of acting as a cybersecurity vendor who is placing your needs ahead of licensing sales for a technology firm.
We hope that this helps you in your search and Alexander welcomes any questions that you may have once you’ve watched our video.