When trying to determine if you need a managed security service provider (MSSP), the first thing cybersecurity professionals need to realize is that they are owners of risk, said Johnathan Nguyen-Duy, Fortinet’s vice president of its field CISO team.
“Whether you’re a large enterprise or small enterprise, a person — whether it’s a CISO, or an IT manager — you own that risk, and it’s your job to manage that risk,” Nguyen-Day said during an episode of CISO Stories podcast. “And whether you do that internally or an in-house solution or whether you partner or some combination of third party, you will always own that risk."
When companies look to an MSSP, they have to understand the outcome they're trying to achieve and work backwards. And that outcome can't be a risk handoff of risk, Nguyen-Day said. Rather, companies need to partner with the MSSP to define gaps and approach, understanding that the MSSP doesn’t own that risk; so you’re going to have to manage them.”
At Fortinet, Nguyen-Duy focuses on strategy, data analytics and helping enterprises with digital transformation for security from the IoT edge, across enterprise networks, to hybrid clouds.