The services I provide all fit under the umbrella of CDW’s vendor-agnostic security advisory services. My colleagues and I work every day to understand the business and security objectives of CDW’s customers and help them achieve their goals in a way that balances risk against business requirements. We do this through three major categories of services: security maturity assessments, security consulting and security architecture and design workshops.
Security Maturity Assessments
Many of our advisory relationships begin with a maturity assessment that helps an organization get a handle on the current state of its cybersecurity program. We can select an appropriate security framework or follow the organization’s existing framework, and then conduct a gap analysis to identify opportunities for improvement. After spending a few days onsite, we develop a good sense of the organization and its culture. This helps us establish a roadmap for the maturation of the security program.
I recently worked with a regional automotive manufacturer that was being acquired by a large, global company. The manufacturer had some security controls in place but was being asked to achieve ISO 27001 compliance before the acquisition could close. We stepped in and helped map out a plan for achieving that ambitious goal by building a holistic security program from the ground up.
My relationship with that manufacturer didn’t end with the maturity assessment. The work blossomed into a long-term relationship where I served as the company’s virtual CISO, helping them implement a remediation plan, hire permanent security staff and achieve their ISO 27001 requirements.
That’s just one example of the broader security consulting services that CDW provides. Our architects and engineers can supplement your technology team on virtually any engagement, ranging from building out a security awareness program to implementing a data loss prevention program.
Security Architecture and Design Workshops
While the manufacturing company engaged with us on a long-term basis, many of our customers need only point-in-time help with specific security issues. When these needs arise, we provide focused workshops that offer deep dives into the immediate needs of our customers. These fit into three categories:
- Security Architecture Workshops help customers develop strategies and implementation plans that integrate security with other technology and business needs.
- Security Remediation Workshops provide our customers with a structured approach to address issues raised during security assessments, penetration tests, audits or even breaches. We help sort through the findings and develop a prioritized remediation roadmap.
- Network Segmentation Workshops offer in-depth network security expertise to help customers transition from a flat network to a highly segmented network. These workshops often take place as customers seek to achieve Payment Card Industry Data Security Standard compliance.
Whether you need a long-term engagement or focused help with a specific security challenge, my CDW colleagues and I are ready to provide expert assistance.
This blog post is brought to you by: