Would You Pay Someone for Sleep?
At first glance that may seem like a ridiculous question; the obvious answer is “NO.” However, things are not always as obvious as they seem. A closer inspection reveals the need for a follow-up question: “Am I paying someone else so they can sleep, or so I can sleep?” That is a great question to ask as it changes the initial perspective. Paying someone else so you can sleep may potentially change an obvious and immediate “NO” to a possible “YES.” It is all about asking the right questions and forming the correct perspectives.
Successful cyber security consulting is based on asking the right questions. Without them, we have no way of providing a client with correct perspectives which may potentially lead to different, and more suitable, outcomes. It requires a tabula rasa mindset, a design thinking approach, and absolutely no preconceived or prepackaged solutions. That is the perspective we bring to our clients to solve challenges. That is not “thinking outside the box.” It’s realizing there is no box, and never has been.
“When a customer asks you for a ¼-inch drill bit, they don’t
really need a drill bit. They need a ¼-inch hole.”
~ Theodore Levitt ~
Our Consulting Services
No consulting company can be all things to all people, although many do put forward their best effort and try. Phase2 Advantage has five areas of concentration within the cyber security consulting realm at which it excels: The NICE Framework, Train-the-Trainer programs, IT Business Continuity, IT Disaster Recovery, and IT Risk Management. We will never claim to be something we are not, and we will always refer clients to companies with the capabilities they need when necessary. Listed below are the consulting services we provide to clients.
NICE Cybersecurity Workforce Framework
The National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NICE Framework), published by the National Institute of Standards and Technology (NIST) in NIST Special Publication 800-181, is a nationally focused resource that establishes a taxonomy and common lexicon to describe cybersecurity work, and workers, regardless of where, or for whom, the work is performed. Our work with clients includes the development of training programs and course materials that align with the framework categories and specialty areas.
Cyber Security Train-the-Trainer Programs
Phase2 Advantage works with numerous entities – including corporations, academia, and government – to create a wide range of cyber security training capabilities according to the needs of the entity. In this type of professional development the ability to convey knowledge is critical, and we are experts at conveying subject matter expertise in a manner in which inspires students to be confident in their training and capabilities.
IT Business Continuity Planning
Business Continuity and Disaster Recovery planning are not the same function and require different skillsets in order to be successful. Business continuity planning is a proactive plan to avoid and mitigate risks associated with a disruption of operations. While it does plan for actions to be taken after an event, it focuses on preventive and preemptive solutions to reduce the probability of a disaster occurring. In this type of planning the ability to ask the correct questions is critical, and we are experts at asking correct questions based on the environment in which we are located at the time.
IT Disaster Recovery Planning
Unlike the preventive focus of Business Continuity planning, Disaster Recovery plans for actions which are responsive and reactive. As businesses face a wide range of daily risks – including cyber-attacks, human error, technical failures, and natural disasters – it is vital they create practical plans to sustain their security posture, financial health, and industry / brand reputation to maintain long-term success. In this type of planning the ability to observe minute details is critical, and we are experts at incorporating an attention to detail that affords our clients the capability of executing their plans with precision.
IT Risk Management
Given the wide range of technology-enabled components comprising modern security programs, the potential for exposure to risk has grown exponentially. Laws governing regulatory and compliance requirements change rapidly as they attempt to keep pace with technology trends. Information security frameworks and models, once barely acknowledged and often ignored, are now expected responsibilities and strictly enforced. In this increasing regulatory environment, the ability to audit and assess potential risk is critical, and we are experts at the type of risk identification, assessment, and mitigation that affords our clients the capability of sleeping well at night.
“The answer is “YES,” we can do that.
Now, what’s the question?“
~ Michael I. Kaplan ~