With the cost of cybercrime set to top $5 trillion over the next five years, an incredible number of cybersecurity firms have been founded in the last few years. So, how do you sift through these countless listings and pick out the perfect fit? Here are Silent Breach’s top tips on how to filter out the static and discover the real talent:
1. Watch out for the one-trick pony
What a startup might call “specialization” is more often than not simply a lack of versatility. Due to the scarce supply of cyber talent
, small firms are often unable to invest in a broad and seasoned team, and instead focus on one or two products. Possibly, these “products” are simply repackaged generic solutions that you could buy off the shelf for a fraction of the price.
Takeaway: To avoid purchasing low quality and/or inflexible services, comb through the company’s website to make sure that they offer a wide range of services.
2. Learn your needs
Before entering a 5 or 6 figure contract, it is important to first learn what it is that you truly need. Unfortunately, it is not uncommon for the “experts” to recommend a “comprehensive package” even if a small fix would do the trick. It might be a good idea to first undergo a vulnerability assessment or audit
in order to capture a snapshot of your current situation, before agreeing to a full-blown package.
Takeaway: Before selecting a long-term security partner, first conduct a preliminary audit in order to ascertain your actual cybersecurity needs.
3. Independent Evaluation
Every cybersecurity company will assure you that they only hire the best and brightest. Instead of relying on their say-so, do some investigating on your own. For an independant listing, you can check out some of the “Bug Bounty” programs that are run by most large tech firms. Also known as 0-Day Exploits
, these bugs are verified and a full listing is published by the third-party vendor, lending a high degree of credibility to the cybersecurity team(s) who unearthed them.
Takeaway: Instead of relying solely on biased reviews, make sure to do your own homework.
4. Find the Goldilocks Solution
Economists refer to the perfect economy, one that runs neither too hot nor too cold, as the Goldilocks Economy. When choosing your cybersecurity partner, it is equally important to strike the right balance between boutique firms and large multinational behemoths. Most likely, your needs and constraints fall somewhere in between. So, instead of splurging on a blue-chip firm or choosing a local startup, make sure that your candidate is capable of delivering on their security promises, while also maintaining a close working relationship with your firm.
Takeaway: When selecting a partner, don’t be overly ambitious nor too frugal; find the right match for you.
5. Check the Forecast
One final step is what I like to call “checking the forecast”. That is, instead of just looking at where the security firm in question is today, see where it is headed in the future. The best way to do this? Check out the list of open positions on the company’s website. Are they hiring a healthy amount of technical talent? How much are they paying them? Which cities are they looking to hire in? You can learn a surprising amount about a company’s future just by scrolling through their job offerings.
Takeaway: Make sure that the firm will continue to be able to meet your needs. If their job offerings are sparse or sales-heavy, they may be suffering from a lack of liquidity that may affect their ability to meet your needs down the road.
What are your favorite tips for choosing a cybersecurity firm? Leave a comment below!
About Silent Breach: Silent Breach
is an award-winning provider of cyber security services for Fortune 500 companies. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and Internet of Things (IoT) industries.