How to Strengthen Network Security on a Smaller Budget
title=Hire the Expertise You Need, Not What You Might Want}Many organizations think a one-time cost (aka, buying technology) will solve "the problem." It is easier to think an internal scanner will resolve an issue because it is a tangible thing. The problem with this way of thinking? Integration, implementation, training and maintenance can be very expensive. If you don't have the expertise in-house to support the purchase right out of the box, why not put the decision on hold for one year and hire an external company whose expertise you need, without having to expend capital? At the very least, you can learn from what they do and use that information to better plan a future solution. Let's take that internal scanning requirement as an example. Thanks to the PCI DSS, you may want a scanner to meet a requirement. However, you may not have an employee who is qualified to run the scanner and remediate the vulnerabilities. Having the piece of technology is only half of the battle. The business requirement remains but you don't have the people who have immediate or deep expertise. Try outsourcing scanning for one year to evaluate all solutions before you invest dollars in a permanent purchase. This allows you to evaluate what your business requirements are in the long term and determine if your organization can best support the business with an in-house solution (internal scanning, in this example) or with an MSSP ( managed security services provider). Ask yourself which solution lets you focus on what you and your group do best, while outsourcing what your vendors do best. This way, you remain focused on exactly what your business needs.
Tip No. 2: Hire the expertise you need, not what you might want