Dan O’Neill, President & CEO
Dan O’Neill and his associates are often asked how Advanced Data Risk Management (ADRM) compares to “typical traditional security consultants.” To truly grasp this phrase, O’Neill—a seasoned security consulting expert with over two decades of experience—explains that risk management and security engineering today go way beyond the traditional approaches. While conventional security consulting services are focused on a “prepare and recover” model, O’Neill, President and CEO of Advanced Data Risk Management, stresses that the objective is not just assessing risks, designing, and commissioning systems but also institutionalizing effective management processes and systems.
In conversation with Enterprise Security Magazine, O’Neill breaks down a two-fold problem that looms large in the managed security arena, hindering the profitability and sustainability of businesses in the enterprise world. First is the inadequate utilization of the installed systems, followed by the improper maintenance of the systems. To substantiate the severity of the issue, O’Neill highlights the shortcomings of the traditional security and risk management consulting models.
"We like to think of ourselves as the ‘after consultants’; Whether designing a Global Security Operations Center (GSOC), developing policies and procedures, or helping manage complex installations, we take immense pride in helping clients make their vision a reality"
“Traditional security consultants, they might begin with a risk assessment, followed by the designing of relevant systems, commissioning of those systems, and finally turning over the systems to their client. That model has its fair share of limitations,” begins O’Neill. This Jason Bergerson, Director of Digital Forensics to developing a security model neither guarantees tangible results nor long-term sustainability for business. “We, on the other hand, approach these requirements from a holistic and post installation perspective,” adds O’Neill. Advanced Data Risk Management (ADRM) specializes in providing traditional security consulting and tailored data-driven solutions and turnkey services for clients, based on the risk and need, through project management and managed security services.
Pushing the Boundaries of Sustainability
O’Neill’s comprehension of the challenges with associated risk management and managed security services are comparable to an internal combustion engine – the better the maintenance, the more significant the performance, usability and reliability. “Risk management systems require regular attention, and if they are not tended to at regular intervals of time with consistent updates, they will most likely break or fail,” explains O’Neill. However, many organizations do not have the time, staff, or resources to ensure that these systems are kept up to date. Conversely, organizations working with consulting firms such as ADRM can reap benefits such as higher system readiness, better reliability, and reduced staff, while their consultants, with focused expertise, manage their systems with an uncompromised sense of quality and assurance. The ADRM team understands managed security inside and out and leaves no stone unturned in maximizing the performance of the installed systems.
A risk management system requires regular attention, and if it is not tended to at regular intervals of time with consistent updates, it will most likely break and fail
ADRM conducts data-driven, all-hazards quantitative risk assessments, where risk is calculated using mathematic formulae, including probability, consequences, vulnerability and velocity. The ADRM team then recommends solutions to mitigate risk in a cost effective and operationally efficient manner. All recommendations include cost estimates and implementation timelines. The result is a data-driven Security Business Plan© with detailed budgets and multi-year implementation plans that identify capital, operating, and recurring costs.
Conversely, businesses collaborating with conventional security providers may end up compromising the overall effectiveness of their installed systems. For instance, many organizations utilize only 20 percent of the enterprise security system capabilities when implemented without a tailored approach to managed security or risk management. ADRM has been actively examining this issue and has been able to maximize the performance of their client’s systems to their full capabilities, while deriving longer product life cycles through consistent maintenance and upkeep. The company also obtains enhanced support from system integrators, which often circumvents the requirement of entering into support agreements; ADRM, in turn, enables its clients to save $60,000 - $100,000 annually, based on the size and configuration of the system. These savings can be used for new technology, system enhancements or any unforeseen issues that the organization could face. ADRM also helps clients manage warranties for products, leveraging their relationships with manufacturers and their representatives to more easily procure repair or replacement services.
Before and After Snapshots
A noteworthy strategy employed by ADRM during risk assessments for their client’s existing security and IT environments, is to capture a “before snapshot”. Using this data in assessing a client’s infrastructure, ADRM fully understands the areas needing improvement, thereby designing systems that enable the client to achieve desired business objectives. Once the proposed systems are installed, commissioned and accepted by the client, ADRM creates an ‘after snapshot,’ highlighting the upgrades made to the client’s security and IT architecture.
“We like to think of ourselves as the ‘after consultants’; Whether designing a Global Security Operations Center (GSOC), developing policies and procedures, or helping manage complex installations, we take immense pride in helping clients make their vision a reality”, says O’Neill. “We hire the right vendor to install the system and then manage the process of installing, programming and commissioning the system. The end result will be the installation of integrated systems that are effective at prevention, detection, response, investigation and recovery.”
When designing GSOCs, ADRM looks at the entirety of the client’s operations to design a space that meets their client’s needs today and into the future.
This includes selecting the correct, scalable components that can grow or be adapted to evolving threats and risks. With a keen eye for ergonomic appeal, ADRM creates an environment that is extremely functional as well as comfortable for operators whom need to be focused on their tasks. This results in actualizing a highly productive and functional work space. ADRM also develops all hazards emergency response and business continuity plans, in addition to communications plans developed to reach community members and constituents. ADRM implements and tests these plans, in conjunction with their clients, to ensure accuracy and effectiveness, and then manages annual or as-needed updates and/or revisions to plans, policies, and procedures. ADRM oversees system health checks, software updates, patching, version control, and coordination for support, maintenance, and warranty issues daily, weekly, monthly, or quarterly depending on each client’ particular needs.
A Testament to Resourcefulness
An engagement that validates the aforementioned methodologies and ADRM’s ability to assist clients in enterprise transformations is its collaboration with a rapidly growing national financial services firm with approximately $55 billion in assets and six offices across the United States. ADRM helped the client grow from one office location to another effortlessly in what began as a risk assessment engagement. Upon completing the risk assessment phase, ADRM assisted with the selection of access control and video management systems that fit their needs and requirements, culminating in a successful deployment using a design/build approach. ADRM, in concert with the IT department set up the entire front-end and back-end system infrastructure with failovers, while integrating active directory to ensure that only current staff and contractors can access company resources. ADRM held post- installation workshops with the Security Team, Facilities Managers and IT staff to note lessons learned and improve processes. ADRM replicated the updated process flow at each of the other five offices, without the systems integrator ever touching the client’s database or any critical information associated with their business. This was followed by implementing relevant managed services such as patching systems, software upgrades, windows updates, calls for service, troubleshooting, video review, access control, credential management, card ordering, and training.
Currently, ADRM is managing the maintenance and upkeep for the financial services company on a monthly basis and has been actively engaged with the client for over five years. O’Neill accredits the success of such collaborations to the ADRM team, comprising ten full-time consultants with a combined 200 plus years of experience and expertise. With over half of the ADRM Team having owned businesses, these consultants understand the ins and out of risk management, security design, emergency management and managed security services, effectively helping clients achieve their business objectives. The collective experience has nurtured the congruence of physical security and IoT technologies within the ADRM umbrella as security systems become more IPcentric. Case in point, the company helped a client implement a robot within their manufacturing facility, paving the way for more contactless interaction and enhanced safety and security for the people and assets of the organization. Along similar lines, ADRM also assists clients in mapping compliance and regulatory requirements comprehensively, making recommendations that benefit their enterprise as a whole. Bolstered by these skills and competencies, ADRM stands as the enabler of enterprise transformation for clients across varied industry verticals, providing businesses with a sustainable and profitable avenue for success.