Internal or External Resources? YES!

July 3, 2024

Imagine trusting a neighborhood kid to take care of your dog while on vacation. While they may be capable of completing the task you’ve outlined; they will likely only do exactly as you ask. The dog gets what they need and the job is done.

In contrast, imagine trusting an adult neighbor caring for your dog while on vacation. Aside from caring for the dog, they’re going to think about trash days, bringing in the mail, and would probably take notice of a leaky faucet or other things that could be amiss.

This more experienced person wouldn't just check the boxes; they would look beyond them, potentially avoiding disaster.

To a trained ear, a leaky faucet needs immediate attention. To the neighborhood kid, they probably won't even notice.

The same is true for deciding which resources you need to carry your Cyber GRC program to success.

Long-term employees are invaluable knowing the ins and outs of your business, understanding corporate culture, and executing a few daily tasks efficiently.

Outsourced resources who work with multiple different companies bring perspective, best practice, deep experience, and bandwidth to truly become an extension of your team.

Sometimes you need someone to do exactly what you’ve asked.

Other times you need someone who is going to look beyond the challenge you’re presenting, ask the right questions, and use their experience to notice when something is amiss and guide you to the best solution.

Combining the efforts of your internal team with the outside expertise ensures you catch the leaks before they become floods, securing a smoother, more successful journey toward your goals. It also extends the bandwidth of your internal team so that the overall work output greatly increases.

So, the next time you're tempted to solve a problem solely on cost or convenience, pause for a moment to consider the bigger picture. Think about the risks, the complexities, the ultimate objective, and the potential leaky faucets waiting to trip you up.

And then, construct your team accordingly.

When it comes to unlocking success, it's not about choosing between your internal team and external resources. It's about enacting the right blended team at the right time. Surround yourself with the talent necessary that not only understands your vision but is also able to get you to your goals.

Security Questionnaires: You Can’t Just Blame the Intern

Compliance, Events, GRC, Risk, Top Posts, TPRM

Let’s face it—no one enjoys security questionnaires. They are tedious and time-consuming, and it’s easy to question their real effectiveness in mitigating security risks, especially since they’re often a check-the-box exercise. However, in today’s digital landscape, they are unavoidable for building and maintaining trust with customers. Join us as we confront this harsh reality: despite […]

The Audit Trap: Why Passing isn’t Protection

Compliance, Cybersecurity, Events, Risk

Think passing an audit means your cybersecurity program is solid? Think again. Many organizations unknowingly expose themselves to greater risk by relying on compliance checkmarks rather than a true security strategy. In this session, we’ll uncover the hidden dangers of audit-driven security, why "passing" may leave you more vulnerable, and the real steps leaders must […]

Vulnerability Scans: Only Part of the Equation

GRC

There are two primary ways we see companies manage vulnerabilities… one of them significantly riskier than the other. Reactive strategies rely on a problem to arise before taking action. This makes reactive the riskier option of the two, hopefully for obvious reasons. Using a reactive strategy is like waiting for an electric bill to […]

Where Compliance Meets Security: Doing Both the Right Way

Compliance, Cybersecurity, Events, GRC

Compliance and cybersecurity are often seen as separate priorities—but the truth is, good compliance reduces risk when done right. So how do you effectively integrate both for a stronger security posture? In this session, we’ll break down the intersection of compliance and cybersecurity, share best practices, and walk through real-world examples of organizations that have […]

The ROI of GRC: Turning Compliance Into Competitive Advantage

Cybersecurity, GRC, Other, Top Posts

Too often, compliance is seen as an expense instead of an investment. But when done right, Governance, Risk, and Compliance can become a competitive advantage that drives trust, growth, and resilience. In this session, we’ll share how forward-thinking organizations are proving the ROI of GRC—quantifying risk reduction, accelerating sales, and strengthening customer confidence. Join us […]

CMMC Compliance: Cutting Through the Confusion

CMMC, Compliance, Events, GRC, Top Posts

Cybersecurity leaders want to know, in plain terms, what they need to do when it comes to CMMC to ensure compliance and customer contractual obligations. Join us for a conversation with cybersecurity experts about what’s actually needed to stay on track with CMMC compliance. We’ll dive into the real gaps you may be facing […]

Why Cybersecurity is as much Art as Science

Podcast

In this kickoff episode of The Art of Cybersecurity, host Cheri Hotman shares why this podcast exists and what listeners can expect. Cyber isn’t just science or technology — it’s art. It’s messy, constrained, people-driven, and ultimately about mitigating risk to protect people and data. Cheri cuts through the noise of “easy button” tools, audit-passing […]

Choosing the Right Cybersecurity Framework: A Practical Guide for Leaders

Events

Speakers: Cheri Hotman and Tanya WadeHosted by: Hotman Group Why Choosing the Right Framework Matters Passing an audit is no longer enough. Many organizations still treat cybersecurity as a one-time project, something to "check off" rather than an integrated, living part of their business operations. During this session, Cheri Hotman and Tanya […]

Why Maturity Matters: Overcoming GRC Cognitive Overload with the Maturity Model

Events, GRC, Top Posts

Please join Kayne McGladrey, author of the GRC Maturity Model and Cheri Hotman as they explore the GRC (Governance, Risk, and Compliance) Maturity Model, a powerful tool for organizations to assess and enhance their cybersecurity practices. Achieving maturity in GRC is crucial for navigating complex regulatory landscapes and boosting overall effectiveness. Through self-assessments, organizations can […]