A few months ago, I was approached by Lumu to join their CISO Advisory Board. After giving it some thought, I decided it would be a great opportunity to engage with cybersecurity leaders at organizations needing help. I’d like to share my thoughts on why I decided to join the Lumu CISO advisory board and what value I think we can bring to organizations of all sizes.
All Companies Need Cybersecurity
Cybersecurity is non-negotiable across every vertical and at every company. Unfortunately, that thinking isn’t as universal as you might think, or to be more fair many companies and their leaders think cybersecurity is “a bridge too far”. The truth is that is not the case, at least it certainly shouldn’t be the case.
A few years back I was doing some advisory work for a cybersecurity vendor—I won’t mention any names. They had some issues with competition in the high-end, large enterprise market, it was a saturated market to say the least. So, I advised them to do the obvious: expand their offer to mid-market and medium-sized businesses. The idea was a non-starter, they wanted enterprise deals and only “big” customers. Unfortunately, that’s the thinking at many vendors, who are only interested in building tools for businesses with big budgets. I thought that was a very short-sighted approach and in my gut I felt that this was ignoring not only an underserved market, but a market that was ripe for growth.
Most small or mid-size companies don’t have their own dedicated IT teams, let alone their own security team; Managed Service Providers (MSPs) can and should help. MSPs’ expertise and personnel allow them to play a key role in helping smaller organizations get to operate cybersecurity. At the same time, MSPs have specific needs that need to be catered to if they are to distribute their services across a broad base of customers.
Small businesses need to do what they are good at, not do what they do for business and “hey do some security too”. That model doesn’t work and only introduces more risk. You can’t be half in for cybersecurity to be effective. Using an MSP means a force multiplier and helps a business engage in real security practices without the weight of trying to take on that massive technical expertise and effort by themselves. Why be a candy company that does cyber? Make candy, let an MSP be your security team, duh.
At Lumu, the thinking is more aligned with my own general views. Lumu’s goal is that every company—no matter size or vertical—should be able to operate cybersecurity proficiently. To that end, Lumu strives to provide an accessible, state-of-the-art cybersecurity program that doesn’t need highly specialized staff to operate as well as an option for MSPs. To be frank, Lumu is what I would call vectored for this market and is designed to be used as that force multiplier for any business that leverages Lumu.
Visibility and Verification of Your Security Strategy
Zero Trust guys like myself often say ‘never trust, always verify‘ when we talk about infrastructure and traffic. The cybersecurity space and its threat landscape are always changing and you need to adapt constantly. You can’t trust that what was working yesterday will work today. The adversaries want you to stay static, that’s how they move past a current state of defense. To be successfully defended you must be adaptive and dynamic.
Powering that adaptation and honing resource allocation for a real defensive posture requires an organization to gain verification and validation that the controls you are using are actually intercepting adversarial tactics and threat activity. A strategy means that you must be willing to act decisively, but doing so means that you must have the facts on the ground, and Lumu gives a great view of those needed facts via their real-time visibility across the network. That’s good intel to have for your day-to-day operations and also helps to gain some insight into the big-picture performance of your strategy. Make sure what you do “matters”, and do that constantly and at scale. There is exceptional value in that strategically.
Credibility: See the Value for Yourself
I also like that Lumu lets you try them out for free and for as long as you want. We do this with every other type of software on the market, why shouldn’t we be able to do it for something as important as security software. I think this is huge for Lumu’s credibility. Being able to try out the software and use it with no strings attached really shows me they have faith in their solution and value their ability to serve their customers of all sizes. And like any good vendor, of course, you can always add more horsepower at a higher tier, Lumu Insights or Lumu Defender. But you get to try it out first and get familiar with their approach, that’s awesome.
Lumu’s goal is to make cybersecurity accessible for every company, no matter size or vertical, and I applaud that value proposition. I joined the Lumu CISO advisory board because our thinking is aligned on a number of issues and I think we can bring value to organizations of all sizes through visibility and verification. You can try out Lumu for free so that you can see for yourself how it can help your organization.