NormCyber: enterprise-level cybersecurity for the midmarket
As the digital transformation of organisations across every sector increases, so too does the cyber threat landscape and risk of a serious data breach. The adoption of new and innovative technologies, the greater use of data and, more recently, the shift to remote working as a result of the global COVID-19 pandemic, mean that the development and implementation of an enterprise-level, robust cyber security and data strategy is crucial.
This is where NormCyber enters the equation. The business, which was founded in 2013, offers a leading portfolio of Cyber Security and Data Protection as a Service products for mid-market businesses. These services are driven by three core ‘protection pillars’: people, process and technology. Pete Bowers, is Chief Operating Officer (COO) at the company, having joined at the start of 2020. Prior to this, Bowers accumulated a broad scope of cybersecurity and technology experience that enables him to drive the NormCyber proposition.
The approach to security and data protection has grown exponentially across the board, he explains. “Over my career I’ve spent time on both the supplier side - so, working for a managed network services business providing technology solutions - and the customer side, running a small consultancy. It made me aware of the gaps that exist between what service providers want to sell and what customers need or consume. I saw NormCyber as a great opportunity to put that knowledge into practice, having that experience of multiple businesses and the deployment and strategy around technology verticals was invaluable.”
NormCyber provides its services across two areas: Cyber Security-as-a-Service and Data Protection-as-a-Service. On the former, Bowers explains that “we offer a comprehensive proposition for mid-market customers that meets all their cybersecurity challenges. The cyber threat is exploding, particularly over the last three or four months, and businesses in the mid-market – with a turnover of between £10mn and £250mn - are typically under provisioned both from a technology and cyber security perspective. Cybersecurity skills in particular, such as those that we offer, are often pretty hard to come by and can be expensive for these companies.
“With that in mind, we offer a holistic solution that addresses all areas of cyber security and protects businesses across the three pillars of people, process and technology,” he continues. “It’s a single solution that certifies businesses to crucial security certifications, we train and test employees to build out the ‘human firewall’ to enable them to be more cyber aware, and we deploy technology solutions that highlight vulnerabilities and provide real protection across the business wherever its IT assets may reside. It’s a service that overlays any existing technology investments, which is really important when businesses are going through rapid digital transformations. We don’t change any of those broader, strategic decisions, we sit around them and act as the eyes and ears. Customers can take the service as a whole package or as modules on a subscription basis for as long as they want. On the data protection side, we work with customers to ensure they operate within the GDPR regulations, that they are compliant but also to help them to grow by developing and implementing good data protection standards that allow a business to demonstrate that it can be trusted with customers’ private and personal data. We bring all these components together through our multi-level reporting and online Visualiser to clearly demonstrate to a Board, management team and technical team how protected the business is and where it can improve.”
These two areas are becoming increasingly important to businesses largely due to three key drivers, says Bowers. There is, for example, increased pressure from regulators, investors and customers to ensure that businesses have effective measures in place. Businesses are also becoming increasingly aware of the threat and potential impact of an attack. They therefore want to protect their business but also grow it by demonstrating that they can be trusted with confidential data and that they take information security seriously. Or, unfortunately some businesses, particularly recently, only realise after the event that they need to address the challenge. Which means that they have suffered a cyber breach, and therefore need to implement the necessary measures and controls to mitigate and manage not only the current impact but the possibility of it happening again.
NormCyber works with clients across a broad range of industries, including CRU Group, a leading business intelligence provider in mining, metal and fertiliser commodities. “We’ve been working with CRU for over three years,” says Bowers, “and they are very much a business focused on developing innovative products and services which are founded upon technology. Having that focus means that any supporting or operational activities, such as those services that we provide, are commissioned out to experts in their respective fields. We provide a fully outsourced cyber security and data protection service that addresses every aspect of CRU’s cyber strategy, including user training, network, cloud and endpoint protection, ongoing penetration testing and vulnerability management, as well as data protection services. For a company as geographically dispersed as CRU is, and which needs to maintain control and have visibility over so many endpoints, having the peace of mind that we provide is essential.”
Understandably, providing such an essential service requires the fostering of a close, collaborative relationship, says Bowers. To this end, NormCyber acts as a trusted adviser, he notes, which extends to providing expertise and knowledge more broadly where appropriate. “We work with CRU on providing cyber security and data protection services, but also on digital transformation in a wider sense. When you work in cyber security, and you look at the technology experience across our business, then you’re able to provide guidance and advice on certain business decisions and considerations, which means we can give added value to customers too.”
Such an approach stands NormCyber in good stead for both continuing to strengthen existing relationships, such as that with CRU, and to take advantage of opportunities as the market develops. On the first, Bowers believes the relationship with CRU will continue for many years. “For us, it’s all about ensuring we are with customers at every step of their journey, bringing in the right services when they are needed and protecting the business into the future. More broadly, I think that we’re well placed to deal with any disruption or change brought about by COVID-19, both for us and our customers. We’re able to bring the right services when they are needed, and we’ll continue to develop that package further to meet future needs.”
Dark Wolf: accelerating security for USAF
As a small company whose biggest customers are the Department of Defense and the Intelligence Community, Dark Wolf Solutions (Dark Wolf) is a triple-threat, specializing in Cybersecurity, Software and DevOps, and Management Solutions. Dark Wolf secures and tests cloud platforms, develops and deploys applications, and offers consultancy services performing system engineering, system integration, and mission support.
The break for Dark Wolf came when the Department of Defense decided to explore software factories. Rick Tossavainen, Dark Wolf’s CEO, thinks it was an inspired path for the DoD to take. “It was a really great decision,” he says, “Let’s pull our people together as part of this digital transformation and recreate what Silicon Valley startup firms typically have. Let’s get into commercial facilities where we have open windows and big whiteboards and just promote ideation and collaboration. And it creates this collaborative environment where people start creating things much more rapidly than before.”
It has been, Tossavainen says, “amazing to watch” and has energized the Federal Contracting Sector with an influx of new talent and improved working environments that foster creativity and innovative ways of approaching traditional problems.
“We originally started working with the US Air Force about three years ago. The problem was at the time you could develop all the software you wanted but you couldn’t get it into production – you had to go through the traditional assessment and authorization process. I talked to Lauren Knausenberger and she told me about Kessel Run and what eventually came out of this was the DoD’s first continuous ATO [Authority To Operate].”
The secret to Dark Wolf’s success – and its partnerships with USAF and Space Force – lies in a client-first attitude. “We’re not looking to maximise revenue,” Tossavainen explains. “We tell all of our employees, if you’re ever faced with an issue and you don’t know how to resolve it, and one solution is better for the customer and the second is better for Dark Wolf, you always do number one. We’ve just got to take care of our customers, and I look for other partners that want to do that. And let’s work together so that we can bring them the best answer we can.”
Rapid releases and constant evolution of software are common themes among USAF’s partners. Like many firms operating in the commercial and public sector spaces, Dark Wolf leads with a DevSecOps approach.
“Failure is tolerated,” says Tossavainen. “If it’s not going the right way in three months, let’s adjust. Let’s rapidly change course. And you can tell really quickly if something’s going to be successful or not, because they’re doing deployments multiple times a day – to the customer.”