Last Updated on March 16, 2023
If your business handles data on behalf of others, you’re probably under rising pressure from clients and others to provide objective evidence that your cybersecurity and privacy program is robust and complies with key regulations. Are you “provably secure and compliant” today? If not, it’s going to hurt you competitively.
Helping organizations prove they’re secure and compliant is what Pivot Point Security is all about. In a recent guest appearance on Harbor Technology Group’s podcast “The Perfect Storm,” Pivot Point Security CISO and Managing Partner, John Verry, talked about our process, our services and the value we deliver.
Helping clients become provably secure and compliant
“I think we’re pretty easy to understand,” says John. “We’re an organization that helps organizations that need to prove they’re secure and compliant to do so. We do that through a group of tightly interrelated services. We do a lot of helping organizations build and optimize their cybersecurity programs, and achieve conformance and attestations, from things like ISO 27001 and SOC 2 and FedRAMP and HITRUST, and now of course CMMC. [We also] understand the underlying regulatory compliance frameworks that will feed into those, like HIPAA, the California Consumer Privacy Act, PCI…”
John continues: “We have a security assessment practice where we help organizations prove that their networks and applications and cloud infrastructure are secure. Vulnerability assessments, penetration tests, things of that nature. We have a virtual security team and a virtual CISO service, where we’re flexing in both that strategic component, and then perhaps an operational component. [Take] things like vendor due diligence reviews. Some organizations who build their own due diligence program don’t have the staff for it, so they need someone to execute it. That’s the core of what we do on an everyday basis.”
Attestation is critical now
As host Matt Webster notes, firms like Pivot Point Security are seeing an ongoing uptick in demand for their vCISO services, as well as support for certification efforts like CMMC, ISO 27001 and SOC 2.
“Attestation is the key now,” relates John. “If you’re going to process somebody else’s data, you need to be able to prove that you’re doing it in a way that’s responsible and achieves their needs.”
These days it doesn’t matter if you’re a small company. It matters how big your customer is, and what’s important to them. If you work for Microsoft, for instance, you need to be ISO 27001 certified even if you’re a one-person shop.
“Your word is just not good enough,” Matt adds.
Looking for some more content about how to follow proven security process? Check out the related blog post: Step 1 to “Provably Secure and Compliant” – Establish Your Vision – Pivot Point Security
For a lively deep dive into Pivot Point Security’s unique value proposition, listen to full episode with John Verry on Harbor Technology Group’s “The Perfect Storm” podcast: https://pivotpointsecurity.com/podcasts/ep60-john-verry-a-guide-for-validating-your-security-process/
Successful vCISO = All Security Roles Filled
This document outlines the 3 critical roles and responsibilities of a Virtual Chief Information Security Officer: Architect, Builder, and Operator.
Download the free inforgaphic now!