Recently, TDI’s Vice President of Solutions Jesse Dean sat down to discuss Cybersecurity Performance Management with the AST Cybersecurity podcast, which covers a large variety of cybersecurity related topics. In this podcast, Jesse talks about the basics of what TDI is, how CnSight was created, why tracking CPIs are so important, who CnSight is for, and how it can be used to help organizations manage risk.
At the start of the talk, Jesse discusses some TDI customer success stories; ways in which CnSight has been deployed to immediate effect in giving performance visibility into a customers’ poorly performing third-party MSP team. Using CnSight, they could verify their MSP’s performance and set incremental milestones to get them on-track for acceptable performance. This brings them onto the discussion of CnSight, and specifically how it came to be. In a crowded marketplace of over three thousand security tools, cybersecurity performance has not increased in recent years as companies lose sight of the cybersecurity fundamentals that often take a back seat to high-visibility initiatives. So there becomes a need for a way to track and measure the fundamental cybersecurity performance of an organization, and Jesse believes that it’s necessary for IT leaders to make the best of the limited resources available to them by increasing efficiencies in their cybersecurity process. Jesse explains that CnSight is essentially risk reduction through increased cybersecurity efficiency, as being able to track and manage cybersecurity performance from the executive level allows prioritization in reducing risk, increasing cybersecurity performance, and spending less on improving metrics that don’t actually reduce risk in a meaningful way.
Jesse also introduces the concept of Cybersecurity Performance Indicators (CPIs), which are helpful metrics that detail how your organization is performing on a day-to-day basis. Establishing and tracking specific CPIs allows for organizational introspection on what is and is not working from a security standpoint. For IT departments, being able to document and show improvement allows for executives to have a better understanding of the performance their investment creates; meaning that there can be better communication between all parties involved, and a creates a more effective cybersecurity program. CnSight is suited for a wide variety of organizations, but it may see the greatest use to new CISOs looking to quickly establish a clear understanding of their current cybersecurity performance and where they want to be. CnSight can also prove very useful for leadership teams in budget-constrained industries such as higher education where there is a real drive to get the most performance for the lowest budget spend possible, or as a value-add option for MSPs.
To hear the conversation, download the podcast recording here.