A Q&A with SideChannel (Part I)
Grab your coffee or a cup of tea. Now, get comfortable to read the first part of a Q&A session to learn more about SideChannel.
Let's get started...
Q. What is the meaning of SideChannel’s name?
A. If anyone searches for the word side channel, the result will be mostly that it is a type of attack intended to find shortcuts to break the security of a computer system. As a graphical idea, it’s similar when a doctor puts the stethoscope on any side of a person to listen how the body is sounding and get clues about its functioning. In the case of a computer system, cyber security attackers use software, like doctors’ stethoscope, to “listen'' through the Internet –which is the channel– to the different “sides” of a computer system in order to obtain information about how it was implemented.
Q. Why SideChannel took its name from a cyber security attack?
A. Because we are experts who understand what attackers do. Our cybersecurity services are not just to fix risky issues, we also provide advisory on how to prevent them. In other words, we came up with that name to highlight that our experts can see the whole picture from the malicious and unintentional security damages. Also, our name reassures to our clients they can feel safe and protected with our services.
Q. Who may need SideChannel’s services on cyber security?
A. People tend to think that the term CISO (Chief Information Security Officer) or cybersecurity symptoms only live at the corporate level or in the big companies arena. Thing is, wherever there is a computer system, there always will be the need to prevent information security risk. SideChannel’s services are specially designed for small businesses, mid-market companies, non-profit corporations, venture capitalist portfolios, startups, municipalities and governments who struggle in finding an experienced CISO to help them in how to protect their digital assets and bolster their cybersecurity posture. Also, all these entities can’t carry the weight in their payroll for a full time CISO.
Q. What does SideChannel’s services offer?
A. SideChannel’s services are intended to provide a well-grounded, practical, and focused approach, delivering realistic and attainable security objectives. These can be achieved by executive virtual CISO (vCISO) who have the capabilities to service clients, their management team and board, by recruiting and developing high impact teams, drawing on technology already in an organization before pursuing a vendor solution, and creating end to end processes that give actual lift to a company's ability to secure its people, assets, and data. Our approach is based on the utilization of more cost effective software implementations, strategic alignment of security organizations, and best practices for CIOs and CEOs alike.
Q. What is a vCISO?
A. vCISO is one of SideChannel's approaches. Our vCISOs are recognized experts and actual CISOs who use their experience –in public and private sectors– to provide guidance. A vCISO works hand-to-hand with businesses and organizations' boards, stakeholders and management team to advise in developing the strategic vision, resources, and protocols to maintain an appropriately sized, measured, effective security program. As a result, at the fraction of the price of a full time CISO or security expert, a vCISO can reduce risks, balance security investment, and build the confidence an organization needs to operate through business aligned cybersecurity.
Q. What is SideChannel’s methodology?
A. SideChannel’s methodology is based on another approach: we take our client’s security as an overall business problem. First of all, our experts understand client’s current profile threats, assets, strengths, weaknesses, partners, regulatory obligations and investments through research of proprietary data sources and by assertive talks with client’s staff. Second of all, in order to build a full understanding of where a client stands and where they need to go, our experts measure client’s controls and relative operational and program effectiveness, through scenario analysis and walkthroughs. And third, our experts provide a plan to bring clients to their target profile and help them execute it. This may include: program, policy and procedure documentation; strategy development; procurement and vendor negotiation; identification, implementation and management of tolls and managed services providers; oversight of team and program activities.
Photo Credit 📸 Jefferson Santos