Rapid7 Launches Global Strategic Services Practice with Unique Cyber Security Programme Development Offering
New programme will help transform the security posture of organisations through threat-focused programme assessment and development services
BOSTON, MA – September 10, 2014 – Rapid7, a leading provider of security analytics software and services, today announced the launch of a new Global Strategic Services Practice to help security executives and teams dramatically improve their ability to solve the cyber security challenges they face today and in the future. The new practice’s first offering, a Cyber Security Programme Development service, will transform organisations’ security programs to be more relevant, actionable, and sustainable through threat-focused programme assessment and development services. The new practice is led by Nicholas J. Percoco, who brings over 17 years of experience of building and running security programmes and services, including ten years at the helm of Trustwave SpiderLabs.
According to OWASP research, 43% of organisations do not have a documented cyber security programme in place. These programmes are difficult to create and implement as companies are challenged with prioritising security initiatives in the face of an evolving threat landscape, compliance, and business requirements. Experienced CISOs are seeking guidance on the best ways to design and implement a business-aligned security programme and where they can make the most efficient investments.
Rapid7’s Strategic Services practitioners have deep experience building and managing security programmes, with expertise in vulnerability management, fraud detection, threat intelligence, incident response, and red-team programmes. The newly launched Cyber Security Programme Development service will give organisations the guidance they need to build measurable and actionable programmes aligned with the strategic needs of the business. Each organisation’s programme recommendations will be customized to address their particular threats, risk appetite, and business goals.
Programme development starts with a Cyber Security Maturity Assessment to evaluate the current state of the organisation and gain an understanding of the risk appetite and business objectives. This knowledge is used to perform a gap analysis where industry best practices are compared to the organisation’s current controls and optimal changes are identified to build a relevant, actionable, and sustainable security programme aligned with standards such as ISO 27001, FFIEC, HIPAA, PCI DSS, FISMA, and Rapid7’s cyber-security maturity models. The resulting programme is designed for in-house staff to implement and drive measurable improvements over a timeframe appropriate to their organisation. Customer success is assured through detailed documentation, including a cyber security maturity scorecard, tactical and strategic recommendations, procedures guides, technical architectures, and a prioritised execution roadmap.
“Today’s organisations are constantly faced with new and emerging security threats and challenges, and it has become quite difficult to cut through the industry hype, prioritise initiatives, and determine the best allocation of resources,” said Nicholas J. Percoco, vice president of Strategic Services at Rapid7. “Our goal is to help security professionals make smart, informed decisions to address the challenges they face, significantly improving their security posture.”
Rapid7’s strategic services team brings a variety of perspectives and expertise to addressing customer challenges, with an average of over 15 years of hands-on security experience each. The most recent additions to the team are Maranda Cigna and Jay Radcliffe. Maranda joins Rapid7 as a manager on the Strategic Services team and will be responsible for defining and managing its programme development services. Prior to Rapid7, Maranda was senior IT security manager at FIS, the world’s largest financial services provider, where she was responsible for the management of the organisation’s global security test team. Jay is a graduate of the SANS Technology Institute’s Masters programme, and brings over 20 years of experience in the computer security field. He will provide expert technical insight to the group and a wealth of implementation knowledge.
For more information on Rapid7’s Strategic Services Programme, visit http://www.rapid7.com/services/strategic-services.jsp.
Rapid7 security analytics software and services reduce threat exposure and detect compromise for 3,000 organisations across 78 countries, including over 250 of the Fortune 1000. We understand the attacker better than anyone and build that insight into our solutions to improve risk management and stop threats faster. We offer advanced capabilities for vulnerability management, penetration testing, controls assessment, incident detection and investigation across your assets and users for virtual, mobile, private and public cloud networks. To learn more about Rapid7 or get involved in our threat research, visit www.rapid7.com.
 OWASP’s 2013 CISO Survey and Report ((https://www.owasp.org/index.php/CISO_Survey_2013:_Governance_and_control)