The CISO Stories PodcastSubscribe
Managed Services

When considering MSSPs, don’t forget who owns the risk


When trying to determine if you need a managed security service provider (MSSP), the first thing cybersecurity professionals need to realize is that they are owners of risk, said Johnathan Nguyen-Duy, Fortinet’s vice president of its field CISO team.

“Whether you’re a large enterprise or small enterprise, a person — whether it’s a CISO, or an IT manager — you own that risk, and it’s your job to manage that risk,” Nguyen-Day said during an episode of CISO Stories podcast. “And whether you do that internally or an in-house solution or whether you partner or some combination of third party, you will always own that risk."

Listen to episode 31 of CISO Stories: Practical Considerations for Managing Your MSSP

When companies look to an MSSP, they have to understand the outcome they're trying to achieve and work backwards.  And that outcome can't be a risk handoff of risk, Nguyen-Day said. Rather, companies need to partner with the MSSP to define gaps and approach, understanding that the MSSP doesn’t own that risk; so you’re going to have to manage them.”

At Fortinet, Nguyen-Duy focuses on strategy, data analytics and helping enterprises with digital transformation for security from the IoT edge, across enterprise networks, to hybrid clouds.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.