Alvaka’s Kevin B. McDonald

Cybersecurity and compliance are fertile ground for partner opportunity. But do you understand the difference between these two critical concepts? Partners interested building a cybersecurity and/or compliance practice need to understand the risks/rewards and what they need to do to help clients, and themselves, as they navigate this area.

In his keynote presentation Let’s Talk Cybersecurity – Obligation to Opportunity at the upcoming Channel Evolution Europe, Kevin B. McDonald, HCISPP,  COO and CISO at Alvaka Networks and a cybersecurity analyst, will spotlight some requirements to build today’s cybersecurity defenses. In an interview with Channel Futures, McDonald shed some light on what to expect at his upcoming presentation.

Channel Partners: You say that a client’s cybersecurity and compliance needs are two different things. Please explain.

Kevin McDonald: Compliance is a process of following a generally accepted “list” of minimum actions that are designed to help guide an organization to security. These rules only prescribe classes of policies, procedures and technology required to comply and are generic. Security on the other hand is a changing and customized set of policies, procedures, systems and tools that people implement and maintain to protect and defend information, technology and human assets.

CP: Talk a bit about the opportunity for partners in the world of cybersecurity and compliance.

KM: I have watched as the cybersecurity market exploded. My first work in cyber was offering PC malware scanning software in the 1990’s. I believe there is no category of technology or technology services that can compete with the opportunity in cybersecurity. Compliance is a forced exercise mandating controls that always require some professional effort, technology to implement, and ongoing maintenance and management. There is a massive shortage in capability and an ever-growing threat. As we see more devastating attacks, we will continue to see more dictates requiring even more human and technological solutions … all of which mean potential profit for those who have capability to provide services.

CP: Name a few things that partners must have in place to be successful in cybersecurity and compliance.

KM: You cannot pretend to do security. You need talent, technology and commitment to do the right things and not just what makes you money. Get your own house in order before trying to help others. No one is perfect, but you must get the basics right. Also, tell the truth and don’t exaggerate the benefits of what you propose to do. Provide high-impact solutions first, even if they are not the most profitable.

CP: Name a few areas where partners fall short today when touting cybersecurity and compliance practices — compared to those partners who have successful practices.

KM: Many who are venturing into security are confusing technology sales with security consulting and management. They are more focused on making the technology sale [that they’re authorized to earn a margin on] than truly working to secure a…

…client’s life from digital — and in the case of industrial controls, physical — risk. We often see great technology poorly configured, policies ignored, and smoke and mirrors reports that do not give a holistic and honest view of the security posture.

CP: Why attend your presentation? What are some of the takeaways for attendees?

KM: I have been in the trenches of cyber for two decades, with a laser focus since 2001. I see and operate in highly secure and sensitive environments and do not take a profit-first view of security. On the other hand, there is a very healthy living to be made doing what is right and good for our enterprises, small businesses, nonprofits and governments. I can show you how to make money doing what is right.