The security threat landscape keeps changing and Integris changes right along with it. Every day brings unique challenges and threats to our door, and we rise to meet both with the best solutions and strategies available.
As our customers’ needs have matured, we’ve adapted to maintain stride, transitioning from a more traditional Managed Services Provider (MSP) to a successful, responsive Managed Security Services Provider (MSSP).
Our customers are beginning to realize that the threats faced by their businesses every day have become more complex and more dangerous and they need something more. They’ve looked to Integris for their solution.
We’re pleased to announce two brand new additions to the Security7 capability stack. The first is Darrin Maggy, CISSP our new Practice Manager and the second is the Security Advisory Service (SAS) practice he will lead.
This week we’ll be focusing on Darrin. SAS will be our topic next week.
Who is Darrin Maggy?
If you’re a (relatively) long-term reader of this blog you’ve seen Maggy’s name come up before. I’ve interviewed him a few times to talk about compliance-related issues (which you can read here iso-27001-the-compliance-chameleon and here the-7-steps-of-a-successful-risk-assessment).
Maggy joined us in early December. Previously he’d been with Ezentria, and before that Namtek Corp. Darrin has spent the last 20-years in the information security world helping organizations craft safer computing environments while helping to navigate daily cyber security challenges.
“I’m very excited to be joining Integris,” Maggy said in a recent interview. “Integris has assembled a powerful combination of managed security services and effective ancillary support services; the loyalty of their customer base speaks to the high level of care and confidence being delivered.”
What are his Goals as the new Practice Manager?
“My goal is to offer a prescriptive and durable theme of security deliverables every modern business should embrace. And I do mean every. Security is expensive and one of the best ways to reduce the cost is to operationalize information security activities. We’re going to help our customers do that.”
“I plan to emphasize the importance of establishing an appropriate level of formal security governance” Maggy said. “Security governance is a game changer as it creates the basis for measuring the performance of your security program, so you can continuously improve and adapt. Metrics make it easier to communicate effectively with organization stakeholders in terminology that the business can understand.”
“I prefer a contextual, risk-based approach as it typically results in a more balanced and reasonable security spend and focuses on the organizations most valuable assets. It doesn’t make sense to put a $200 lock on a $25 bicycle. There will be a lot of emphasis placed on establishing an effective, continuous risk management program suitable for organizations of all size and type.”
Maggy said many organizations have yet to realize the significant value of establishing control frameworks paired with strategic security programs, effective risk management and metrics.
“Frameworks guide the security program and simplify this complex world in a way that business leaders can understand achieving an increased level of management support. Well implemented security controls, security program, and risk frameworks establish governance leading to monitoring and measurement which leads to continuous improvement and decreased costs.”
That sounds daunting…
Maggy said he understands that establishing these capabilities can take a lot of work, and often people seem overwhelmed and don’t know where to begin.
“I advise people to ‘start small but start immediately’, we’re ready to guide the process regardless of where your [security] program stands today. We’ll break it down into its most finite points and then concentrate on what matters most. We must understand how the organization’s key assets are at risk to develop a realistic plan of action. Our goal is to maintain engagement while building controls logically upon one another, enabling the organization’s security operations and governance capability.”