Risk-Management : Technology : Network Vulnerabilities :
Rapid7 Launches Global Strategic Services Practice
New program will help transform the security posture of organizations through threat-focused program assessment and development services
Rapid7, a leading provider of security analytics software and services, has announced the launch of a new Global Strategic Services Practice to help security executives and teams dramatically improve their ability to solve the cyber security challenges they face today and in the future.
The new practice’s first offering, a Cyber Security Program Development service, will transform organizations’ security programs to be more relevant, actionable, and sustainable through threat-focused program assessment and development services. The new practice is led by Nicholas J. Percoco, who brings over 17 years of experience of building and running security programs and services, including ten years at the helm of Trustwave Spiderlabs.
According to OWASP research, 43% of organizations do not have a documented cyber security program in place. These programs are difficult to create and implement as companies are challenged with prioritizing security initiatives in the face of an evolving threat landscape, compliance, and business requirements. Experienced CISO’s are seeking guidance on the best ways to design and implement a business-aligned security program and where they can make the most efficient investments.
Rapid7’s Strategic Services practitioners have deep experience building and managing security programs, with expertise in vulnerability management, fraud detection, threat intelligence, incident response, and red-team programs. The newly-launched Cyber Security Program Development service will give organizations the guidance they need to build measurable and actionable programs aligned with the strategic needs of the business. Each organization’s program recommendations will be customized to address their particular threats, risk appetite, and business goals.
Program development starts with a Cyber Security Maturity Assessment to evaluate the current state of the organization and gain an understanding of the risk appetite and business objectives. This knowledge is used to perform a gap analysis where industry best practices are compared to the organization’s current controls and optimal changes are identified to build a relevant, actionable, and sustainable security program aligned with standards such as ISO 27001, FFIEC, HIPAA, PCI DSS, FISMA, and Rapid7’s cyber-security maturity models. The resulting program is designed for in-house staff to implement and drive measurable improvements over a timeframe appropriate to their organization. Customer success is assured through detailed documentation, including a cyber security maturity scorecard, tactical and strategic recommendations, procedures guides, technical architectures, and a prioritized execution roadmap.
“Today’s organizations are constantly faced with new and emerging security threats and challenges, and it has become quite difficult to cut through the industry hype, prioritize initiatives, and determine the best allocation of resources,” said Nicholas J. Percoco, vice president of Strategic Services at Rapid7. “Our goal is to help security professionals make smart, informed decisions to address the challenges they face, significantly improving their security posture.”
Rapid7’s strategic services team brings a variety of perspectives and expertise to addressing customer challenges, with an average of over 15 years of hands-on security experience each. The most recent additions to the team are Maranda Cigna and Jay Radcliffe. Maranda joins Rapid7 as a manager on the Strategic Services team and will be responsible for defining and managing its program development services. Prior to Rapid7, Maranda was senior IT security manager at FIS, the world’s largest financial services provider, where she was responsible for the management of the organization’s global security test team. Jay is a graduate of the SANS Technology Institute’s Masters program, and brings over 20 years of experience in the computer security field. He will provide expert technical insight to the group and a wealth of implementation knowledge.
 OWASP’s 2013 CISO Survey and Report, https://www.owasp.org/index.php/CISO_Survey_2013:_Governance_and_control