Cybersecurity has become a key strategic consideration for most organizations today.

The shift to telecommuting has increased the potential for security breaches and fraud. The rapid increase in virtual services and rise of cloud computing requires third party-risk assessments to ensure company, customer and employee data is secure. As more companies contemplate hiring a cybersecurity company, they want to know where to start?

There are many key considerations when looking to hire a cybersecurity company. Depending on your needs, you will be looking for a company to either build your entire cybersecurity strategy or looking for a specific solution that requires a specialist, capable of working in specific areas of cybersecurity with the ability to execute a project in a very specific field. Large and small companies can manage both types of executions, but generally speaking, you will need to be looking for a company with generalists who have experience in multiple areas of cybersecurity for the initial definition of your strategy and architecture and then you will require specialists throughout the execution of that strategy as it is implemented and evolves over time.

So, what are core questions that you will want to answer before you hire a cybersecurity company?

1. How long have they held onto their clients?

How many clients have retained their services and/or have been engaged repeatedly by their customer base? You want to know that the company has a good, loyal and longstanding customer base, as this indicates the customer satisfaction of their clients and likely shows a consistency in team staffing as well. Listing clients on the company website is always a red flag, since this attracts unnecessary attention to both clients and the company, increasing the risk of attacks for both. Always request referrals and talk with their customers about the capabilities and their experience with the potential company.

2. Can the company work with large and small budgets?

Your cybersecurity needs will change and evolve over time and you need a partner that can adapt to those changes as well. Evaluating what types of clients each cybersecurity company retains on their roster will give you an idea of whether that company can adapt to your budget, whether it is big or small. Some companies will be able to adapt to both. Do your due diligence and realize that smaller companies will have smaller budgets. Even if a larger security company can adapt to your budget, will you be a priority or a line item for their teams? Keep this in mind when asking for referrals from larger vendors. Ask for some smaller companies references as well as the more known brands.

3. Is cybersecurity the core business of the company?

This is a key consideration as more companies are now offering cybersecurity services to their clients. If cybersecurity isn’t a core service in their business, you will need to understand how experienced their team is and how knowledgeable is the company about the always changing cybersecurity landscape. If the company doesn’t maintain seasoned , they are less likely to understand the environment and even less likely to understand how to hire a cybersecurity team to manage their clients needs. They will be more focused on selling you a point solution, rather than being able to help guide you strategically. Great cybersecurity talent doesn’t want to work for a boss who doesn’t understand cybersecurity, which is why many larger companies who have cybersecurity as a service add-on usually have more junior staff with higher turnover rates. This brings us to our next point…

4. Is the company security or sales focused?

Is the company focused on security or sales? For instance, are there 20 engineers, but 30 sales executives. That tells you that they are really sales focused rather than investing in the development of their technical expertise and team. It also may be an indicator that they don’t have the staff to properly execute the projects, as they are spending more on resources to hunt for new sales opportunities than growing the implementation team. This often leads to less client retention. So, ask how often they are turning over clients and request more referrals so you can understand how well they can handle your business. You will also want to know that the team who sold you on the company will be the team that works on your strategy and manages the execution. The people selling the solution should be the same people who work with you after the contract is signed.

5. What is the team composition of the cybersecurity company?

How experienced is their team? What is the depth of experience in the team and in what areas of cybersecurity? Today, you have many different specializations in cybersecurity and it’s hard for even a generalist to comprehend more than five or seven areas of cybersecurity. And if they are a specialist, they are probably focusing on one, two or maybe three areas of cybersecurity. While architects may still be generalists, you may require something more specific for your needs. If this is the case, you have to ask how much in-depth knowledge and skill and experience the engineer has in the particular field you need. You may find that you should be selecting more than one company and putting a cross-vendor team together to execute all of your needs.

6. What is the customer service level during the execution of the strategy and what is after the execution post-launch?

When you’re looking for a cybersecurity company, you’re looking for a long-term partner and not somebody who comes in, executes the engagement and moves on. You will want to know what you can expect from the service levels of the team during the execution, frequency of contact and expectations for collaboration. You will also want to know if you have access to the original team who can perhaps meet with you once a month and discuss some additional issues, regardless of whether additional opportunities will come up, or not post project. Their incentive should be to develop a long-term relationship.

7. Finally, Is the company technology agnostic or are they primarily focused on one or a few types of technology?

Your cybersecurity strategy will require technology as part of the solution. You will want to understand if the company you are considering is primarily focused on one or two technology solutions or are they technology agnostic. This is important because you want the best solution tailored to your specific business needs. You also want to understand if the cybersecurity company is receiving payment for implementing any technology as well as their direct fees to you. They could be acting as a channel partner for the technology company instead of acting as a cybersecurity vendor who is placing your needs ahead of licensing sales for a technology firm.

Once you have answered the questions above, you are likely in a strong position to understand what and who you should be considering when you hire a cybersecurity company for your needs. If you’re just starting down the road of establishing a cybersecurity program, you will probably need somebody who is going to help you with the overall strategy and that is likely going to require a generalist.

Then, as step further understand the executional depth of the specific cybersecurity strategy you need, you will really be looking for a generalist who has more knowledge of the specific areas that relate directly to your unique business needs. As time goes on and once you have the architecture in place, this is where you will need to look for specialists who have a lot of in-depth knowledge in the key areas of risk that relate to your business structure and needs.

About Parabellyx

Parabellyx are security-matter-experts who take a focused and business aligned cybersecurity approach to developing strategies that accomplish your key business goals and objectives. We then train your entire organization in security, preparing you for any threat, until a security mindset is entrenched across your entire company, protecting and ‘future-proofing’ your information, your employees, your customers, your shareholders and your reputation. Contact us at