and watch the ideas flow . . .
Why customization benefits everybody!
Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . .
One of the surprise-lessons we’ve been experiencing as I unpack my job description to delegate to the NG team: once the work became truly their own, the processes started to organically improve. While “auditing” was still owned by Dan, the effectiveness of it stayed pretty stable.
I’m not afraid to admit when I delegate something to somebody, it ends up being done much better than that somebody than it was when I was doing it. It’s one of the main reasons why/how companies grow.
Given I started developing our audit processes before we even started our company was started in 2000, by 2015 I must admit my idea bandwidth was rather clogged.
And in the five years or so it took us to fully delegate the process, it didn’t really change much. (Other than, of course, improvements made thanks to the suggestions of our Clients or new guidance or some other “outside force.”)
But in 2019 or so, Adam started to “take ownership” of the process, and WOW! No really, WOW! Practices began to slowly improve . . . not because of outside influences, but because of Adam’s own response to the process he originally experienced.
As we circle around and review our practices and audit controls, we find less and less issues with enforcement, more accuracy, and much more streamlined processes.
When you make it your own, your ideas start to flow, because you know YOU can oversee their implementation and development.
It’s one of the primary advantages we get by totally customizing our SIEM to each of our Clients. The development cycle speeds up, as we get more and more great ideas from our Clients. (When broad-reaching, we implement good ideas across the board).
Cookie-cutter approaches do not work in Information Security. The economy of scale yields a lack of security, in our opinion. Though we do bring extensive templates, lexicons, and tuning processes to a managed services engagement, we take great pride in our ability to customize our detection and response methods to your unique needs. Our interface and reporting is customized to your processes and preferences. Our engagement with your blue team and incident response team . . . well, it may be with your MSP and your Steering Committee.
Our decision trees, calling trees, and response methodologies are customized to your unique situation. We can write signatures for any situation you can imagine. (As founders of bleedingsnort.com, we have been writing signatures since 2003.) You can ask any of our Clients, and they should be able to say we do NOT use a generic, one-size fits all approach to our Clients.
And because of our customization, our processes have “listen to your Client” built right in. We stay where “the rubber meets the road.”
To clarify: it is our job to show our Clients what a good SIEM entails, to know what you should expect from the SIEM. But if our development pipeline prioritizes feature suggestions by our Clients . . . and most of them are the best improvement ideas . . . our SIEM truly becomes a system that meets the needs of our small community-based banks and credit unions. Its why we run circles around the international providers . . . who are they customizing their system for?
And our Clients “make it their own.” The ideas flow. The processes improve. In amazing speed.
So, if you are one of our MSSP Clients . . . MAKE IT YOUR OWN! Let us know what you need, and watch our SIEM become better than it was when we delivered it to you!
Original article by Dan Hadaway CRISC CISA CISM. Founder and Information Architect, infotex
”Dan’s New Leaf” – a fun blog to inspire thought in IT Governance.
