D6 Research

The Intersect of Physical and Cybersecurity

  • Company
    • Company Overview
    • Practice Areas
    • Neutrality
    • Bios
    • Contact Us
  • Advisory
    • Advisory Overview
    • Advisory for Enterprises
  • Research
    • Research Overview
    • Surveys
  • Buy
    • D6 eStore
    • Cart
    • My account
    • Licensing Info
    • Pricing Info
  • Resources
    • FAQ Central
    • Policy Central
    • Free Papers & Downloads
    • Events
    • Glossary
  • Blog
  • Contact
  • (714) 202-2966
You are here: Home » Advisory Overview » Advisory for Enterprises

Advisory for Enterprises

Keeping it Real
The physical security industry has built a culture and sales model around vendor and channel relationships where end user interests are pushed into the background. Its not a statement that wins us popularity from industry insiders, but its true and end users need to navigate around it if they are going take control of their own destiny. D6 is built around helping end users transform how they execute,
The Challenge
Integrators and consultants generally approach strategy by providing a copy of their playbook they gave to their last customer (which has many elements that came from a vendor who is their close partner). We don’t subscribe to these practices – in fact we repudiate them.  D6 Research has a “no partner policy” – meaning, we don’t resell, benefit from the sale or selection, or the influence of success of vendors. In fact, we don’t even participate in “partner programs” because they typically come with some type of requirement that’s not worth compromising our neutrality. So when we’re sitting on your side of the table as an extended team member – you know we’re really on your side.
A Different Model
End users are the center of how we measure our success. We were founded on the principle of helping end user organizations optimize their planning and execution of their security, identity and privacy programs with increased clarity, vendor neutrality and effectiveness.

By doing so, we remain entirely neutral and always look for a strategy that enables our clients to achieve the same. By combining our years of project experience in similar initiatives, current research, and sampling across the market and your peers, we provide clarity around your key decisions, risks, and execution.

Methodology
We started tackling latent problems in the industry that CSO’s and CISO’s were struggling with and others weren’t willing to address because it was either too complex to do or so far outside of industry norms. But it made sense for customers, so we did it.    We know, because we had to build the knowledge, tools, and models from the ground up ourselves which are unique to the industry. We hear it often from our clients, ”
We asked 8 of our integrator and they all advised the same thing – we have to spend millions to rip-and-replace to make the problem go away”. We come in to help customers not do that, or a fraction with better results./

ADVISORY SERVICES CATEGORIES


Security Program & Risk Portfolio Strategy
We believe that information security and physical security should subscribe to the same principles and practices – but they don’t. We specialize in harmonizing the two through a methodology we’ve developed that leverages validated IT principles into physical application and practice. We start from organizational goals, business unit expectations, and develop security outcomes that provide transformational security and inclusion into the corporate risk portfolio, so they have proper visibility, metrics, and compliance.

Requirements Development
Our research has uncovered that most enterprise physical security programs fail to develop proper requirements that support mitigating actual threats, reducing targeted risks, and address pervasive industry challenges. Investing in technology based on comfort levels, relationships, and features overlooks elements that are critical to long-term success. Our approach starts with root cause resolution, process, policy, and controls re-engineering that define technical elements. We’ve developed proprietary purpose-built tools and libraries that provide expediency, visibility and rationalization for making decisions.

Investment Analysis
Our clients scrutinize investments and return on value. We’ve spent years building process, tools and algorithms that are specific to physical security. We’ve battle-tested them by continuously modeling them in real security programs for some of the world’s largest and most demanding enterprises. Our investment analysis services can model total cost of ownership, projected resources, P&L, ROI, time to value, vendor cost bench marking and cost of efficiency. Granular, visual, by audience – and dead accurate. Know before you invest. Even the largest firms don’t have tools that provide this level of specificity and insight.

Technology Selection
Leveraging our requirements processes, we tightly thread candidate solutions deeper into our analysis tools to apply metrics for capability, compatibility, and dependency analysis so everyone’s perception and reality are on the same page. The process supports a wide range of simultaneous solutions and dynamic combinations while rationalizing them to provide visibility as to parity and impact as to goal attainment. We then apply research and industry experience to vet candidate solutions, disclosures, proposals and contracts. And we don’t partner with vendors – our experts are part of your extended team.

Implementation Planning
Transformational security and complex remediation require skilled and thoughtful planning. The industry approach of taking the vendor playbook and painting it all red just doesn’t work. We have years of background in IT and InfoSec architecture as well as physical. Looking through this lense, coupled with our research, we can work with key stakeholders on their terms to help identify key dependencies and remediation. We work with clients to identify smart ways to de-risk, divorce, migrate while optimizing timelines, function and budget.

 
Validation & Assurance Services
The ugly truth is that physical security systems and industry practices have been completely devoid of best practices concerning effective application security, configuration, and controls.  We employ a range of services that validate the spectrum within a physical security program. Whether its stress-testing your company to see how it would handle a real-world cyber/physical red team attack or validating vendor’s claims or finding out what they should be disclosing. Our philosophy is to only “trust after we can verify”. Unlike other firms that offer validation and testing services, we know where the bones are buried, where to look, and what to test that too often go overlooked. No more blind spots with a complete trail of responsible action and disclosures.

ADVISORY FAQ’s

Company (1)

a
How are you different from consulting firms?

First and most importantly, we are not a consulting firm. We are an analyst firm, and perform consulting to complement our research to benefit our clients in refining their understanding, adapting it to their unique circumstance, and applying what we learn back into our research and methodology and contribute to the community. It is mutually beneficial as it avoids cooking things up in a vacuum. Further, it is not our aim to bill lots of hours, but rather the opposite by giving clients the knowledge and tools to tackle initiatives themselves and decide where they need specialization on a limited basis to fill the gaps.

Categories: Advisory Services, Company
Did you find this FAQ helpful?
0
0
Back to Top

Load More

Recent posts

  • Download The White Paper >>
  • Story From the Vault: A Day of Reckoning for a CISO About His Physical (in)Security
  • Now the Hangover Begins. After the Physical Security Industry Finally Welcomes Cybersecurity.
  • My 15-Year Journey of Cyber Security Within an Industry in Denial
  • The Future of Physical Security: The Decade Ahead

Events

  • Cyber Secured Forum06/05/2018, Denver, CO:
    Terry Gold will present at the first annual Cyber Secured Forum, “A Call For a More Responsible Security Industry” which will detail research regarding the current-state of industry preparedness and guidance for measurable improvement.
  • 04/15/2018, San Francisco, CA (Metreon):
    Terry Gold and Eric Michaud of Rift Recon will jointly instruct a workshop at theBSidesSF hacker conference in San Francisco on red teaming corporate physical access control systems.

Copyright © 2021 · D6 Research · Terms & Conditions · Privacy · All Rights Reserved