The Front Door Concept: Creating a Central Point of Entry Into a Cybersecurity Program
by Cornelius Roberts
Strengthening an organization’s cybersecurity posture does not always have to be an effort strictly focused on zeros and ones or whether you have a governance structure in place that is tailored to the enterprise in the context of its operating environment. Strategic use of people, coupled with improved processes, is just as important as deploying the latest and greatest technological innovation or updating policy on an annual basis. You can have a significant, positive impact on an organization and how it provides cybersecurity services to an enterprise by simply re-organizing its resources and how they are monitored. Enter the Front Door concept—a central point of entry into a cybersecurity program to provide answers, track tasks and provide metrics.
Invictus is using this exact concept to help a large intelligence agency’s cybersecurity program re-organize its own approach to providing services to its worldwide enterprise. Prior to Invictus’ support to this agency, if you wanted quick-turn support with follow-up, your best bet was to find that one person that was responsive to you, forge a long-term relationship, and time after time seek that same person’s expertise. By doing so, a cadre of “by name” experts develop who become the controlling mechanisms, or de-facto governance, for specific capabilities. This model has its advantages and disadvantages, depending on your perspective.
As a customer, if you are seeking support and quick answers, you have your own trustworthy contact that you can rely on over and over again to get what you need…customer mission accomplished. Problems can start when customer’s share their contacts, “If you need x, just call y—they will help you out and they definitely know what they are talking about.” Building the individual, not the capability.
As a Program Manager tasked to provide a variety of cybersecurity services, you observe that your customers tend to have their “go to” people in your organization. Of course, the problem may arise that the “go to” people, identified by your customer base, also happen to be some of your best and brightest. Your own staff has likely identified these same people as “go to.” You end up having your best and brightest servicing customers and colleagues—being contacted by phone, emails, and drive-byes and not focusing on big mission tasks.
It may even reach the point that customers and colleagues stop doing their own research. Why research when you know someone has the answer and you can reach them directly for service? Your people are focused on their mission and want to help their customers and program. They do not want to turn people away, however, service requests may indeed distract them from strategic goals—both yours and theirs.
To this potential disrupting routine, the solution is a Front Door that provides answers to common questions, staffed by cybersecurity experts, that builds a knowledge base, and assigns tasks to capability group leads. Groups leads subsequently further assign tasks to their identified subject matter experts enabling the ability to track tasks, using technology, and provide near on-demand status updates and metrics. This model, while not revolutionary, takes commitment and leadership support to implement and enforce.
The benefits of this type of initiative are myriad and can totally change an organization’s landscape. Service consumers will have a standard method to request support. They will receive answers more quickly from an established knowledge base. They will engage directly with cybersecurity experts from the get go, and when answers are not available, the requests are tracked, tasked and assigned to specific capability groups that focus specifically on subject area. Tasks do not get lost in personal emails and sticky notes no longer will be overlooked or forgotten. In addition, you can accurately measure organizational workload and performance. You can then begin to overcome organizational “stovepipes” with a Front Door that helps coordinate across your domain, while also tracking tasks. Most importantly, you will have the ability to focus your best and brightest on your core cybersecurity mission, without distraction.
There are certainly initial challenges. Your identified best and brightest may be accustomed to being central contact points of an organization and may even like being the “go to” person. These people are often skeptical initially, but long-term they see the benefits and will likely appreciate the ability to focus on the more strategic long-term goals while expanding their professional knowledge base along the way. They also may be reluctant to give up their established “network” and their name recognition. However, without question, the establishment of a Front Door Program will pay immediate and long-term dividends from a customer and organizational perspective.
Stay tuned, as we will give you periodic updates on this critical initiative, which is already yielding great results to our client.