Do you really need more security people?

Many government projects I have worked with recently complain that they can’t get the cyber security people they need, that they’re prohibitively expensive or simply unavailable.  

They often use the acronym SQEP, for Suitably Qualified and Experienced Personnel. In government security this means having the correct level of clearance, being familiar with accreditation document sets or having cyber security qualifications like CISSP or CSIM. Often, this greatly limits the pool of talent available or makes in prohibitively expensive

The result of this is that security is often pushed back to a later stage in the project when budgets are bigger or contractors are already engaged.

The trouble with this is that many critical cyber security decisions are already made by this point. Then the very expensive cyber security resource can often do little more than document weaknesses and design compromises, resulting in huge piles of paperwork but little improvement in security.

At bee.net, we help our clients to resolve the perceived shortage of security staff by taking a whole team approach. Often, the most important people for security aren’t security specialists; they’re project managers, sponsors, and commercial teams. We help them all to ask the right questions at the right times. Thus we solve the perceived SQEP problem not by throwing more money at it but by helping existing project staff better.

The result is that not only is the cost of security greatly reduced, there is less paperwork, contracts are clearer, and security controls that get in the way can vanish. And all these savings can be achieved whilst actually improving security. One client bee.net worked for, a seaborn weapons system, potentially saved over £100 million by working with our process.