Unfortunately for those responsible for protecting critical infrastructure such as 9-1-1, Cybersecurity can be a very complex topic.
I would like to provide part of a recent LinkedIn post by Chris Roberts :
“Starting with the simple stuff: Know thyself: Why are you looking? (Proactive, Understanding or Oh-Sh*t moment) What are you looking for? (Product, partner, consulting, advice, etc.) What do you want to achieve? (Advisor, solution, easy-button?) How to achieve? (Advisor, recommendation, RFP, cheapest, brightest blinky sh*t?)
Knowing the basics, about WHY and WHAT are crucial. There’s 1200 or more vendors EACH explaining they can solve YOUR problem. If you go in NOT knowing what you are trying to do, you’ll get eaten alive. So, let’s look at WHAT you might want to solve, or at least mitigate, because we ALL know there are NO absolutes in the solutions industry.” END QUOTE
There is a national shortage of skilled talent- so if your familiar vendor suddenly offers cybersecurity (a really broad statement) and tells you they can solve your security problems, (product, service, both) you may want step back.
We are beginning to see companies start their dialogue by conducting an interview using the NIST Risk framework, which can provide a view of your current state. Simply signing up for a monitoring service where staff somewhere are looking at your data/network and doing something may not be the entire solution you need.
btw- I’m still looking for these: