Who is SideChannel? (Part I)

A man coding.

Grab your coffee or a cup of tea. Now, get comfortable to read the first part of a Q&A session to learn more about SideChannel.

Let’s get started…

Q. What is the meaning of SideChannel’s name?

A. If you search the web for the word side channel, you’ll likely find results indicating it’s a type of attack. A sidechannel attack uses the indirect information computers exhaust to break the security of a computer system; instead of attacking the computer directly. Need an analogy? It’s similar to a doctor using a stethoscope to listen to how the body sounds and get clues about how it’s functioning. In the case of a computer system, cyber security attackers use software, like a doctors’ stethoscope, to “listen” through the Internet –which is the channel– to the different “sides” of a computer system in order to obtain information about how it works and more importantly how to break it.

Q. Why is SideChannel named after a cybersecurity attack?

A. Because we are experts who understand what attackers do. We don’t just fix risky issues, we help prevent them. Our team of experts can see the whole picture, and differentiate between malicious and unintentional security damage. Our name assures our clients feel safe and protected with us.

Q. Who needs SideChannel?

A. Anyone who wants to operate their business with confidence. Some people think cybersecurity is only for big companies; or that only corporations need CISOs (Chief Information Security Officer) In reality, nothing could be further from the truth. Wherever there’s a computer system, there’s a need to secure information and reduce risk. SideChannel is designed for small businesses, mid-market companies, non-profit corporations, venture capitalist portfolios, startups, municipalities and governments who struggle to find an experienced CISO to help them protect their digital assets and bolster their cybersecurity posture. Also, these entities can’t carry the weight in their payroll for a full-time CISO.

Q. What does SideChannel offer?

A. SideChannel combines cybersecurity talent and software tools to deliver a multi-layered, practical and attainable security program; tailor made to suit your organization’s unique needs. We offer a comprehensive suite of products bundled together via SideChannel Complete–our most high touch service–if your team is starting from scratch. We also fill individual gaps, if your team is building a program, but identified even more needs after starting–or in the worst case scenario, that work is interrupted before what you’re building is completed.

Our approach is based on utilizing cost-effective software implementations, strategic alignment of security organizations, and best practices for CIOs and CEOs alike.

Q. What is a vCISO?

A. vCISO is a virtual cybersecurity leader, lending their expertise to your team through SideChannel. Our vCISOs are recognized experts and actual CISOs who use their experience –in public and private sectors– to provide guidance. A vCISO works hand-to-hand with businesses and organizations’ boards, stakeholders and management team to advise in developing the strategic vision, resources, and protocols to maintain an appropriately sized, measured, effective security program. As a result, at the fraction of the price of a full-time CISO or security expert, a vCISO can reduce risks, balance security investment, and build the confidence an organization needs to operate through business aligned cybersecurity.

Q. What is SideChannel’s methodology?

A. SideChannel’s methodology is based on another approach: we think about cybersecurity as a business problem. Our experts understand your current profile threats, assets, strengths, weaknesses, partners, regulatory obligations and investments through lived experience in their former roles, research of proprietary data sources, getting embedded on your team and interviewing your staff. Secondly, we use scenario analysis and walkthroughs to build a complete understanding of where you stand and where you need to go. Other methods  to reach this understanding may include measuring your company’s controls, operational and program effectiveness. Third, our team raises the bar by defining your ideal cybersecurity state, providing the roadmap to reach that state and helping execute it. This may include: program, policy and procedure documentation; strategy development; procurement and vendor negotiation; identification, implementation and management of tools and managed services providers; oversight of team and program activities.