Technology

Community Experiences Shared: When Tech Implementations Go Awry

Barry McIntyre
by Barry McIntyre
3 min read
(October 9, 2023)

Selecting the right cybersecurity technology is a complex and critical decision for organizations. In this month’s member spotlight we spoke with Dan Demetry, an Information Security Manager at AMH who is a member of the Cyber Security Tribe Community.

The conversation between Dan Demetry and Cyber Security Tribe Co-Founder Dorene Rettas, delved into the intricacies of implementing new cybersecurity technology. Demetry shared valuable insights on what to consider before and during the implementation process. In this article, we will explore the key takeaways from our conversation, shedding light on the often-overlooked challenges that organizations face and how they can overcome them.


Understanding the Need for New Technology

Before diving into the implementation phase, it is crucial to understand why new cybersecurity technology is needed. Demetry emphasized the importance of developing at least three use cases using a risk-based approach, aligning them with the security roadmap and business priorities. This approach ensures that the selected technology will elevate the security posture of the organization. 

However, network and email security technology purchases can be particularly unpredictable. Since no two environments are the same, testing their performance can be challenging. He advised organizations to exercise caution during proof of concept (PoC) engagements with vendors, especially in email or network security, where there may not be a test environment for effective evaluation. Collaborating with security engineers and seeking their expertise can help identify potential pitfalls.

When to Consider Replacing Security Technologies

Managing existing security technologies is just as critical as implementing new ones. It is important that security teams need to assess when it might be time to replace a security technology. Factors to consider include:

  • Overhead and Management Burden: When a security technology becomes too cumbersome for the security team to manage efficiently, it may be time for a change.
  • False Positives: Dealing with an excessive number of false positives can strain resources and decrease efficiency.
  • Lack of Granularity: If a security solution lacks the capability to fine-tune alerts or notifications, it can hinder the team's ability to take meaningful actions.
  • Vendor Instability: Demetry highlighted the importance of keeping an eye on the financial stability of security vendors. Mergers or acquisitions by competitors or private equity firms can lead to disruptions.
Demetry also shared a valuable tip about investigating vendors' financial stability before making a commitment. This proactive approach can prevent potential integration issues down the road.

Implementation Challenge Case Studies 

Implementing new cybersecurity technology can be a daunting task. The importance of preparing the team and having professional services or support in place. Even with thorough preparation, challenges can arise. Two use cases of this include:

  1. Email Security Implementation: In one instance, a tight deadline and a discount offer pushed an email security implementation forward. However, communication issues and a lack of vendor expertise in Gmail environments created initial hurdles. Employees felt the impact, but the organization eventually overcame the challenges.
  2. Multi-Factor Authentication (MFA) Deployment: Another case involved deploying MFA across the organization in phases. While most phases went smoothly, one critical application initially didn't interact well with the MFA solution. The vendor CEO's intervention and custom code development saved the project.

Lessons Learned:

Reflecting on these experiences, Demetry noted that sometimes challenges are unavoidable. However, organizations can learn from these experiences. It's essential to share such experiences with peers, fostering a sense of camaraderie in the Cyber Security Tribe community. Additionally, he emphasized that growth often comes with discomfort and that the mental toughness to navigate challenges is crucial.

Takeaways:

Implementing new cybersecurity technology is a complex journey with its share of challenges. Understanding the need for technology, evaluating when to replace existing solutions, and navigating implementation hurdles are all part of the process. By learning from experiences and sharing insights within the Cyber Security Tribe Community, organizations can better prepare for and overcome these challenges, ultimately strengthening their security posture. 

*During the recording it was noted six weeks to implement the email security technology, whereas it was actually ten weeks.  
Previous story
← Exploring Cybersecurity Risk Management with Randall “Fritz” Frietzsche
Next story
Discovering Ikigai: A Source of Purpose →
Insights into the Vital Role of Data Security Posture Management
Data Security Posture Management
Technology

Insights into the Vital Role of Data Security Posture Management

(February 1, 2024) 3 min read
Enterprise Browser: Enhancing Security and User Experience
Enterprise Browser: Enhancing Security and User Experience
Technology

Enterprise Browser: Enhancing Security and User Experience

(January 15, 2024) 2 min read
Unlocking the Benefits of Causal AI in Cybersecurity
Unlocking the Benefits of Causal AI in Cybersecurity
Technology

Unlocking the Benefits of Causal AI in Cybersecurity

(October 18, 2023) 3 min read