CIO Bulletin

SecurityHQ: Providing complex, large scale, round-the-clock security operations globally

As technology has advanced over the years, so have security attacks and hacking. Traditionally, security networks were simple and able to detect intrusion from external sources; however, in today’s world, network intrusions can be external and internal, therefore, intrusion detection now requires multiple steps and processes to ensure that valuable data and belongings stay in place. Managed Security Service Providers (MSSP) provide an organization with network security services that are capable of protecting multiple systems and devices while ensuring surrounding systems are not harmed.

SecurityHQ is a MSSP company that functions globally, helping a diverse range of businesses identify and fight against threats instantly. They work with companies in a way that makes them a valuable security partner, acting on behalf of an organization to alter and fight against probable threats. They bring so much more to the table by giving a company access to an army of analysts that work alongside it, becoming a part of the team 24/7, 365 days a year. This Global Security Operation Center guarantees peace of mind by granting personalized advice and complete visibility.

SecurityHQ utilizes their award-winning security solutions, teams, knowledge, and unprecedented capabilities to accelerate organizations and simultaneously reduce risks and overall security costs.

Founded in 2003, SecurityHQ has continued to grow and expand, establishing itself as one of the most advanced MSSP companies spread across multiple countries, including the Americas, Australia, India, the Middle East, and the United Kingdom. Since their inception, their mission has been driven by reducing some of the greatest risks that involve the digital, data driven world by providing visibility, response capabilities, risk reduction, assurance, and more.

CIO Bulletin had the opportunity to talk to Feras Tappuni, CEO and founder of SecurityHQ, about the company’s cybersecurity solutions and struggles in the United States.

Q. One of your largest operations is in the United States; why is SecurityHQ focusing on the U.S. market?

The US market, as a business, is the largest market in the world for cyber security services. They have the largest companies as well as the most companies. From a business point of view, it’s an obvious choice, but what we have noticed within the U.S. market, when doing research there and looking at our competitors, is that, sadly, a lot of the U.S. customers are merely getting an alerting service. There is no remediation, no real value, and frankly, buying a service like that seemed to have little to no purpose. We saw this as an opportunity for SecurityHQ to provide our value proposition with how we do Managed Security, and I am glad to say we are doing really well. Customers in the U.S. are seeing the value, the full lifecycle, and how SecurityHQ is doing it differently. We are the one stop shop for real cyber security; we are not just an alerting service like the majority of services currently available.

Q. How does SecurityHQ manage to stand out from the crowd?

The mission of SecurityHQ is to become the leading independent global MSSP. We are currently one of the big ones. What I mean by leading and independent is that our technology and innovation are at the forefront while we are able to take a course of action alone. It is safe to say that cyber security is all we do. We are not one of the big four, which also provide accounting, management consulting, risk mediation, and so on. No, we purely provide Managed Security Services, and that is all we do. All of our attention is on this. We are experts in our field because, from the board of directors to the new intern coming in, that is all we specialize in and focus on. We live and breathe cybersecurity.

Q. How do you maintain your affordability and profitability?

With scale, we are very conscious that this is not for high-end defense organizations or people with unlimited budgets. That is not who SecurityHQ works for. I like to term it as the street, in that we work and live on the street, and our offering has to match that. There is no such thing as an unlimited budget at SecurityHQ.

Q. How do you train the employees and educate them about your cybersecurity solutions?

A cyber security professional will always want to be innovative and cutting edge. They are always the first to market with respect to things like AI, SOAR, and new technologies. The things you see in the news, our teams have generally been working on for over a year, sometimes even two years, so to put it plainly, the leading cyber security professionals that we have within SecurityHQ like to push the boundaries.

In addition, we have the SecurityHQ Academy, where we have not only a teaching forum with hundreds of courses available, but also our teams are out in the real world sat next to L3s and L4s and learning from them, teaching them how to handle incidents, how to use the tools, how to handle alarms, how to go into automation, as well as how to work in the DevOps team, the Content team, and the Infrastructure team. There are so many teams within SecurityHQ that if you have a preference or specialty, it could easily be accommodated. It makes great business sense because it is cheaper than recruiting, you don’t have retention issues, and it’s a great motivator for people to stay in the business as they pursue personal development and enhance their skills. It’s a win for all parties involved.

Q. What is the level of awareness in the US? Are companies struggling to identify their needs in cybersecurity?

We get customers calling us every day and saying that their current provider is just not working for them, that they are just drinking from the fire hose, and all they are getting are alerts with no one to tell them what to do or how to do it for there to be any impact. To put it bluntly, a true 24/7 service is completely lacking. What we at SecurityHQ mean by 24/7 service is eyes on the glass, which means humans on the glass every minute of every day. On a Sunday morning or a Friday night, our team is present and attentive. You are guaranteed to receive a full SOC service rather than an automated one.

Q. Why do you think industries seem to struggle with the most in terms of security in the US?

All industries are struggling in some form or another. They are either struggling with compliance, the complexity of the threats, or the complexity of the attacks. However, I think the medium sized businesses that are just entering the requirements for a 24/7 service lack some understanding of the space, and that seems to be the most concerning. However, since they are just entering that space, there is a lot of scope for them to be educated as needed. As for companies with digital transformation and where they are going with the cloud, their understanding of new technology is just not there. The majority of companies struggle due to the lack of availability of people and, more specifically, the access to skilled people. At that scale, most clients and individuals come to SecurityHQ for just that.

Q. How is Cloud security impacting the overall Security of businesses in the US?

This is a new set of technologies and, in some ways, even a new language. For instance, if you are with AWS, you are talking about S3 buckets and Kubernetes; this is very new in contrast to traditional IT perimeter controls and firewalls, etc. Ultimately, it is logging and traffic, and the rules are still the same with respect to that, but the fact that your infrastructure is now hosted in the cloud means it needs slightly different handling and a slightly different toolset. However, the principles of detection and response remain the same.

SecurityHQ’s Managed Defense provides the capability to detect and respond, whether it is on premises, in the Cloud, or on endpoints (including threat intelligence). It is a highly sophisticated capability, backed by people, so that you have the comfort of knowing that all assets are logging and detecting, and you have the capability to respond should there be a threat or vulnerability.

Q. What does the future hold for your company and its customers? Are exciting things on the way?

The exciting thing for SecurityHQ is that what we did 18 months ago is not what we do now. Innovation and the changing landscape are generally driven by what customers want, and that is really important to us. It keeps us on the cutting edge. As SecurityHQ is a global business with offices all over the world, including in South Africa, Australia, India, the US, Middle East, and more, just watching those individual teams flourish individually is fantastic. Additionally, seeing how we work as one is remarkable, and I can’t see that changing; it’s just going to keep growing.

A brief biography of the CEO

Feras Tappuni is the CEO and founder of SecurityHQ and is responsible for overseeing all the technical and financial aspects of the company. He attended and completed his Bachelors of Science in Engineering at Alliant International University. With over 25 years’ experience, he has dedicated his life to cyber security and is driven by the desire to offer his clients the highest degree of protection against today’s cyber threats. Feras has delivered complex security and engineering projects to prestigious clients globally. By harnessing the right technology, processes, and people, he ensures that SecurityHQ delivers a truly enterprise grade experience.