Discuss

last person joined: 2 days ago 

Ask a question. Give advice. Share resources. Looking for software or hardware recommendations? Want to know how others are using text messaging in their work? Trying to find examples of IT policies? The NTEN Discuss forum is a great resource for all of the above and more! It's the general discussion list for the NTEN community, and folks all over the US (and the world) are sharing their questions, answers, and news about nonprofit technology.

Seeking advice about working with cyber security consultant

  • 1.  Seeking advice about working with cyber security consultant

    Posted 17 days ago

    The organization I work for is in the process of hiring a cyber security consultant to help us ensure that our websites, applications, and databases are and remain secure and our policies and procedures are documented and meet industry standards.

    If you've worked with a cyber security firm on a project like this before and have lessons learned or recommendations to share to help make the process go smoothly, my colleagues and I would love to hear them.

    Thank you!

    ------------------------------
    Sharon Heiber
    Content strategist
    Seattle, WA
    ------------------------------
    2020 Nonprofit Technology Conference Logo  w/ Baltimore Skyline


  • 2.  RE: Seeking advice about working with cyber security consultant

    Posted 16 days ago
    Sharon,

    We made a one-page tip sheet many years ago on working with consultants. This isn't specific to cybersecurity assessments, but still very relevant.

    I would encourage you to think about the following two questions and make sure you have clear answers to both for your engagement:

    1. If this project is totally successful, what will have changed?
    2. How will those changes benefit our organization?
    If not too late, you could reach out to the Digital Security Exchange for a free assessment. They can help you identify your most critical cybersecurity needs, put together a clear scope of work and introduce you to practitioners in their network (full disclosure, I am one of those practitioners). We also have a free cybersecurity self-assessment you can take and get a free findings and recommendations report immediately. The report is something you can share with your consultant and can help them identify critical areas of need.

    Last, if you haven't already selected your vendor for this work, we perform this sort of work regularly. If you would like to speak with me, please use this link to view my schedule and select a time that works for you.

    Best,

    -Joshua



    ------------------------------
    Joshua Peskay
    Lewiston, ME
    ------------------------------

    2020 Nonprofit Technology Conference Logo  w/ Baltimore Skyline