Should Security Teams Be Treated Like Law Enforcement

Cyber Security Teams Stressed to the Hilt

I read a Linkedin post yesterday from Mike Ebbers ( post ) postulating how we might make a comparison between law enforcement and information security personnel. His basic premise is law enforcement does not prevent 100% of crime, but they are not "fired" for not meeting this unattainable goal. So, why are company IT security personnel not held to the same standard? 

After all is it realistic to expect our security teams to have a 100% prevent defense? Since, I served time in the law enforcement/intelligence field ( read my story on Linkedin ) this post resonated with me. 

Our firm works with security teams in enterprises every day and I can tell you they are dedicated, trained, passionate and STRESSED to the hilt on getting things right. From having the right "tools", meeting business driven metrics, adhering to overwhelming compliance and regulations to keeping up with all the "new shiny security objects" and the associated noise in the market. Plus, add in the continued bad habits of employees that lead to security risks.  It's no wonder the average life span of a CISO is 2-3 years.

So, what do businesses do to support their security teams and provide realistic and acceptable metrics that have some relevant measurements? Mike's proposal to define acceptable metrics is a start. How about developing a "risk register" at the business level that drives those metrics and identifies severity of risk and possible solutions that can be applied. We usually ask clients if they have a risk register and often it is "NO". 

Maybe do what Steve Cohen wanted to do when he started up his new investment firm (after being the subject of a SEC probe of criminal behavior) look to hire former law enforcement article 

What do you think? 


Why Key Shadowing Will Disrupt the Cryptographic Key Market


Two months ago, our firm announced a partnership with HyperSpace Security to bring their encryption technology, Key Shadowing, to market. You can read the press release here, press release.

The headline claims Key Shadowing to be a “disruptive’ technology to the cryptographic key market. A rather bold statement. A statement we have been sharing every day for the past number of weeks with our clients and prospects. Every call, every demo and every conversation we’ve had with our eco-system and the media has focused on the Key Shadowing “disruptive” factor.

When we did our due diligence on Key Shadowing and decided to take on the partnership the term “disruptive” stuck with us. Were we skeptical? Maybe a little. Consider the business definition of disruptive: relating to or noting a new product, service, or idea that radically changes an industry or business strategy, especially by creating a new market and disrupting an existing one.

We have all heard this before, especially in the IT security space. However, after speaking to Dane Butzer the inventor of Key Shadowing, and grasping the hyper math behind the patent, it’s ability to “eliminate” master keys and the immunity property to quantum computing we came to understand the “disruptive” moniker. You can read the white paper for yourself:  white paper

The ELIMINATION OF THE MASTER KEY. No more lost or stolen keys. No need for a Key Management System. Now, consider the impact to the deployment of asymmetric keys, symmetric keys, message authentic codes (MACS), key encryption keys and distributed ledger technology (DLT)…. can you say blockchain?

Does this qualify as “disruptive”? What do you think?


Tanium and Intelligence Services Group Partner to Deliver Unique Security Capability

MORGANVILLE, N.J. & ORLANDO, Fla. - Nov. 21, 2017 - PRLog -- Tanium (, the revolutionary and leading company for endpoint security/systems management and Intelligence Services Group, LLC (iSG)( , a unique firm for delivering intelligence/investigative capability fused with technology have announced a formal partnership today to deliver their combined capabilities to the market.

"Our DNA allows us to deliver a unique and compelling security experience to the market. Unlike other traditional partners which ISV's choose that sell a plethora of products, we only include in our portfolio a few leading technology firms which will enhance our intelligence/investigative background to deliver risk management. Tanium's vision to be a game changer aligns perfectly with our strategy to deliver a unique approach to the market", said Bob Henderson, Founder | CEO of Intelligence Services Group, LLC.

iSG will focus on delivering Tanium to its clients in the USA and have already been in discussions with global financial firms and retailers to deliver on the Tanium capability.

Intelligence Services Group. LLC is a team of intelligence operative/law enforcement executives from the federal, state, local and international (Interpol) communities. We fuse our expertise with the best in class technologies for conducting investigations, providing digital forensics, enabling cybersecurity and implementing mobile encryption capabilities to our clients for managing risk.

Intelligence Services Group, LLC can be reached at 833-623-3092 or email at: