Cybersecurity used to be a term used only by solitary employees in offices down two flights of stairs from ground floor. Now everyone from the humble IT engineer to the top of the C-Suite are grinding their teeth at night about this once-esoteric term.
It’s not just about a data breach either. For many companies who serve in high-risk industries like government or healthcare, accessing new revenue streams are contingent on being able to demonstrate compliance with standards for would-be customers.
With $ hundreds of thousands or even millions on the line, it’s no wonder that the once-hidden discipline of cybersecurity is now top-of-mind all the way from the basement to skylight offices. Without some sort of solution, cybercrime is and will remain at the top of people’s priorities for the foreseeable future, despite most professionals wishing that they could focus on other things.
A Manufacturing Company With $ Millions On The Line
Wozniak Manufacturing knew what was at stake with cybersecurity and compliance when they came to us.
Wozniak is a mid-sized manufacturing company with three divisions and four locations in the continental USA. They provide forging, stamping, fabrication, precision machining and other services to a global market, and they recently decided they were ready to start bidding for government contracts.
Manufacturing falls under the category of Controlled Unclassified Information (CUI), and the department of defense requires compliance NIST SP800-171 to be able to bid for and win government contracts.
Wozniak wasn’t even close to compliant with these standards, and their internal team was too busy and their environment too unstable to tackle these compliance standards on their own.
For example, they had legacy technical debt which wasn’t being properly maintained or updated. Legacy processes lacked an established control process, and few of their infrastructure management tasks were automated, so patching, asset inventory and auditing were being done at random and by hand.
This lead to an internal team that was stretched too thin. As hard as they tried, they couldn’t keep up, let alone think about moving toward the compliance standards needed to tap into the governmental revenue.
We were really struggling with having the internal bandwidth and expertise to have a strong and secure environment across our headquarters and our divisions. Model worked seamlessly with our teams to make sure we had higher security and proof of compliance.Matt Kelly – CFO of Wozniak Industries
Despite having $ millions at stake, the leadership at Wozniak were still (understandably) hesitant to move forward with our vCISO services. Budgets are tight in IT, and they needed further proof investing in our CISSP-led cybersecurity program had significant value in lieu of letting their internal team take care of it.
To help them make the decision, Wozniak hired a third-party consultant to assess the possible progress toward their cybersecurity goals with or without us on their team. After analysis, the consultant recommended they move forward with our services.
There were a lot of strong firms, but Model was a no-brainer to pick. They really understood our business, our needs, and really were able to demonstrate quickly how they could integrate with us and not feel like an outsourced company but feel like they were part of the Wozniak team.Matt Kelly – CFO of Wozniak Industries
Creating & Implementing A Custom Roadmap for Wozniak
Once the contract was signed, our work began. Our first step was to create a comprehensive picture of Wozniak’s current and ideal state. Using our award-winning vCISO portal, we did a full assessment of their environment to determine their level of SPRS and NIST SP800-171 compliance.
Their original security posture score was at a 1.9 out of 10 and they were 0% NIST compliant.
Next, we created a plan for how to get from where they were to where they needed to be. Whenever we work with a new company, we come up with what we call a “mutually beneficial roadmap.” This roadmap brings together the client’s preferences with our expertise to create a plan of what tasks to focus on, what processes to use, and which tech to leverage that creates the best experience for everyone.
We decided to start working primarily toward NIST compliance first. Using the powerful features of our vCISO dashboard, we customized lists of tasks that were required by Wozniak to be compliant, rated them by critical severity, and prioritized which tasks to accomplish first.
Our vCISO portal accomplished all of this without Wozniak’s internal team needing to translate complex cybersecurity information into tangible projects and goals.
I’m really impressed with the portal that we use with Model. From a high level, it helps me understand what our biggest issues are, the biggest risks and concerns, and where we should be focusing our time and energy to meet our security goals. From a tactical level, it also helps the IT team to understand what has to get done to hit those strategic initiatives.Matt Kelly – CFO of Wozniak Industries
We decided to focus on Change & Configuration Management first. In any secure environment, any time that you make a change or update to certain computers, specifically if the change adds a vulnerability, you have to account for the change in a log.
Wozniak had no change & configuration logs we began, but through our vCISO dashboard and the guidance of a dedicated CISSP, they were able to create the needed logs and processes to check off a majority of the requirements quickly.
Once we finished there, we continued supporting them to make high-impact, low-labor changes.
40% Compliance Achieved In Just 8 Months
In just eight months of working with Wozniak, we helped them achieve over 40% NIST SP800-171 compliance and make significant strides towards being ready to bid for government contracts. Their SPRS score went from 1.9 to 3.5 from December 2022 to July 2023, and in that same time frame they achieved 41% compliance with NIST SP800-171.
All in all we helped them accomplish 80 tasks and put in place 31% of controls needed to achieve their goals.
Because of these results, the C-Suite no longer needed external proof of our value to their company. We’re now a trusted partner for Wozniak from the help desk to the executive meeting room, and their whole team feels confident to come to us for help achieving their cybersecurity and infrastructure goals.
A Trusted Partnership: Into Cybersecurity And Beyond!
As a trusted partner, we continue to help Wozniak with everything related to cybersecurity and infrastructure too.
We recently performed a vulnerability assessment on their public-facing systems to identify risk and set up automated patching on their servers. We found they weren’t managing their endpoints, so we helped them to enroll 114 devices into Microsoft Intune. 90% of their devices are now in a managed state.
On those devices, we helped them set up policies for antivirus and malware protection. They are now notified when a security event occurs, and they are now actively catching and preventing malware attacks in their environment.
We also placed modern management on Wozniak’s roadmap. Modern management is an entirely new paradigm for managing devices which will eventually remove the need for most manual work through automation, which means managing their environment will be significantly easier and less time consuming for their internal team.
Better Cybersecurity = Better IT Across The Board
In less than 8 months, we helped Wozniak get nearly 2/5 of the way to achieving their compliance goals, manage their devices, and get on the path to modern management. That’s just the beginning. The power of focusing on cybersecurity is that in the process of securing your environment everything else improves as well.
Cybersecurity controls touch many other areas of IT. When controls are put in place, it also introduces automation, improves efficiency, creates a better user experience, and can – as Wozniak is soon to experience – open up new opportunities for revenue.
Though they still have a ways to go, Wozniak is becoming a more secure company and reaping improvements in efficiency and team culture as they do. They’re on their way to a huge new revenue stream, and they sleep better at night knowing that these tasks are being guided and implemented by our team of CIOs, CISOs, and infrastructure engineers who they can trust to help them manage and secure their environment with ease.
For me, as somebody that’s very concerned about internet security, I love that I can go to bed at night knowing that I have model meeting these needs…Thank you Model…I look forward to continuing to work with you for years to come.Matt Kelly – CFO of Wozniak Industries