Overhauling a cybersecurity program
Snapshot
A multinational financial data company came to Kalles Group asking us for help in updating their cybersecurity program.
We assessed their current situation, and developed a 24-month roadmap to guide them through the process of upgrading their cybersecurity processes and tools. The company was happy with our work – so much so that they hired us again, this time to begin implementing the plan we had designed.
The company’s hiring targets wouldn’t have allowed it to implement this plan in the desired 24-month timeframe, so KG consultants came in to fill the resource and skills gaps the company was facing. We jump-started our client’s transition to a modernized, mature cybersecurity program, and then ensured that internal staff had the knowledge and skills to take over the effort.
Challenge
KG’s consultants had previously developed a 24-month roadmap to help this company bring its cybersecurity tools and processes to maturity. When the company evaluated its resources, it found it didn’t have the in-house staff to carry out the roadmap; its pace of hiring meant that the work couldn’t be done within a 24-month window. Because waiting longer to get this crucial work done would have been unwise, the client contracted us to begin the work of implementing the roadmap.
Approach
KG’s consultants took the roadmap they had developed and began the work of making it a reality. We provided assessments, advice and leadership where it was needed, and were careful to ensure that our pace of work matched what the company was capable of handling.
We arranged a set of separate workstreams that allowed us to put our engineering and leadership expertise to work in all the areas we had identified for improvement, including vulnerability management, the company’s app firewall, intrusion detection mechanisms, cloud security, as well as information security and event management. And we made sure that all these workstreams would come together to form an integrated and comprehensive new cybersecurity program.
Results
Once these workstreams had been put into place, we began the work of handing over the project to the company’s internal staff. We shared our knowledge with the relevant IT and cybersecurity personnel, and offered them support as they took over the work of implementing the roadmap.
As part of this work, we enhanced the company’s ability to measure and report its cybersecurity outcomes. As a result, our client was able to significantly improve and modernize its cybersecurity posture.