The MSSP perspective: CISO insights into stronger security
Gary Landau has been leading IT and information security teams for over 25 years as part of startups as well as large global organizations. He is currently a Virtual Field CISO with Unisys Security Services, where he supports companies in many different industries. His mantra is “keep making it better” and he is passionate about continuously improving system reliability, performance, and security.
In this interview, Gary Landau unpacks valuable ideas, processes and solutions that can help businesses succeed in becoming more cyber secure. This is a fascinating read for any security professional eager to make an impact.
What are the most significant cyber security threats that your clients are currently facing?
The main cyber security threats most customers are worried about are AI and deepfakes. But where they really should be worried is around the basics — things like vulnerability management and credential protection.
As security protections have improved, I see more attacks around credentials — making credential protection and identity proofing more essential for our customers. There’s an adage that attackers don’t break in, they log-in. We’ve recently seen a lot more sophisticated fraud and credential-based attacks, especially due to improvements in AI.
We also see concerns about service desks needing to be more sophisticated in how they’re doing identity proofing, so that the service desks are not duped into resetting passwords for non-legitimate callers. In fact, a lot of organizations are starting to eliminate password resets by service desks altogether in favor of more sophisticated and automated identity proofing and password reset solutions.
Can you describe your customers? Is there a typical profile that you serve?
Our customers tend to be medium-to-large enterprises, and they can be in the public or private sector. There isn’t a single vertical that we focus on — we have customers from different industries. I’ve helped our customers in state and local governments and global enterprises — many different verticals. I've also spent recent years working with higher education institutions.
In your experience, what are the primary drivers that compel organizations to seek out MSSP services?
One unfortunate driver has been organizational breaches or attacks. Sadly, some organizations don’t realize that they need MSSP services like ours until after they are breached or have their business disrupted. In many cases, organizations aren’t benefiting or saving money by trying to manage all of their security in-house. In many instances, organizations have tools that they just don’t fully utilize because they don’t have the experienced nor trained staff to manage them. Also, maintaining the right staffing levels in-house can be challenging. In those cases, there is no advantage to keeping those services in-house. It becomes less expensive and more efficient to use an MSSP than to try and maintain that internal expertise. Plus, by using an MSSP, organizations have coverage even if their in-house staff turns over.
Can you walk us through your approach to assessing an organization’s cyber security needs and tailoring your services accordingly?
We have a three step approach, which starts with assessing the organization — and usually it’s based on some sort of security framework. I like the NIST frameworks, like NIST 800-53 and CSF. From the assessment we identify their security gaps and needs. We then propose and implement solutions to address those gaps. Lastly, we continually manage those solutions to make sure the security improvements are sustained. So, it’s an “assess,” “implement,” and “manage” approach.
How does your MSSP ensure the highest levels of security and compliance for clients across different industries, especially given differing regulatory requirements?
Since budgets typically aren’t unlimited, it’s about managing risk to an acceptable level for that organization. We recommend and strive to configure systems according to stringent security benchmarks, such as the NIST frameworks/standards or the CIS benchmarks. Then, irrespective if those benchmarks are for cloud environments or OS configuration settings, we will continuously improve those security settings for our clients to the point where we’re reaching 100% compliance with those recommendations.
Is it correct that cloud security is a specialty of Unisys?
It is. And it’s been a special focus of mine as well. Our focus is on helping businesses improve their services and a big driver is application modernization. What I mean by that is not just moving to the cloud, but modernizing their infrastructure, application processes, and security posture by refactoring legacy systems in the cloud. This helps make them more efficient while also making them more secure. Part of that security in the cloud is aided by our partnership with Check Point, which provides us with a CNAPP.
Could you share a bit about your partnership with Check Point and how that assists your enterprise?
Providing a comprehensive and effective solution requires people, processes and technologies. At Unisys, we have the skilled people and the effective processes, but we need a partner, Check Point, to provide that technology. It takes all three.