News Feature | May 28, 2015

From ASCII Chicago: 7 Cybersecurity Tips For Solutions Providers

jim roddy

By Jim Roddy, VP of Marketing, RSPA

Tawiah

Reading the biography of ASCII member Eugene Tawiah, it’s clear the guy is all about security. First, he’s the founder and CEO of information security services provider Complex Technologies which serves the New York City and New Jersey metro area. Tawiah has been an IT engineer for 15 years and lists an alphabet of acronyms after his name — CISSP (Certified Information Systems Security Professional), CEH (Certified Ethical Hacker), CCNP (Cisco Certified Network Professional), and MCSE (Microsoft Certified Solutions Expert).

Additionally, Tawiah responds to 911 calls as a volunteer EMT and works in his community as an auxiliary police officer. I mean the guy is all about keeping people — and their information — safe.

Tawiah talked about cybersecurity to 100+ channel executives Thursday at the ASCII Success Summit at the Hyatt Regency O’Hare in Chicago. I captured seven of his best pieces of advice for solutions providers.

Don’t assume one size fits all. “One size fits all is not the case with information security. There are all sorts of firewalls, next generation firewalls, Web application firewalls, content developer networks, and more,” Tawiah said. “Then there’s the thought process that open source is free. That’s great, but if you roll out your own open source product, you’re stuck on forums looking for answers. There’s no support.”

Brace for higher prices. “Information security products cost a lost more. When you start offering these services, those costs can be passed to your customers. But it’s really not that expensive when you get better margins. Get used to that in the information security space the products cost more. I’m cautious of the ones that cost less. What are they not doing?”

Call your lawyer. “There’s a lot of liability surrounding being an information security provider. Make sure a lawyer reads your master services agreement. Also call your insurance company to make sure you’re properly insured for this.”

Charge more. “I think security is something you should charge extra for. You’re learning the business of your client, and that takes time. It’s not an easy installation — you don’t just press a button and go. If you’re investing the time, you should get paid for it.”

Know the language … so you know up from down. Tawiah shared a slide that listed cybersecurity lingo that would stump many MSPs and VARs. Here’s part of that slide:

  • White box vs. black box
  • Threat vs. risk vs. vulnerability
  • Standard vs. guideline vs. policy
  • Penetration test vs. vulnerability assessment

Know your limits. “If you’re not a web person, don’t offer web vulnerability services. You won’t be able to explain it. If you’re a server guy, offer server security services. There are plenty of vendors who can help you with services that fill in some gaps. But you have to know your craft and stick to what you know.”

Invest in yourself. “Catch up on the world of security. There are podcasts to listen to, and information on vulnerabilities are being released daily. A good part of every morning for me is catching up on what was released yesterday.”

The ASCII Success Summit – Chicago is being held May 27-28 at the Hyatt Regency O’Hare in Chicago. It is one of eight solution provider-focused conferences ASCII will host in 2015. For more information on ASCII, go to www.BSMinfo.com/go/InsideASCII.