Should Security Teams Be Treated Like Law Enforcement

Cyber Security Teams Stressed to the Hilt

I read a Linkedin post yesterday from Mike Ebbers ( post ) postulating how we might make a comparison between law enforcement and information security personnel. His basic premise is law enforcement does not prevent 100% of crime, but they are not "fired" for not meeting this unattainable goal. So, why are company IT security personnel not held to the same standard? 

After all is it realistic to expect our security teams to have a 100% prevent defense? Since, I served time in the law enforcement/intelligence field ( read my story on Linkedin ) this post resonated with me. 

Our firm works with security teams in enterprises every day and I can tell you they are dedicated, trained, passionate and STRESSED to the hilt on getting things right. From having the right "tools", meeting business driven metrics, adhering to overwhelming compliance and regulations to keeping up with all the "new shiny security objects" and the associated noise in the market. Plus, add in the continued bad habits of employees that lead to security risks.  It's no wonder the average life span of a CISO is 2-3 years.

So, what do businesses do to support their security teams and provide realistic and acceptable metrics that have some relevant measurements? Mike's proposal to define acceptable metrics is a start. How about developing a "risk register" at the business level that drives those metrics and identifies severity of risk and possible solutions that can be applied. We usually ask clients if they have a risk register and often it is "NO". 

Maybe do what Steve Cohen wanted to do when he started up his new investment firm (after being the subject of a SEC probe of criminal behavior) look to hire former law enforcement article 

What do you think? 


Tanium and Intelligence Services Group Partner to Deliver Unique Security Capability

MORGANVILLE, N.J. & ORLANDO, Fla. - Nov. 21, 2017 - PRLog -- Tanium (, the revolutionary and leading company for endpoint security/systems management and Intelligence Services Group, LLC (iSG)( , a unique firm for delivering intelligence/investigative capability fused with technology have announced a formal partnership today to deliver their combined capabilities to the market.

"Our DNA allows us to deliver a unique and compelling security experience to the market. Unlike other traditional partners which ISV's choose that sell a plethora of products, we only include in our portfolio a few leading technology firms which will enhance our intelligence/investigative background to deliver risk management. Tanium's vision to be a game changer aligns perfectly with our strategy to deliver a unique approach to the market", said Bob Henderson, Founder | CEO of Intelligence Services Group, LLC.

iSG will focus on delivering Tanium to its clients in the USA and have already been in discussions with global financial firms and retailers to deliver on the Tanium capability.

Intelligence Services Group. LLC is a team of intelligence operative/law enforcement executives from the federal, state, local and international (Interpol) communities. We fuse our expertise with the best in class technologies for conducting investigations, providing digital forensics, enabling cybersecurity and implementing mobile encryption capabilities to our clients for managing risk.

Intelligence Services Group, LLC can be reached at 833-623-3092 or email at: