By Chris Player
June 8, 2017
George Arronis, Head of IT Security Serco Asia Pacific
In taking a step back, the security industry is an ironic place to operate.
Bursting to the seams with specialists, threat detectors, evangelists, threat protectors and all-round preachers, everyone is itching to take a slice of the security pie.
But the harsh reality remains that cyber security vendors, overall, emphatically fail when selling to the Chief Information Security Officer (CISO).
Whether it be the usual spiel of trashing the competition, overly complicating simple solutions or short-circuiting the CISO to reach the treasure chest, vendors simply struggle to effectively articulate security to end-users.
So, step forward the partner, tasked with tailoring solutions specific to end-user requirements, working with the vendor when required, but leading in the conversation with the buyer.
"They need to understand both us and our customers," Serco Asia Pacific head of IT security and risk, George Arronis, said.
Through heading regional security for one of the world's largest providers of public services to governments, the services Serco provides are often of critical importance to the communities and nations it serves.
Therefore, Arronis stressed the importance of working with IT providers that are attuned to the goals of the business.
"We work close with Federal Government which means there are specific security requirements to meet," he explained.
"Knowledge and experience in that space is a good starting point."
In referencing third-party providers, Arronis acknowledged the industry is mixed, with some partners understanding how to engage with the end-user, while others lack the skills required to make inroads.
"Because we deal with many IT providers, their strength in the security space varies," he observed.
"Providers include niche software houses, data centre hosting, Software-as-a-Service (SaaS) or managed services. Depending on the purchase type, we aim to bring them up to speed where we feel there are gaps in security knowledge."
Yet as explained by Arronis, partners already operating with Federal Government already have a head-start in understanding the specific challenges and requirements of the sector from a security standpoint.
"Then you have niche players, especially if they are offshore software vendors, which may not have experience in the local market, they don't always understand the local security landscape," he added.
"Federal Government in different regions have different needs and this in some cases will override a particular control which needs to be changed."
On a positive note, Arronis acknowledged that such providers are willing to alter internal practices to accommodate the requirements of Serco.
"But the larger providers are already attuned to customer security needs or well on the way to addressing them," he added.