As we recently pointed out in Cyber Security Visibility Still Isn’t What It Should Be, especially with the adoption of a cloud-first mindset, the challenge most companies now face is failing to understand their entire attack surface. This challenge has metastasized. Permissions granted before lockdowns may have persisted without appropriate controls in place. The time has come to once again assess where the weak spots reside.
Co-Founder and CEO of Sevco Security J.J. Guy joins co-host Andy Bonillo on Episode #184 to remind everyone that compromise is inevitable and that we need to get back to the basics. J.J. dives into how the lack of IT hygiene is at the core of many of the cyber security problems we face today and the latest trend of CISO’s getting tasked with running IT Operations. He also talks about the genesis of NIST CSF and how it was influenced by the US Air Force phrase “protection, detection and response.” The show ends with J.J. giving his advice to those who are transitioning from the government.
How to Start a Cybersecurity Company
How to Start a Cybersecurity Company- Start with the basics if you’re thinking about starting a cybersecurity company. To ensure your success, make sure you have the necessary credentials, money, structure, and business strategy.
It’s no wonder that cybercrime is on the rise in an increasingly digital society. The cost of doing business is also increasing. According to a 2019 IBM research, the typical data breach costs $3.92 million.
Because of the enormous financial risks, cybersecurity services are in high demand. Large corporations can afford to hire cybersecurity experts. Small and midsized organisations, on the other hand, can rarely afford full-time cybersecurity staff.
This is where your cybersecurity knowledge may be turned into a profitable security solutions company.
You can assist these smaller businesses in avoiding cyber hazards such as data breaches, cyberattacks, malware, phishing scams, and other online concerns.
Businesses are paying $150 per hour or more for experienced cybersecurity consultants to help defend systems and networks against cybercrime, according to PayScale statistics.
If you’re considering launching a cybersecurity company, you can put your abilities to work and get a piece of this lucrative market. But first, you should create the framework for a successful business by following these steps.
Get the Right Professional Certifications
Someone must trust you to complete the task correctly before they will hire you. A bachelor’s degree in information technology, computer science, or a related discipline indicates that you have the necessary skills to launch a cybersecurity or IT-related company.
However, degrees do not provide the practical experience that clients seek. Certifications are another technique to establish credibility and demonstrate that your talents are useful and relevant.
Here are a few of the most well-known cybersecurity certifications:
- Certified Ethical Hacker Certification: The EC-Council issues this certification to cybersecurity professionals who test networks or systems and look for security weaknesses. The exam costs $100 and takes around four hours to complete. It has 125 questions.
- GIAC Security Essentials Certification (GSEC): This certification is offered by Global Information Assurance Certification (GIAC) and validates the information security knowledge of IT professionals. It takes roughly five hours to finish the test, which includes 180 questions and costs $150.
- Certified Information Systems Security Professional (CISSP): (ISC)² issues the CISSP, which shows your ability to design, implement, and maintain an effective cybersecurity programme and security systems. The exam is limited to 150 questions, lasts three hours, and costs $699.
- Certified Cloud Security Professional (CCSP): The (ISC)² also issues this certification, which shows potential clients that you have the skills to design, maintain, and secure cloud data, applications, and infrastructure. This exam costs $599 and takes four hours to complete. It has 125 questions.
- CompTIA Cybersecurity Analyst (CompTIA CySA+): The CompTIA CySA+ exam assesses candidates’ threat detection skills, ability to analyse and interpret data, and ability to find security issues. The exam lasts just under three hours and includes up to 85 questions. It costs $359.
- ISACA’s Certified in the Governance of Enterprise IT (CGEIT): The CGEIT certification demonstrates test-takers’ ability to audit, control, and secure information systems. The exam costs $760 for non-ISACA members and $575 for ISACA members. The exam is four hours long and consists of 150 questions.
- ISACA’s Certified Information Security Manager (CISM): ISACA also issues the CISM. This certification verifies that you possess the necessary technical skills to manage information systems and IT security. Nonmembers will pay $760, while members will pay $575. It has 150 questions and will take you four hours to finish.
While skills and certifications are important, they are only one part of a successful cybersecurity startup strategy. You must also develop and implement a business plan.
Develop a Business Plan Tailored to Cybersecurity
A business plan serves as a foundation for your company. It should include information on your company’s structure, strategy, goals, and budget, among other things. The Small Business Administration (SBA) of the United States has put together some helpful guidelines for what should be included in your business plan:
- an executive statement that explains your cybersecurity business and why you think it will succeed
- a thorough description of your business
- a competitive market analysis to define your target market and identify your competitors, who could be cybersecurity consultants or general IT service providers.
- your marketing and sales strategy your legal framework for your business the products or services you plan to offer your legal structure for your business
- your financial/budgetary strategy
- financial forecasts on when your business will be profitable
Let’s look at some of the important elements of this business plan in more detail.
Define Your Target Market and Analyse it
You must decide on the emphasis of your cybersecurity firm early on.
Some companies choose to become experts in a specific subject or industry. Do you wish to target a specific industry, such as finance or healthcare, for example?
Others prefer to specialise in a certain area of cybersecurity. Regardless of industry, they may desire to be known for their extensive knowledge of access control or network security.
This choice should be based on both your skills and a market analysis. You can spot possible opportunities if you know who your competitors are.
These essential questions have been identified by Inc. to assist you in evaluating the competition:
- Who are your current competitors?
- What are your competitors’ strengths and weaknesses?
- How are you different from the competition?
- How can you take market share away from competitors?
- How might competitors react when you enter the market?
A SWOT analysis, which stands for strengths, weaknesses, opportunities, and threats, can also be used. This is a tried-and-true approach of evaluating a business, product, or service in the market. It’s akin to conducting a risk analysis for your new cybersecurity solutions.
You must choose a legal structure for your business after deciding on a focus and researching the competitors.
Choose your Company’s Legal Structure
Your company’s legal framework is crucial. Everything from day-to-day operations to taxes and financial hazards is affected. Here are the five most prevalent business structures, as explained by the SBA:
- Sole proprietorship: This is the most basic form, and it’s also the simplest to set up because there’s really nothing to set up. It’s a firm conducted by a single person who files a personal tax return to record the company’s income and losses. Because there is no legal distinction between you and your business, you might be held personally liable for its debts and responsibilities.
- For businesses held by two or more persons, the most basic structure is a partnership. Profits are reported on personal tax returns by each individual. Limited partnerships (LPs) and limited liability partnerships (LLPs) are the most prevalent types of partnerships (LLP).
- Except for at least one general partner, most LP partners can have limited liability. Limited liability partners, on the other hand, have limited control. In an LLP, each member has limited liability and is protected from the partnership’s debts.
- L.L.C. (Limited Liability Company): A limited liability company (LLC) is a cross between a single proprietorship and a partnership. It restricts the liabilities of the owners and keeps your personal assets distinct from your firm. However, owners must record all business revenue and costs on their personal income tax returns.
- S corporation: An S corporation is a business that pays itself a salary and is responsible for all payroll taxes. Any residual earnings can be transferred as payments to the owner(s). The benefit is a lower tax rate on distributions, but there are more costs, requirements, and paperwork with this option.
- C corporation: A corporation is a separate legal entity that can make a profit, be taxed, and be held legally liable under this form. It can have an unlimited number of shareholders with limited liability for the company’s debts, but any earnings can be taxed.
Before deciding on a structure, consult with business advisors, accountants, and attorneys to determine which option is best for you.
Obtain a Business Licence, a Bank Account for your Firm, and a Credit Card for your Company
To launch your cybersecurity firm, you’ll need to check with state and local organisations to see what business licences or permits are required. Unlike many other professions, you don’t need a federal licence to work in this industry (yet).
Many jurisdictions will not offer you a licence unless you have general liability insurance. You must also maintain workers’ compensation insurance if you have employees.
You might be tempted to simply open an account with your personal bank when opening a business bank account. Not so quickly!
Consider fee-free bank accounts offered by internet, national, or local institutions. NerdWallet has a helpful guide to locating low-cost business bank accounts that will help you save money.
You might also want to think about getting a business credit card, which can help you keep your personal and business finances separate.
A company credit card usually has better conditions and limitations than a personal credit card. It will provide you with a revolving credit line and often includes benefits such as rewards points and cash back incentives.
Any small firm, regardless of its legal structure, can get a business credit card. However, sole proprietors and most new businesses’ credit scores will determine which cards and offers are available to them.
Secure Funding and Set a Budget
A variety of funding sources are available to assist you in getting your firm off the ground. You can look into loans, grants, and angel investors in addition to your own money.
These are choices that many cyber entrepreneurs pursue. In fact, according to a recent estimate, cybersecurity venture capital funding totaled $5.3 billion.
These investors advertise that they are looking for cybersecurity firms to invest in:
- Strategic Cyber Ventures
- ForgePoint Capital
- AllegisCyber Capital
- Cyber Capital Partners
- TenEleven Ventures
- Intel Capital
Setting and keeping to a budget is also crucial when launching a new cybersecurity company. The Balance has a wealth of money-management advice, including:
- Set sales revenue goals.
- Recognize your running costs.
- Keep an eye on your cash flow.
- Put money aside for an emergency fund.
Find the Right Location
Fortunately, businesses all across the country require cybersecurity services. Of course, Hawaii can only accommodate a certain number of cybersecurity specialists.
When determining where to set up shop, you should consider your start-up cash, whether or not you will need to hire, and the nature of your business. You have the following options:
- Working from home has a number of advantages for small business owners. There are no long commutes or workplace interruptions, and you have a better work-life balance. However, it can be lonely, and staying on track necessitates self-discipline.
- Coworking spaces: This alternative provides flexibility as well as a variety of perks and conveniences, as well as the workplace culture that working from home lacks. However, the predetermined hours, lack of solitude, and limited space for growth may not suit your needs.
- Buying or leasing an office: Having a commercial office space for your company provides tax benefits and fixed costs, but the initial costs can be high. This solution also lacks the flexibility of a home office or a shared workspace.
If you rent or lease a place, you’ll need commercial property insurance as well. This policy is usually included in the rental agreement and protects your company’s facility, furnishings, supplies, and equipment.
If you or your workers go to your clients’ locations to provide on-site services, you may need commercial auto insurance, regardless of where your cybersecurity firm is located. If you use your car for business, your personal auto insurance may not be enough protection.
Market your Services
Customers are the one thing that your company cannot exist without. And marketing is the vehicle through which they are delivered.
Consider hiring or outsourcing marketing to specialists in the sector if you don’t plan to do it yourself. You’ll require their assistance in launching your product, brand, and services.
Start with the basics before moving on to more advanced marketing techniques. A well-designed website is only the beginning for a cybersecurity firm.
Because your website is likely your most valuable marketing tool, you need to do it correctly. Make sure to stay away from these typical website blunders. You’ll also need to choose the correct domain name, design an appealing user interface, and optimise the site for search engines, among other things.
If you don’t want to perform the work yourself, your in-house or outsourced marketing can help you. If you’re willing to put in the effort, Google can be your best buddy.
Search engines and social media outlets can help potential clients locate your website. On networks like LinkedIn, Facebook, and Twitter, you can develop an active social media presence. Make use of these to market your company and to share cybersecurity news and articles. You could engage a content expert to assist you develop a blog if your budget permits it.
Offline marketing should be explored by cybersecurity companies as well. For any new business, networking is an essential asset. Conferences on cybersecurity provide excellent opportunities to network with possible partners and clients.
The top cybersecurity conferences are listed in Security Magazine. RSA, Women in Cybersecurity, InfoSec World, and the National Cyber Summit are all good places to start.
Carefully Draught Client Contracts
Always execute a customer service agreement before starting a new project. This contract should spell out your and your client’s expectations. Even if it wasn’t your fault, a failing project without legal protection can jeopardise your career.
The agreement should specify the scope of work, intellectual property ownership, payment terms, and liabilities/indemnification to decrease the possibility of lawsuits. To protect both parties, have an attorney review or create client contracts with you.
Many client contracts may stipulate that you obtain cyber liability insurance to cover potential losses in the event of a data breach.
You should consider technological errors and omissions (E&O) insurance even if it isn’t stated in the contract. This policy will protect you if you are sued for a mistake at work. Cyber liability insurance is now included in most technology E&O policies.
Hire Quality Employees
Congratulations on growing your business to the point that you can hire others! The Small Business Administration gives helpful instructions for setting up your employee onboarding process without an HR representative.
To evaluate potential candidates’ credentials and expertise, conduct extensive interviews and background checks. Make sure to follow all federal and state requirements when conducting these audits. To protect yourself and your employees, you’ll need workers’ compensation insurance once you start employing.
To defend against employee theft, fraud, or unauthorised data access, you may want to obtain fidelity bonds.
Protect Your Investment and Your Future
Investing in yourself and your future with a new business is a wise decision. We specialise in assisting cybersecurity companies in protecting themselves and limiting their risk. Our licenced insurance agents would be pleased to talk with you about your company’s condition and determine the best solutions for you.
Vulnerabilities in the Drawings SDK Made by ODA Impact Siemens and Other Vendors
Eight vulnerabilities discovered in the Open Design Alliance (ODA) Drawings software development kit (SDK) affect Siemens and presumably other vendors’ products.
ODA is a non-profit company that develops software development kits (SDKs) for engineering applications such as CAD, GIS, building and construction, product lifecycle management (PLM), and the internet of things (IoT). According to the organization’s website, it has 1,200 members globally, and its products are used by big corporations such as Siemens, Microsoft, Bentley, and Epic Games.
ODA’s Drawings SDK, which is designed to provide access to all data in.dwg and.dgn design files, is affected by several vulnerabilities that can be exploited by convincing the targeted user to open a specially crafted file, according to Mat Powell and Brian Gorenc of Trend Micro’s Zero Day Initiative (ZDI).
The weaknesses were uncovered by ZDI researchers in Siemens‘ JT2Go 3D JT viewing tool, however additional investigation indicated that the problems were caused by the Drawings SDK.
According to ODA’s website, the SDK is the “dominant technology for interacting with.dwg files,” with hundreds of organisations using it in thousands of applications. As a result, the flaws are expected to affect a wide range of products, but has yet to see any vendor advisories.
ZDI’s communications manager, Dustin Childs, said the business anticipates Siemens releasing updates soon.
“There may be additional suppliers who are similarly impacted,” Childs told SecurityWeek, “but we’re not sure how many others use the compromised SDK.”
Out-of-bounds, inappropriate check, and use-after-free concerns have been defined as the vulnerabilities, which have been classified high and medium severity. By convincing the intended user to open specially constructed DWG or DGN files with an application that uses the SDK, they can be used to cause a denial of service (DoS) condition, execute arbitrary code, or gather potentially sensitive information.
However, Childs pointed out that an attacker would need to combine one of the code execution flaws with a privilege escalation weakness in order to gain complete control of a system.
These weaknesses are listed on the security advisories area of ODA’s website, but it’s unclear if the company actively alerted customers about the flaws and patch availability – remedies are included in version 2022.5.
ODA has not responded to repeated requests for additional information or comments on these issues.
Companies that utilise the Drawings SDK should update to version 2022.5 or later, according to the US Cybersecurity and Infrastructure Security Agency (CISA).
CISA issued another notice in May for seven identical Drawings SDK vulnerabilities.
World Mobile Token Ltd looks to raise $40M in Cardano-based native token sale
World Mobile Token Ltd, which is enabling a new global mobile network built on the sharing economy, announces the launch of its utility-based World Mobile Token (WMT) on the Cardano blockchain. The company aims to raise 40 million USD within the first five weeks of the public sale on top of the 5 million USD it has raised privately.
The KYC application opens on June 15th, when participants will be able to create their private WMT vaults. Applicants will be notified when they are approved and it’s their turn to purchase tokens with ADA, BNB, BTC, DAI, or ETH. Participants will need a Cardano address to make a purchase, and will have 24 hours to do so.
Globally 1.7 billion adults remain unbanked, according to the World Bank. Despite many of the technological advancements many of us take for granted, most traditional banks require a manual onboarding process and rely on credit bureaus to verify client identity. These manual, in-person procedures deny many demographics from basic services, such as the ability to open an account, apply for a loan and mortgage, or obtain access to other financial opportunities.
The World Mobile Network aims to bring sustainable connectivity to communities, in Africa and beyond, through the WMT sharing economy. The company sells affordable network nodes to local business owners and implements blockchain-based digital IDs, in turn empowering the African continent with greater economic freedom, digital inclusion, blockchain adoption, and connection to the Internet.
The World Mobile Network already operates in East Africa. Starting with Tanzania and Kenya, the company aims to bring sustainable connectivity to communities through the sharing economy. WMT will power the World Mobile Network ecosystem, allowing World Mobile Network users access to digital banking, healthcare, digital identification, and educational institutions.
“The launch of our native utility token on the most promising blockchain out there really pushes our vision forward,” says Sean Inggs, Director of World Mobile Token Ltd. “WMT will fuel our ecosystem to empower thousands to obtain access to basic necessities including identification, access to education, banking and other fundamental services.”
BBVA Mexico claims first contactless biometric payment card from Visa issued in Latin America
BBVA Mexico is launching a pair of new payment card offerings in collaboration with Visa, one of which features fingerprint biometrics for payment security.
The Smart Key is the first contactless Visa credit card with biometrics offered in the region, according to the announcement. It, along with the Aqua card is made with up to 86 percent recycled material. Both are issued without personalized data printed on the card, while the Aqua card also features a dynamic verification code (CVV).
The bank has 23.7 million customers, 54 percent of whom use the digital channel through the BBVA Mexico App. Of those customers, 5.4 million have credit cards, and 21.2 million have debit cards.
Contactless biometric payment cards from Thales with Fingerprint Cards sensors were certified by Visa last year.
Visa Senior VP and Head of Global Clients Mark Jamison says that “consumer expectations are getting higher and higher and they expect fast and frictionless payment experiences. They are embracing the speed, hygiene and security that contactless payments offer and are becoming more familiar with new forms of biometric authentication in their digital experiences.”
Smart Key biometric payment cards are expected to launch soon for its Patrimonial and Private Banking clients, before becoming available to all clients.
“It is more than a card, this new next-generation device will arrive to transform the means of payment,” states BBVA Mexico General Director of Customer Solutions Hugo Nájera Alva. “We are the first bank in Mexico and on the American continent to put in the hands of our clients a credit card with the latest technology in biometric identification. Through the fingerprint you have access to the most secure, personal and easy-to-use payment experience.”
DGB Technical Analysis: Support Levels of $0.0489, $0.0468, and $0.0441 Will be Tested
29% of Crypto Investors in the UK Check Their Balance Every day, Study Finds
Canadian Elite Basketball League to Pay Player Salaries in Bitcoin
KSM Technical Analysis: Expect Price to Fall Below the First Fibonacci Pivot Support Level of $259.69
Beyond the hype: NFTs’ actual value is still to be determined
This Little-Known Altcoin Could Be Next To Debut on Coinbase, According to Crypto Trader Tyler Swope
Secux Wallet: The Definitive Of Hardware Wallets
Investors say Eindhoven poised to become Netherlands’ No. 2 tech hub
Ethereum’s London Hard fork is Finally Ready to Hit Testnets
Chinese Authorities Order Sichuan-based Crypto Miners to Shut Down Operations
Dutch finance minister calls for crypto regulations.
What Are NFTs, and Should I Buy One?
Former U.S. Ambassador throws support behind embattled Toshiba board chair
China’s cryptocurrency-mining crackdown spreads to Sichuan
The Story Of The Ethiopian Airlines 767 That Landed At The Wrong Airport
Bitcoin Whale Details Crypto Game Plan, Says He’s Loading Up on One Altcoin and Rotating Profits to Ethereum
Bitcoin (BTC) Is At A Major Downside Risk If the Equity Market Corrects Predicts Analyst
How to Start a Cybersecurity Company
Basic SAT Exam Details and Available Preparation Options such as Certbolt Practice Tests
Dignitas benches Dardoch, promotes Akaadian to LCS starting jungler
Kraken Daily Market Report for June 18 2021
Exploring Provably Fair Mechanisms-The Key to Genuine On-Chain Gaming
Shiny Yanma Pokémon GO: How to Catch
Vulnerabilities in the Drawings SDK Made by ODA Impact Siemens and Other Vendors
Dogecoin is the Asset We Chose and Deserve: Sam Bankman-Fried
Veteran trader points out bearish ‘CME gap’ as Bitcoin, Ethereum take a hit
DeFi Powerhouse Fantom’s Native Token FTM Gets Listed on BitFinex and Gemini
California gives residents digital access to their COVID-19 vaccine record
Industrial Fastener Seal Market | USD 323.98 million growth expected during 2021-2025 | Technavio
Litecoin Price Analysis: Litecoin bulls setback below $160
Esports1 week ago
Genshin Impact Echoing Conch Locations Guide
Energy5 days ago
Extensive Demand from the Personal Care and Cosmetics Industry Coupled with the Booming Construction Industry will Invite Impactful Growth for the Mineral Oil & Mineral Spirit Market: TMR
Esports2 days ago
World of Warcraft 9.1 Release Date: When is it?
Esports1 week ago
Free boxes and skins up for grabs in Brawl Stars to celebrate one-year anniversary of China release
Techcrunch7 days ago
This Week in Apps: WWDC 21 highlights, Instagram Creator Week recap, Android 12 beta 2 arrives
Energy1 week ago
Recon Updates Progress on its Technology-Driven Solutions for Electric Submersible Progressing Cavity Pump with $5 Million Orders Secured
Energy1 week ago
Prístav v Baku začína s výstavbou strategického terminálu pre hnojivá v meste Alat
Esports1 week ago
VALORANT player now owns every weapon skin after paying over $4,000
Esports1 week ago
MLB The Show 21 Kitchen Sink 2 Pack: Base Round Revealed
Aviation1 week ago
The Story Of The Boeing 777 Family
Energy3 days ago
Biocides Market worth $13.6 billion by 2026 – Exclusive Report by MarketsandMarkets™
Esports1 week ago
Every new Passive Power in Legends of Runeterra Lab of Legends 2.9.0