Ever met an information security expert who thought they knew it all?  Ever been frustrated when you try to explain something to a security expert and you feel like you haven’t been heard?  Let’s change this.

Our mission at FRSecure is to “fix the broken information security industry”.  Fulfillment of this mission is going to be much harder if we don’t stop and listen to our customers.

At FRSecure, we have established the FRSecure Customer Advisory Board (CAB) to help us with this problem.  We are privileged to work with a handful of great people on the FRSecure CAB.  They tell us what we do well and they tell us what they want us to do better.  It’s a great experience!

In our most recent CAB meeting, I posed the following two questions to our members:

  1. What is your greatest frustration with respect to information security?
  2. What is your greatest challenge with respect to information security?

I asked each CAB member to write down their answers, then we discussed them as a group.

Greatest Frustrations

The greatest frustrations shared by our CAB members included:

  • Lack of common information security understanding.
  • Different interpretations of different information security regulations and standards.
  • Lack of education for practitioners and executive management.
  • Constantly changing priorities based on outside influences.

All of the common frustrations were shared by all of the CAB members.  Through discussion and good healthy debate, we derived a core frustration that sums up everything; we are all speaking different languages for the same topic.

Greatest Challenges

The greatest challenges shared by our CAB members included:

  • Education/training for executives, IT personnel, and users.
  • Management commitment to continuous improvement.
  • Obtaining the necessary resources to manage information security.
  • Measuring information security (metrics, status, improvements, etc.)
  • Cyber insurance.  Understanding and communicating risk.

There are so many moving parts to an information security program and it’s difficult for our customers to figure out the next thing they should be working on.  Instead of using risk (and measurement) to determine what to do, they are using what outside entities (regulators, examiners, customers, etc.) are telling them to do.  This challenge is closely related to the frustration problem, but it also became clear that customers don’t necessarily know how to fix security problems when told that they need to.

Members of the CAB agreed that the greatest frustrations could be summed up with; we don’t know how to fix the issues facing us within the greater context of a strategic information security program.

What FRSecure is doing

So what is FRSecure doing about all of this?  If FRSecure is committed to fixing the broken information security industry, we can’t shy away from our customers’ greatest frustrations and challenges.  We are committed to solving these problems.

Problem #1 – We are speaking different languages.

At the core of the FRSecure business is the FRSecure Information Security Assessment (or FISA™).  FISA is an easy-to-understand information security assessment that gets people speaking the same language internally (with executives, directors, management, and all users) and externally (with partners, customers, regulators, etc.).  FISA is also comprehensive, credible, and effective.

For more information about how FISA solves problem #1, contact us ([email protected]).  We would love to show you how we’re fixing the broken industry!

All of our other services can be incorporated into FISA, and the deliverables for all other services must be designed to help solve problem #1 vs. contribute to problem #1.

Problem #2 – We don’t know how to fix our problems when we’re told about them.

There are primarily three things that we’re doing to fix problem #2:

  1. We teach in every engagement we have with customers.  It’s not good enough to tell customers what to do, we take the time to explain and show it.
  2. We teach anyone who’s interested.  We do this through speaking engagements, blog posts, newsletters, podcasts, videos, and the FRSecure Mentor Program.
  3. We are building tools for our customers to use.

Summary

We will keep listening to our customers, and we will keep learning.  Remember these two problems; they are at the core of everything we do.  Thank you for sharing with us!


Evan Francen on LinkedinEvan Francen on Twitter
Evan Francen
CEO at FRSecure
Nickname: "The Truth"

I am a 25+ year information security veteran, and I tell it like I see it. I’m not known for being politically correct, and this sometimes gets me into trouble. More often than not; however, clients and colleagues come to appreciate the candor and common sense approach. If you look at security (the right way), you’ll find that it’s just not as complicated as people make it. I hope you enjoy my writings on security and other miscellaneous things. I really have a strong and deep passion for helping people and making the world a better place.

Check out my new book UNSECURITY

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *