the steps to choosing a cybersecurity vendor


(by Oana)

If you think working in cybersecurity is cool then working in cybersecurity in a company with 140,000 employees is even better. Hackers never sleep and they are targeting everybody 24/7. By everybody I mean also, of course, you.

Yes, if there is something I learned while working in the awesome cybersecurity team at Engie, is the fact that hackers are not considering the color of your hair, your height or your religious beliefs. If you are connected to the internet or use devices that have been connected to other computers (like a USB stick) you are a target. I am not trying to be pessimistic here, there are also many ways to protect yourself, ways about which I have also learned from the Engie cyber threat squad.

Other than that, I have already started working on the main internship subject. Doing a market research on a competitive sector like cyberthreat intelligence products and services is not an easy task. Besides having to really know the company and the tools used, you also have to understand the current and future needs.

Communication is a key aspect since different answers are known by many different people.

After setting the requirements, the next step is creating a needs and a wants list.
The needs list should be very brief and should consist only of the features absolutely necessary in the product.
The list of wants should be much broader and be ordered according to the importance.

After the budget is set, the next step is researching through many potential vendors and their products, while always having in mind the selection criteria previously set. Besides the many technical aspects, the credentials of vendors, certificates and previous performance also need to be taken into consideration. All the vendors and criteria must be evaluated into a scoring matrix which will result into finding the semifinalists.

The next stage is the most interesting since you get to have direct contact with the providers: interviews are set, free trials are offered, products are tested in order to eventually select the winner.

That is more or less the process when selecting new products in a cybersecurity department. Besides having to interact with other cybersecurity professionals like incident response or forensics, you also have to assess needs, research, analyse and contact vendors for a first-hand experience with the product. And if you ask me, it can't be done better than within a company this big. That is all for now, à la prochaine!

Engie team-selfie at Fontainebleau