Connect with Us

Click to follow Bright Moon  Security on Twitter. Click here to connect with Bright Moon Security's Chris Simpson on LinkedIn Click here to view Bright Moon Security recommended links on Delicious.

Subscribe

Enter your email address to receive blog posts via email:

Delivered by FeedBurner
(We don't share your email address.)

Navigation
Misc Widgets
« Forming San Diego CSA Chapter | Main | Bright Moon Security will be teaching Cloud Security Alliance (CSA) Certificate of Cloud Security Knowledge (CCSK) Classes in San Diego, California »
Tuesday
Sep272011

Choosing the Right Cyber Security Consultant or Service Provider

The other day I had an interesting conversation with another small business owner who runs a home repair related business and was at our house for a sales call. Near the end of our conversation I mentioned I had recently started a Cyber Security consulting business. Right away he mentioned he was having some computer security issues and didn't know where to go. He mentioned he had searched the Internet and found someone but wasn't confident he had made the right selection and was still leery of using their services. Finding the right cyber security support is difficult for small business owners. Its easy to be confused by the "techno jargon" and pay for more than you need. On a side note, one of the reasons I started Bright Moon Security was to provide good service at a reasonable price. A few months ago I gave a talk at a local conference on security tools for small and medium sized businesses. After the talk a CEO approached me and mentioned he had paid almost $10k for a "firewall" and it sounded like he really didn't know what he paid for and wasn't happy with the service he received. I think one of two things happened here, either he paid too much for a firewall or the provider didn't do a good job at assessing his requirements and explaining to him what they provided to meet those requirements. For all of our engagements we work with our customers to identify their requirements and then provide a way to meet those requirements and clearly explain what we provide without too much "techno babble"" and when we use technical terms we clearly explain what they mean.

Below are some of my recommendations for choosing a cyber security provider

  • For a small or medium sized business look for a local business or a large company that has a larger presence in your area.
  • Look for companies that give back to the local community, for example ones that provide presentations for the local Chamber of Commerce or in San Diego companies that support Securing Our eCity. Also look for people that hold or have held positions in their local security organizations like the Information Systems Security Association (Information Systems Security Association), ISACA, High Technology Crimes Investigation Association (HTCIA) and Open Web APplication Security Project (OWASP).
  • Check with your local security organizations like SDISSA, ISACA, HTCIA or OWASP to find out who is active in their respective organizations and perhaps get some referrals. Many of these groups have LinkedIn groups that are another resource for finding good local cyber security resources.
  • Look for a company that tries to understand your business so they can determine the best protection for your data. If they offer you an IDS, firewall and a bunch of other services without asking what you do, go to another company. They should also explain security in terms you understand.

Yes, Bright Moon Security meets the criteria above:) Below are some other local San Diego and SoCal companies that meet this criteria too. I know they are potential competitors but I am happy to recommend people I trust and if we are competing for a project I think the customer should pick who they think fits best.

 

  • Dan Tentler at AtenLabs who organizes the San Diego Bar Camps and has given free training at the San Diego ISSA.
  • Peter Bybee, past president of the San Diego ISSA who runs Security On Demand and Network Vigilance
  • Tom Byrnes at ThreatStop who participates in a variety of local security groups and events.
  • Jim McMurry at Milton Security who sponsors a variety of security events and gave away a free trip to Defcon, one of the best security conferences. (Disclaimer: I won the free trip he gave away via Twitter.)
  • Ed Hunter past board member at the SDISSA and owner of Hunter Forensics

 

Reader Comments (1)

San Diego companies that support Securing Our eCity. Also look for people that hold or have held positions in their local security organizations like the Information Systems Security Association (Information Systems Security Association), ISACA, High Technology Crimes Investigation Association (HTCIA) and Open Web APplication Security Project (OWASP).

June 8, 2015 at 1:07 AM | Unregistered Commenterconstruction site security

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>