Outsourcing Operations

All through school we are told to work on our weaknesses. While this sound like great advice, there are thought leaders out there that would disagree with this adage. The efforts of schools are to make sure that you are not utterly deficient in a foundational skill. However, for those in the workforce, working on your deficiencies only to make you mediocre at a skill is wasted effort. Utilizing your strengths and becoming a leader in that area is much more productive and provides opportunities of great success.

All through school we are told to work to improve our weaknesses. While this sound like great advice, there are thought leaders out there that would disagree with this adage. The efforts of schools are to make sure that you are not utterly deficient in a foundational skill. However, for those in the workforce, working on your deficiencies only to make you mediocre at a skill is wasted effort. Utilizing your strengths and becoming a leader in that area is much more productive and provides opportunities of great success.

A weakness can be defined as a task or activity that saps your energy, essentially making you weak. A strength is something that gives you energy, and basically makes you feel strong. We take jobs where we use our strengths. We leave jobs where we are forced to use our weaknesses. In his book, Good To Great, Jim Collins presents several companies that went from market performing to market beating by focusing on their core competencies. These companies focused on their strengths and not their weaknesses. They removed the products and operational tasks that were not their core competencies. That is how they went from “Good” to “Great”.

When it comes to security operations, too often organizations fail to realize that they are “in over their head”. Many CISO’s have the belief that if they buy the “right” tool, then that will answer their security needs. The problem with that thinking is tools do not run themselves. Unless your team has spare time on their hands, adding more tools to the environment typically means you need to hire more staff.

Outsourcing security operations is a great way to improve security without adding staff. For companies who have hiring limitations but also a need to move their security posture forward, finding a security service provider that matches the operational needs is critical to meeting their strategic needs. With the ever-changing landscape of threats, security teams must always be moving forward and growing their security programs.

The challenge of outsourcing is finding the right organization with which to partner. The mix of service offerings can be overwhelming. Finding the right fit of services can be transformational for an organization. It can multiply the operational efficiency and effectiveness of a security team. For instance, if your security team’s strength is not incident response, get the help you need from the one of the innumerable service providers who offer this service. It allows for security leaders to focus on what their team does best and trust that the outsource company have the rest “under control”.

The ability of a leader to be able to identify their team’s strengths and then be able to maximize that while outsourcing the functions that are outside the core competencies separates them from the average CISO. The skill of this type of CISO enables them to define their security practice as a business differentiator and enabling greater growth for their company.

Some might view outsourcing as a loss of control of that function. If the wrong outsourcing partner is chosen, it can definitely be a loss of control and as such be added risk. That is why the selection process of an outsourcing partner is critical. Here are the top 4 criteria in selecting an outsourcing partner.

1) Partner’s core competency matches your functional need: you need to find a partner who is great at the task you need serviced.
2) Superior usability in customer portal: interacting through the customer portal should be seamless and informative.
3) Proven high level of service: you are giving the responsibility to perform a critical aspect of your security operations to a third party, they should be great at customer service.
4) Strong technical integration: the ability of the partner to integrate their services with the security environment is critical to successful operations.

Evaluating partners using these 4 criteria will give you a high confidence in the successful operation and business relationship leading to a higher level of security management.