This blog was co-authored by Wade Woolwine, Principal Threat Intelligence Researcher, and Jake Godgart, Portfolio Marketing Manager for Rapid7 Managed Services
What keeps organizations from advancing their security programs?
It is certainly not lack of tools—there are at least five tools competing for every dollar in every niche of security these days. It could be a lack of talent and experienced staff, but you can buy those through services and managed security services. Is it a lack of funding? Possibly, but plenty of security budgets have actually grown over the past few years.
So, what’s holding organizations back?
In my time in the industry and specifically here at Rapid7, I’ve had the chance to partner with many technologists and leaders to build out our customers’ security programs. In my opinion, the biggest thing that prevents organizations from advancing security is a common language for establishing priorities for the security program and getting the investment to match the results business leaders expect. The folks in charge of the money can’t get the technologists to solve business problems, and the technologists can’t get the folks in charge of the money to buy them the things they need.
At Rapid7, we call this common language "security outcomes."
To solve this problem, Rapid7 is focused on enabling our customers to reach their desired outcomes—plain, simple, and (mostly) jargon-free descriptions of what the business is trying to achieve.
When we ask business executives what their security program needs to do for them, we typically hear these types of outcomes:
Keep me and my company out of trouble (and the press)
Minimize the financial impact to run and in ..
Support the originator by clicking the read the rest link below.
