With the ever-increasing attacks targeting organizations’ data and networks, a secured IT infrastructure has become more important than ever. As a global compliance leader, Specialized Security Services, Inc. (S3 Security) assists organizations with developing and maintaining truly secure environments without limiting business growth. The key to their success is developing an understanding of each clients’ unique business, culture, environment and staff.
Founded in 1999, S3 Security bridges the gap between their clients’ business goals, cyber security needs, and compliance requirements to become a trusted and valued security partner for life.
S3 Security develops and maintains custom-tailored cyber security programs, to elevate security to where it belongs—top of mind and top-down. For over two decades, this expert team has successfully assisted organizations with the implementation and oversight of their information security, privacy, and regulatory compliance programs. In fact, the company’s proficiency dates back further than the most recognizable security compliance assessment, the Payment Card Industry Data Security Standard (PCI DSS), which was established in 2006. Prior to this, S3 Security conducted payment card data security assessments, directly for the payment card brands themselves.
This breadth and depth of experience gives S3 Security a unique perspective that enables them to provide trusted advice and project management in all areas of cyber security, information security, and compliance including PCI, NIST, GDPR, ISO, HIPAA, CCPA and HITRUST to name a few.
A Conversation with S3 Security’s Senior Vice President, Hank Edley
Hank Edley is the Senior Vice President (SVP) of Cyber Security Compliance Services at Specialized Security Services, Inc. Hank utilizes his decades of experience in consulting and assessing complex networking environments for Fortune-ranked companies to lead his talented team of Cyber Security Assessors. Together, they assist clients of all sizes and with multiple payment channels in completing cyber security assessments across many frameworks.
In an interview with Insights Success, Hank sheds light on how S3 Security is helping businesses elevate security to where it belongs- top of mind and top down.
Below are the highlights of the interview:
What led to the inception of Specialized Security Services, Inc.?
The CEO, Mitchelle Schanbaum, founded the company with her husband Scott Schanbaum at the request of their clients in 1999. At that time, the industry was brand new and experiencing dramatic growth and change. The couple had worked for other technology firms that were going public, going under, being bought, and sold.
Mitchelle describes how one year they had six different W2’s but had never actually changed jobs—that’s how many times their department changed hands. In fact, it was after the company they worked for went under, while going public that they made the decision to launch S3 Security. Mitchelle and Scott had succeeded in establishing strong relationships with their clients, who encouraged them to open their own business. Their clients trusted them as their cyber security advisors and wanted to work with them, regardless of what company employed them.
And that’s how S3 Security was founded—based on relationships, expertise, and partnership—all of which have lead to the company’s success and are still prioritized today.
Relationships and partnership. How do these influence the way S3 Security does business and how do clients benefit?
Client relationships and client success have been foundational to S3 Security. Our focus has always been to provide value and work together to assist clients in achieving their security goals. This approach is mutually beneficial because our clients’ success equates to S3 Security success and results in long-lasting partnerships.
The company takes an active interest in our clients, getting to know the people, their environment, and business priorities. Our team actively looks for ways to contribute at a higher level by collaborating with our clients to develop long-term security and compliance strategies. But we don’t stop there. We continue to assist and provide guidance through their life cycle.
Building this relationship means our clients receive the benefit of our expertise and time assisting with setting short and long-term strategic goals and regular monitoring and measuring. But it also allows us to provide meaningful recommendations, based on the deep knowledge that is developed of the client’s business, environment, and controls over time. As a result, we become a valuable resource when direction or targets need to be adjusted. Our clients include us in not only the execution of current initiatives, but also in the planning of new ones.
How does S3 Security sustain this in the current unpredictable market amongst hectic competition?
The company does not waste much time looking around at its competition—or worrying about what everyone else is doing. It prefers to focus its gaze forward—on the clients and the industry as a whole. This approach has allowed S3 Security to prioritize what truly matters-our clients and our people. Focusing on those two things truly sets us apart, and has never steered us wrong.
How do the company’s solutions differ from the competition?
Our solutions are based heavily on our Service Delivery professionals. We have been working together as a team for over 15 years, and our collective cyber security and compliance experience spans more than three decades. We bring continuity as well as shared knowledge, experience, and an exceptional level of collaboration to each client relationship. When clients hire us, they gain access to an entire team of professionals with a broad depth of experience rather than being limited to that of one or two individuals. This access and perspective truly differentiates S3 Security from other companies and contributes significantly to the collaborative partnership environment.
How has S3 Security handled the challenges of the past year and the pandemic impact?
Challenges always present opportunities. It is easy to be a trusted client advisor when times are good. The past year has certainly been challenging; however, when things are tough you really find out who your friends and partners are, both personally as well as professionally.
We are proud to have provided creative solutions and remained flexible to help our clients navigate the business impacts and challenges of the last year. S3 Security is based on service and being that trusted partner to our clients through the best and worst of times. From that perspective, this year was no different—except it gave us the opportunity to demonstrate our commitment and distinguish ourselves in the process.
How do you meet the current cyber security challenges with such a shortage of qualified personnel?
Staffing challenges in this industry are always present, even in the best of times. In recent years, the demand for cyber security professionals has certainly outpaced the supply and that trend is only forecasted to widen. Many clients have open roles that remain unfilled for long periods of time, leaving gaps in their teams both in terms of knowledge and capacity to address all critical needs.
Traditionally, the cyber security industry has identified and targeted established and experienced professionals with highly technical backgrounds. When organizations cannot find them, they will often reach out to companies like S3 Security to provide assistance with projects left unfilled.
S3 Security is well suited to meet this need for our clients, stepping in with our experienced professionals and providing the talent and manpower to assist as needed; however, even we are forced to acknowledge there is a significant shortage of qualified candidates to fill necessary positions.
We embrace this opportunity by taking a multi-faceted approach to build a client service delivery team.
- One option is recent college graduates. There are advantages to recruiting fresh talent from universities. While lacking industry knowledge and years of service experience, these hires are well versed with current technologies and software to modernize assessments and bring fresh outlooks and approaches to the team.
- The other option is to hire transitioning professionals. S3 Security recruits top cyber security professionals as mentors and then pairs them with other talented industry professionals who have business experience but are interested in transitioning to a career in cyber security. The result is a respected group of professionals who can both provide the trusted cyber security guidance they expect from S3 Security and also understand our client’s perspective and business challenges.
This multi-faceted approach gives our clients the benefits of a diverse team of experts with a broad background in both business and cyber security. S3 Security can provide that trusted insight and guidance to our clients because we understand their challenges and can link the pieces together.
In fact, this methodology has been so effective that our clients have reached out to us to assist them with fulfilling key positions on their teams as well.
How are your company’s solutions changing with the advancement in technology?
Having been in this industry for over 20 years, I have seen many changes in the IT security assessment landscape, which is constantly evolving and growing to address the latest security risks.
At S3 Security we try to proactively anticipate the needs of our clients, and therefore, spend a lot of time planning what assessments of the future will look like.
We regularly ask ourselves, how do we meet the future assessment needs of our clients? Today many clients are required to complete a variety of security assessments as part of their program. Many feel stuck in a constant cycle of starting, working on, or wrapping assessments for various frameworks, treating each one separately and performing them one by one. What used to be a manageable assessment schedule for one or two frameworks has expanded significantly, with some clients juggling numerous assessments all year long, taxing resources and causing many companies to reach a breaking point.
It’s like being trapped like Bill Murray in Groundhog Day, reliving the assessment schedules over and over in a never-ending loop, despite many frameworks evaluating similar security controls.
We did not get here overnight; it has been building for some time but has accelerated with the rapid expansion and impact of privacy regulations across the globe. As more and more assessments become standard regulatory requirements, there has to be a better way, to achieve compliance.
This is why S3 Security has been working with our clients to bundle assessments, to transition operationally to a common control framework and to modernize our assessment process, gain efficiency, reduce business stakeholder impact, and leverage automation technologies.