Do you think Mandiant is a good provider for Security Program Assessment on IT security? I have seen that they have good grades on consulting but they are not graded on Assessments. Would you recommend another provider?

112 views4 Upvotes3 Comments

Head of Cyber Security in Manufacturing, 501 - 1,000 employees
As with every consultancy it depends on the consultant. Personally i like mandiant because they are honest, and try to be as much as possible to do a independant proposal without driving one or the other vendor.
CIO, Self-employed
Mandiant tends to do a stellar job on live incident response and forensics. With respect to assessments, it may be predicated on the type of assessment contemplated. If Mandiant is doing a compromise assessment, I'd vote a strong yes. If they are looking at how a security program is structured, its alignment to a framework or standard, or the maturity of the security program, I'd think there'd be a number of competitive options. 
CISO in Healthcare and Biotech, Self-employed
I will echo  and 's statements that the engagement would be consultant-specific, but Madiant does a great job at post-compromise assessment.  Perhaps find out what kind of experience the proposed assessor-consultant has in your industry.  Were they in a leadership or individual contributor role regarding that industry experience?  If the organization does not have a large bench of consultants, one must closely evaluate the proposed individuals.  

Content you might like

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
47.1k views133 Upvotes325 Comments

Accountability - There's no system for accountability - we just rely on people keeping their word33%

Innovation - There's a structured process to contribute an idea and see the eventual outcome and decisions53%

People - Our company finds it difficult to do any of the above33%

People - Laggards hold things back but certain people and teams make it happen31%

General - We find it difficult to do any of the above15%

IT - We are held back from most of the above by legacy systems and a dependence on IT24%

Processes and Workflow - We've reached a point where email, chat and documentation have been replaced with accountable tasking and repeatable processes17%

Processes and Workflow - We publish processes or documentation and try to keep it up-to-date13%

Something else (comments below)1%


5k views6 Upvotes2 Comments