NuHarbor Security
  • Solutions
    Solutions
    Custom cybersecurity solutions that meet you where you are.
    • Overview
    • Our Approach
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • By Business Need
      • Identify Gaps in My Cybersecurity Plan
      • Detect and Respond to Threats in My Environment
      • Fulfill Compliance Assessments and Requirements
      • Verify Security With Expert-Led Testing
      • Manage Complex Cybersecurity Technologies
      • Security Monitoring With Splunk
    • By Industry
      • State & Local Government
      • Higher Education
      • Federal
      • Finance
      • Healthcare
      • Insurance
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Services
    Services
    Outcomes you want from a team of experts you can trust.
    • Overview
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • Security Testing
      • Penetration Testing
      • Application Penetration Testing
      • Vulnerability Scanning
      • Wireless Penetration Testing
      • Internal Penetration Testing
      • External Penetration Testing
    • Assessment & Compliance
      • CMMC Compliance
      • NIST 800-53
      • HIPAA Security Standards
      • ISO 27001
      • MARS-E Security Standards
      • New York Cybersecurity (23 NYCRR 500)
      • Payment Card Industry (PCI)
    • Advisory & Planning
      • Security Strategy
      • Incident Response Planning
      • Security Program Reviews
      • Security Risk Assessments
      • Virtual CISO
      • Policy Review
    • Managed Services
      • Curated Threat Intelligence
      • Managed Detection and Response (MDR)
      • Sentinel Managed Extended Detection and Response (MXDR)
      • SOC as a Service
      • Splunk Managed Services
      • Tenable Managed Services
      • Vendor Security Assessments
      • Vulnerability Management
      • Zscaler Support Services
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Partners
  • Resources
    Resources
    Explore reports, webinars, case studies, and more.
    • Browse Resources
    • Consultation Icon Consult with an expert
    • Blog icon Blog
    • Podcast icon Podcast
    • Annual SLED CPR icon Annual SLED CPR
    • Downloadable Assets icon Downloadable Assets
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Company
    Company
    We do cybersecurity differently – the right way.
    • Overview
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • Leadership
    • News
    • Careers
    • Contact
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Consult with an expert
  • Client support
  • Careers
  • Contact
1.800.917.5719
NuHarbor Security Blog
    • Compliance
    • Cybersecurity Technology
    • Security Operations
    • Industry Insights
    • Security Testing
    • Advisory and Planning
    • Application Security
    • Managed Detection and Response
    • Threat Intelligence
    • NuHarbor
    • Managed Services
    • Cyber Talent
March 25, 2019

Building on people, process, and technology

Justin Fimlaid Justin Fimlaid

For a long time our industry has been saying that addressing people, process, and technology will solve some of the hardest problems in cybersecurity. The terms people, process, and technology fundamentally suggest the destination and solution is known and the triad is the path to get to the solution. The issue we all experience is that most folks don't know the destination and solution, so to offer people, process, and technology only offers a path not a solution.

While security has been around for a while it is still a very young industry and it’s only been a true discipline for 5-10 years. We’re still figuring things out. As I tell everyone, learning as you go is a-okay.  We reserve the right to get smarter as we go. As facts change so should your opinion.

For a very long time security folks have touted that addressing and figuring out the answer to people, process, and technology will solve the answer to some of the hardest security questions. I think for a short time this was probably true. For that short time, “we” as a collective industry, were still crawling and trying to figure out this security thing applied at scale.

First off what's people, process, and technology? The terms people, process, and technology suggest the intersection of these three items like a Venn diagram. At the intersected middle is the solution perfectly balancing all three. The term people is the human side of this triad. Humans are the operators the strategy and elbow grease to ensure the job gets done. Process is the organization and the X's and O's of how people and technology will work together, it's always a way to organize work so it can be automated. Technology is the technological pieces doing what humans either can't or doing it faster than a human can creating massive efficiencies.

It’s now 2019. Our security industry is at a light jog headed into a run. Our industry has matured a ton, and it’s continuing to mature and advance. Blanket answers of People, Process, Technology is not enough anymore. Let me offer an analogy to make my point--a fine dining experience at a restaurant. Your experience at this restaurant is dictated by service and how you are greeted when you arrive, presentation of the table, the ambiance of the restaurant, the menu, and most importantly how the food is prepared, served, and most importantly flavors of the cuisine. The chef, who usually has as a direct say in all these things, deals with people, process, and technology. A chef deals with the staff of the restaurant and kitchen, a chef defines processes for line-cooks and interactions with the wait-staff, and chef needs to have the right tools or technology to do the job. To say that People, Process, Technology are the only inputs to a success restaurant is flawed. There’s much more that goes into a successful experience for the patron so they want to return. If you told a chef that his or her people, process and technology is what makes them successful, I’m positive they would disagree. Running a successful restaurant is much more than these three things. It’s the ingredients, it’s the recipes, it’s the pairing food types on a menu, great chefs will also consider textures of the food, it’s the many years in culinary school practicing how to make a perfect soufflé, it’s food presentation (which is an art form), my list can go on. All this, the customer experience, transcends people process and technology.

People, process, and technology is becoming a curse phrase. It’s how I can quickly sort out who is taking the short cut in security by offering high-level, abstract, not-applicable answers. It’s also how I personally sort out those working as a tourist in the security industry versus those that are true security professionals.

One thing you need to know about people, process, technology is that it assumes you are working backwards from a known solution. If you know exactly what you want, standardizing on these things can be a way to categorize your effort into a work break down. The issue in security in most folks don’t know the solution.

So, next time you offer people, process, and technology as a blanket response remember you aren’t helping anyone. We need security blueprints that considers people, process, technology, but also factors everything else such as security protocols, attack vectors, pieces of the kill chain, specific capabilities of an enterprise security program. Being able to offer this level of blueprint and expertise only comes from years of expertise.

Included Topics

  • Compliance,
  • Cybersecurity Technology
Justin Fimlaid
Justin Fimlaid

Justin (he/him) is the founder and CEO of NuHarbor Security, where he continues to advance modern integrated cybersecurity services. He has over 20 years of cybersecurity experience, much of it earned while leading security efforts for multinational corporations, most recently serving as global CISO at Keurig Green Mountain Coffee. Justin serves multiple local organizations in the public interest, including his board membership at Champlain College.

Related Posts

Industry Insights 4 min read
CISO Security Metrics: Proving Business Value Read More
Security Testing 2 min read
How Vendor (3rd Party) Security Assessments Can Help You Build a Better Security Program Read More
Compliance 4 min read
6 Requirements in PCI DSS 3.0 That You Should Plan For Read More

Subscribe via Email

Subscribe to our blog to get insights sent directly to your inbox.

Subscribe Here!

Latest Pwned episodes

Episode 200 - Reflections of Pwned...Until Next Time
April 03, 2024
Episode 200 - Reflections of Pwned...Until Next Time
Listen Now
Episode 199 - When a BlackCat Crosses Your Path...
March 21, 2024
Episode 199 - When a BlackCat Crosses Your Path...
Listen Now
Episode 198 - Heard it Through the Grapevine - Beyond the Beltway, 2024
March 08, 2024
Episode 198 - Heard it Through the Grapevine - Beyond the Beltway, 2024
Listen Now
NuHarbor Security logo
NuHarbor Security

553 Roosevelt Highway
Colchester, VT 05446

1.800.917.5719

  • Solutions
  • Services
  • Partners
  • Resources
  • Company
  • Contact
  • Privacy Policy
Connect
  • Twitter
  • Linkedin
  • YouTube
©2025 NuHarbor Security. All rights reserved.