How N‑able can be your security partner

First, welcome to the new security resource center for N‑able. We’re excited to have an area where we can share security-related information with our partners. I’m Dave MacKinnon, chief security officer for N‑able, and my role, simply put, is to ensure that we keep our organization, our partners, and their customers’ data safe. I’ve spent the past 20+ years in security—working in both the enterprise and vendor space—and I’ve had the opportunity to hold a number of roles throughout my career. One of the questions I get asked pretty regularly is how I got into security, and what was my path to CSO.

The quick answer is that I didn’t get into security—security found me. I went to college for IT with a focus on networking and systems administration, so when I graduated, I fully expected to end up in that field. During my job search, I received a call about a SOC analyst role with a startup, and since I had no security knowledge or background, the hiring manager asked me about my IT knowledge. I discussed my internships in college and showed some samples of Perl I had written (don’t judge, it was a long time ago). They offered me the opportunity to join their SOC from 6 p.m. to 6 a.m., Thursday through Saturday, and every other Wednesday—humble, but valuable beginnings. I spent nights working tickets, investigating threats, and reading a lot (thank you, Hacking Exposed, for teaching me offensive security). I learned two things: I loved security; and I didn’t like overnight shifts.

What are we protecting?

As my career has evolved, and I’ve had the opportunity to work across various organizations, those foundational learnings have stuck. One of the first things I ask when starting a new job is, “What are we protecting?” The question is simple, but I’ve realized the answer often is not. I’ve heard responses be everything from the network to data to users. I’m not asking to understand the maturity of the security program, I’m asking to understand what matters most to the business.

As I’ve transitioned into the MSP world, I believe this question to be even more relevant—not just for N‑able, but also our partners. You’re wearing a lot of hats for their customers. You’re the trusted advisor, providing services critical to their success. At the end of the day, security is about quantifying risk and helping your customers, both internal and external, understand the steps they should consider taking to minimize that risk to the organization.

I know you may be thinking, this sounds easy, but it’s far more difficult to do in the real world. And I totally agree. Nobody can magically have great security—it’s something you iterate through and grow that maturity over time. Over the next few weeks, I’ll be releasing a series of blogs on this topic. My goal is to help lay the groundwork in a few areas to assist you in how to:

1. Identify a manageable scope and help define an organization’s security risk tolerance
2. Understand the basics of threat modeling as it relates to protecting those critical assets
3. Map incident response processes and planning to ensure when an event happens, you’re prepared
4. Test your planning through tabletops to identify areas for improvements

My goal is to help you understand how N‑able can be your partner in ensuring we’re all as secure as possible. To quote my good friend Will, “We’ll iterate to awesome.”

Dave MacKinnon is Chief Security Officer at N‑able. You can connect with Dave on linkedIn here