It’s hard to place DayBlink Consulting Cyber in a box. The most common feedback from our clients focuses on our ability to accelerate initiatives that are limping along or improve security practices that are underperforming. We believe this is in large part based on three principles: (1) Finding great consultants with impeccable communications and soft skills. After all, solving hard problems requires an ability to work well with a variety of personalities under stressing conditions. (2) Arming problem solvers with hard business management skills. This starts with a large investment in cross-training and learning. That is, continuously building expertise in strategy, organizational design, process improvement, workflow automation, solution design and implementation, data analytics, economic modeling, performance management, program delivery, and again good bedside manner. (3) Excitement and curiosity for all things cybersecurity. Waking up everyday knowing our efforts fight cyber adversaries. This mix of principles, personalities and capabilities enables us to tackle numerous cyber organizational and operational matters and continues to afford us opportunities to add unique value to our clients.
We have a proven track record of optimizing and automating a wide-range of cybersecurity and privacy practices and capabilities. We serve our clients across the full spectrum of capability optimization including strategy and planning, requirements definition, business and economic justification, workflow design and optimization, integration, automation, operationalization and change management.
A large Technology Sector client was seeking to cost effectively scale IAM provisioning and lifecycle management to reduce security risk and increase employee satisfaction and productivity. DayBlink planned, designed, implemented, and operationalized the client’s Identity Governance & Administration (IGA) capability using SailPoint. This set the foundational capability upon which the client could scale this function, enabling them to onboard dozens of high-use high-sensitivity applications, provision access automatically, and execute recurring access audit campaigns.
One of our Fintech clients had a large volume of abandoned and ghosted assets with missing or outdated operations owner/steward information. We were engaged to lead the integration of infrastructure scanning and asset ownership workflows to automate common operational management practices. This program resulted in up-to-date and accurate asset operational ownership information to reduce operational and cyber incident response and remediation times.
A Comms Sector client embarked on a major vulnerability management optimization program with the goal to identify, assign, remediate and verify fixes for a greater volume of high severity vulnerabilities. DayBlink was engaged to lead the optimization and automation of a variety of lifecycle steps, notably assignment, rescanning for verification, automated ticket closure, and burndown reporting. This resulted in material increase in the burndown of high-severity vulnerabilities within SLAs.
A Media & Communications client was challenged to scale the volume of threat models that were currently performed manually. We quarterbacked the budgeting, planning, design, integration, implementation and operationalization of automated threat modeling programs in close collaboration with the technology solution provider. This resulted in a material increase in the volume of threat models completed annually, ability to automatically run recurring threat models, auto-assignment of security findings to app owners, all while maintaining the same headcount of threat modeling security analysts.
Our clients rely on us to deliver their most critical programs and initiatives. Our deep security expertise with an ability to move products and programs forward at an accelerated rate is what defines us.
A Technology Sector client faced challenges serving its internal customers through confusing cybersecurity service offerings and capabilities. DayBlink Consulting was engaged to rationalize existing services, redefine a new service construct, then developed a communications plan to bring awareness to the services and how to procure them. This resulted in an increased volume of services procured, ultimately increasing the usage of cybersecurity services and adoption of cybersecurity practices.
A Large North American Comms Sector client company was required to implement and modify a variety of internal and customer-facing processes to comply with new regulation. DayBlink Consulting was responsible for leading the planning and approach, regulation-to-operational-requirements definition, system/data discovery, process design, customer portal design, implementation and operationalization. This resulted in the ability to facilitate new regulatory requirements such as a customer’s right to be forgotten.
A client’s internal customers (product and engineering teams) were dissatisfied with the security service request and fulfillment process, noting it was too complicated and time consuming with long lead times and no SLAs. Acting as the Product Manager, DayBlink Cyber designed and deployed a cybersecurity service management function borrowing best practices from the CRM and Service Management industries. Results included a streamlined request, intake, routing and fulfillment process, reduced cycle time to deliver service, improved internal customer satisfaction, reduced cyber risk.
A Financial Services Client identified security gaps through a mandate assessment that needed to be remediated prior to the go-live of their security controls. We led the gap remediation program with specific support on work streams including Third-Party Risk Management and Security Training & Awareness. TPRM activities included vendor tiering, workflow optimization, tool refinement, policy definition and procedure/ops documentation. Training and Awareness activities included tool rationalization and research, training content development, phishing development and operation, and metrics and KPIs development.
While we are deeply skeptical that being audit-proof is adequate to prevent a major cyber breach, meeting regulatory obligations is a must and a reasonable start that sets the foundation for expanding, hardening and scaling cybersecurity and privacy practices.
A large Healthcare Sector client was seeking perspectives on how their data protection practices and solutions stacked up against others. We were engaged to interview several companies in and across industries to understand data protection strategies, practices and solutions. This enabled us to deliver a side-by-side comparison indicating the client was using many of the same modern practices and solutions with a few material gaps to address as part of their long-term cyber risk management initiative roadmap.
One of our long-time clients needed to move to a more mature and industry-recognized method for conducting cybersecurity maturity assessments. We were engaged to implement a repeatable program for conducting annual maturity assessments using the DoE’s C2M2 Maturity Framework including a reporting suite to view scoring and related maturity assessment findings and results. This provided greater visibility into cyber practices that are meeting goals, a catalog of gaps and practices that require maturing, the development of a roadmap for improving capabilities, and an ability to track maturity scores over time by control.
For a variety of clients, there’s a recurring need for a comprehensive refresh of cybersecurity policies, standards and procedures, often to keep up with evolving regulation and changing technology landscape. DayBlink Consulting has been engaged to update existing, write new, and publish all manner of cybersecurity and privacy policies. These engagements provided a suite of policies and standards spanning a wide-variety of cybersecurity and privacy safeguards that must be in place for regulations that must be addressed.
Financial Services client needed to better understand upcoming FTC Security Regulation and to determine where the organization was non-compliant and required additional work to satisfy the regulation. We conducted a 6 week assessment which included over 20 teams and 100 stakeholders from the organization, identifying 100+ gaps or remediation opportunities. In addition, we developed the plan to resolve each required gap, including budget/spend requirements and presentations for board and leadership members explaining the assessment and its findings. As a result we were asked to help them lead a subsequent 6+ month assessment to provide Subject Matter Expertise and manage the remediation program for the client.
Despite cybersecurity moving up the ranks in terms of top risks management must manage, it remains a cost center. Maximizing value from investment is paramount. This begins with mature and disciplined financial and business operations functions that provide comprehensive visibility into security and privacy investments.
A leading Technology Provider was seeking greater insight and trackability of their Information Security organization’s top tier strategic and operational initiatives in a simple and intuitive portfolio of programs. DayBlink Consulting developed and operationalized a custom light-weight program portfolio solution, exclusive to the most critical and valuable programs underway or on deck, as part of their multi-year roadmap. This enabled management to showcase programs achieving outcomes and spot troubled programs (e.g., under/overfunded, blocked, and at risk) with which management could intervene.
Information security organization was seeking comprehensive investment analysis into numerous proposed multi-million dollar cybersecurity practices and solutions. We developed detailed business case templates for each initiative, interviewed key stakeholders to understand the problem being solved, solution need and scope, detailed economic analysis, viable alternatives considered, and value to the business. This enabled senior leadership across IT, IS and Finance to make informed decisions on which security investments to green-light.
Several of our clients – across Healthcare, Communications, Financial Services and Technology Sectors – are seeking to mature their cybersecurity financial and business operations functions. We have led programs such as developing resource capacity planning models, fine-grain (below cost center level) budget forecasting to actuals management, total cost of ownership (TCO) analysis, charge-back and show-back programs, and initiative benefits modeling. Collectively these result in greater economic and spend management visibility informing feasibility and health of security and privacy investment decisions.