Cyber attacks are a risk to all organisations.
But so is spending too much much chasing IT providers and implementing irrelevant or expensive cybersecurity defences.
There is a right amount to invest in your defences,
so you’re not an easy target for cyber criminals, and
not a cash cow for IT providers.
You are concerned that you are not doing enough, but you’re not sure. You’re an expert in your field, but technology is not that field of expertise.
You are also concerned about spending too much. Because you’re not a techie, you are afraid that you spend too much time and money on solutions that suit your IT providers.
These conflicting concerns are leading to inaction.
Your inaction could blow up in your face.
This could blow up because you get caught out by:
- a cyber attack
- an informed prospect or client (The larger ones love to read your responses to their multi-tab security questionnaires)
- a regulator’s audit or thematic review (It’s not like they haven’t already told you what they expect)
Don’t waste time doing nothing about cybersecurity
Even if you don’t think you will be attacked,
are you really happy to put your professional reputation on the line?
Wouldn’t it be great to know you have taken reasonable steps to reduce the risk of a cyber attack?
To know that, at a minimum, you aren’t missing the simple defences that bring significant security benefits?
To know that you have sufficient security, so if anyone asks you to describe how you are managing the risk, you can answer with confidence?
And to know that, even if an attacker does get through, people won’t think you were asleep at the wheel?
Don’t waste time trying to do this yourself
Everyone talks about needing to have ‘reasonable’ or ‘appropriate’ security in place.
But what is ‘reasonable’ security for you?
You can try to work this all out yourself. Or we can work on this together.
By working with me, you will be confident that you have a reasonable level of security.
- You will understand the real cybersecurity risks that you face and what ‘reasonable’ looks like
- You will know the steps that you and your IT providers must take to manage the risks
- You will be able to demonstrate to your clients, prospects, board members and regulators that you have this nailed
- No jargon. Just Plain English.
- No bull. Just actionable insight.
- No scenic routes. Just direct and to-the-point advice.
- No juniors. Just me.
When can I help?
I can help if you are frustrated by:
- Lack of confidence – You are very concerned about a cyber-attack – Not just because of the immediate financial loss and operational disruption, but because of the longer-term reputational damage.
- Lack of clarity – You read a lot about cybersecurity threats and attacks, but you don’t know what you should focus on so your organisation has sufficient level of security that aligns to your needs, capabilities and the expectations of your clients and regulators.
- Lack of plain English – You don’t care about firewalls. You care about risks, and the ways to reduce the likelihood and/or impact of these risks.
- Lack of answers – Even if you ask your IT providers, you aren’t certain whether you asked the the right questions and if they have actually provided reasonable answers.
- Lack of momentum – You want to get this addressed, but there’s always something more urgent to do. It’s difficult to maintain momentum.
- Lack of pragmatic advice – You are unable to find a way to solve this in a pragmatic way. You don’t have the expertise to do it all, but you also don’t want to engage a fleet of consultants who will flood you with fancy presentations and graphs that make you even more confused than before.
Am I the solution for you?
You need ‘good enough’, not perfection.
[Good enough] is better than [perfect].
Businesses in the real world seldom benefit from perfect solutions – They take too long and cost too much, and are impossible to sustain.
My guidance is reasonable and realistic, and tailored to your concerns and resources, and to the expectations of your clients and prospects.
We start by ensuring you have the right foundations in place. This may be good enough.
If it is not, I can then guide you through a structured process to identify what ‘good enough’ means for you, so we can then develop a structured, achievable roadmap that will get you there.
You need Plain English.
You are an expert in your field, but cybersecurity is not your area of expertise.
You don’t want to be bamboozled by the latest techie jargon.
I use Plain English to explain the risks (i.e. likelihoods and impacts), and how to manage & mitigate these risks effectively.
If you understand how to protect your home, you will understand how to protect your organisation.
You need a trusted advisor and translator.
Managing cybersecurity risks inevitably involves conversations and negotiations with IT providers and other third parties.
I will be your trusted advisor and translator, so you get what you need.
It is ‘me’, not ‘we’.
If you want to work with a large team of consultants (or if you need the cover that a large consultancy firm will give you), I am not for you.
I do not have a bench of junior associates. I have many trusted and experienced 3rd parties who I call on if we need their specific skills.
But if you choose to work with me, it will be me.
You will be paying for my experience, not funding my team’s education.
I only work with a limited number of clients at a time, so I can serve them well.
Please book your call at your earliest convenience, so we can get started as soon as I have a slot available.