Rapid7 has announced the launch of a new Global Strategic Services Practice to help security executives and teams dramatically improve their ability to solve the cyber security challenges they face today and in the future. The new practice’s first offering, a Cyber Security Programme Development service, will transform organisations’ security programs to be more relevant, actionable, and sustainable through threat-focused programme assessment and development services. The new practice is led by Nicholas J. Percoco, who brings over 17 years of experience of building and running security programmes and services, including ten years at the helm of Trustwave SpiderLabs.
According to OWASP research, 43% of organisations do not have a documented cyber security programme in place. These programmes are difficult to create and implement as companies are challenged with prioritising security initiatives in the face of an evolving threat landscape, compliance, and business requirements. Experienced CISOs are seeking guidance on the best ways to design and implement a business-aligned security programme and where they can make the most efficient investments.
Rapid7’s Strategic Services practitioners have deep experience building and managing security programmes, with expertise in vulnerability management, fraud detection, threat intelligence, incident response, and red-team programmes. The newly launched Cyber Security Programme Development service will give organisations the guidance they need to build measurable and actionable programmes aligned with the strategic needs of the business. Each organisation’s programme recommendations will be customized to address their particular threats, risk appetite, and business goals.
Programme development starts with a Cyber Security Maturity Assessment to evaluate the current state of the organisation and gain an understanding of the risk appetite and business objectives. This knowledge is used to perform a gap analysis where industry best practices are compared to the organisation’s current controls and optimal changes are identified to build a relevant, actionable, and sustainable security programme aligned with standards such as ISO 27001, FFIEC, HIPAA, PCI DSS, FISMA, and Rapid7’s cyber-security maturity models. The resulting programme is designed for in-house staff to implement and drive measurable improvements over a timeframe appropriate to their organisation. Customer success is assured through detailed documentation, including a cyber security maturity scorecard, tactical and strategic recommendations, procedures guides, technical architectures, and a prioritised execution roadmap.
“Today’s organisations are constantly faced with new and emerging security threats and challenges, and it has become quite difficult to cut through the industry hype, prioritise initiatives, and determine the best allocation of resources,” said Nicholas J. Percoco, vice president of Strategic Services at Rapid7. “Our goal is to help security professionals make smart, informed decisions to address the challenges they face, significantly improving their security posture.”
Rapid7’s strategic services team brings a variety of perspectives and expertise to addressing customer challenges, with an average of over 15 years of hands-on security experience each. The most recent additions to the team are Maranda Cigna and Jay Radcliffe. Maranda joins Rapid7 as a manager on the Strategic Services team and will be responsible for defining and managing its programme development services. Prior to Rapid7, Maranda was senior IT security manager at FIS, the world’s largest financial services provider, where she was responsible for the management of the organisation’s global security test team. Jay is a graduate of the SANS Technology Institute’s Masters programme, and brings over 20 years of experience in the computer security field. He will provide expert technical insight to the group and a wealth of implementation knowledge.