How to Strengthen Network Security on a Smaller Budget

By Jon-Louis Heimerl  |  Posted 2010-04-14 Print this article Print

title=Hire the Expertise You Need, Not What You Might Want}


Tip No. 2: Hire the expertise you need, not what you might want

Many organizations think a one-time cost (aka, buying technology) will solve "the problem." It is easier to think an internal scanner will resolve an issue because it is a tangible thing. The problem with this way of thinking? Integration, implementation, training and maintenance can be very expensive.

If you don't have the expertise in-house to support the purchase right out of the box, why not put the decision on hold for one year and hire an external company whose expertise you need, without having to expend capital? At the very least, you can learn from what they do and use that information to better plan a future solution.

Let's take that internal scanning requirement as an example. Thanks to the PCI DSS, you may want a scanner to meet a requirement. However, you may not have an employee who is qualified to run the scanner and remediate the vulnerabilities. Having the piece of technology is only half of the battle.

The business requirement remains but you don't have the people who have immediate or deep expertise. Try outsourcing scanning for one year to evaluate all solutions before you invest dollars in a permanent purchase. This allows you to evaluate what your business requirements are in the long term and determine if your organization can best support the business with an in-house solution (internal scanning, in this example) or with an MSSP ( managed security services provider). Ask yourself which solution lets you focus on what you and your group do best, while outsourcing what your vendors do best. This way, you remain focused on exactly what your business needs.


Jon-Louis Heimerl is Director of SAAS Development for Solutionary, Inc. Jon-Louis has over 25 years of experience in security and security programs. His background includes everything from writing device drivers in assembler to running a worldwide network operation center for the United States government. Jon-Louis has also performed commercial consulting for a variety of industries, including many Fortune 500 clients. His consulting experience includes security assessments, security awareness training, policy development, physical intrusion tests and social engineering exercises. He can be reached at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel