In a recent article for CSO Magazine, Inside Cybersecurity’s Shelfware Problem, Guidehouse Director, Donald Heckman, addressed the underutilization of security software and how CISOs can maximize the value of their investment:
CISOs should start with a clear understanding of the security solutions they have so they can assess that they align with the organization’s security strategy by addressing the risks it faces, says Don Heckman, cybersecurity director at Guidehouse, an advisory, consulting and outsourcing firm.
“You should always look at your environment, and look at your cybersecurity program and technologies at least every 12 to 24 months. It starts with a robust enterprise risk managing program, laying out those risks and the right mitigations,” he says. “And take that strategic look at what you have, what you should have, and what you can get rid of. You can do a tools rationalization to really determine if you have the right tools for what you’re worried about, getting rid of redundancies and complexity and addressing gaps.”
That work also allows CISOs to focus staff training programs on the remaining technologies, further improving the chances of using each one to its fullest value.
Heckman says such work pays off.
“Everyone complains that they don’t have enough money, that they need more money for their cybersecurity, but at the end of the day if they took a step back and did a full assessment of their cybersecurity tools and capabilities, they could find that if they recovered half of the money spent on capabilities they didn’t use that it could go a long way toward covering other [more strategic] resources,” he says.