Expert-Driven Cybersecurity Audits for Clients in Less Time

Mint Expert is a consulting company that supports small companies and other clients in Switzerland with cybersecurity audits and other services. As many as 10 freelancers support Mint Expert's one-person team at any given time.

Recently, we sat down with Jean-Charles Richaud, CEO and Cybersecurity Consultant at Mint Expert. He told us how CIS SecureSuite Membership resources, particularly CIS WorkBench, helped his company solve some of Mint Expert’s business challenges. Let’s examine the way in which this happened below.

The Challenge: Meeting Client Compliance and Security Goals with Expertise

Demonstrating Compliance to FINMA

All companies in Switzerland's financial sector are subject to the Swiss Financial Market Supervisory Authority (FINMA). This body is responsible for regulating Swiss financial authorities with standards, guidance, and recommendations. Financial authorities must comply with FINMA to provide financial services in Switzerland. As a result, many financial clients come to Mint Expert in need of an audit that can help them determine their compliance to internal controls under FINMA's specifications.

Many financial companies also approach Mint Expert with the goal of strengthening their cybersecurity posture. For instance, one company reached out to Jean-Charles with concerns about the security of its systems and data. The company was also struggling to optimize its IT infrastructure for maximum efficiency and reliability. Together, these two challenges prevented the company from improving the overall security and reliability of its IT systems while ensuring smooth and efficient operations.

Rendering Expertise in a Crowded Cybersecurity Marketplace

Plenty of solutions can help companies with the above-mentioned challenges. Without expertise, however, they might need to set aside time and money to explore their options and figure out what best supports their goals over time. Not everyone can commit to this exploratory process, and even if they can, they might struggle to navigate it on their own.

Mint Expert's challenge was to provide this level of expertise so that it could make the most of its resources and those of its clients. In the past, some clients didn't understand the technical information or what was required of them for a cybersecurity audit, especially when directors, CEOs, and other non-technical folks looked to tie back the cyber maturity of their information systems to the business. Some clients even requested that Mint Expert perform a repeat audit, which was a waste of time, money, and effort for everyone. Mint Expert needed a model with a documented record of expertise to guide conversations and optimize strategy with its clients.

The Solution: Community-Supported Documentation of Change in CIS WorkBench

Jean-Charles didn't try anything else to resolve the challenges discussed above before becoming a CIS SecureSuite Member. As he put it, "When you search for expertise in the field of cybersecurity, you'll find other solutions, but CIS is still the best."

Getting His Clients Started with CIS Security Best Practices

Upon obtaining his CIS SecureSuite Membership, Jean-Charles incorporated the CIS Critical Security Controls (CIS Controls) and the CIS Benchmarks directly into his services. He did so for two reasons. First, the Controls and Benchmarks are written in a way that simplifies the process of communicating the business impact of each implementation action to non-technical folks. 

Second, both the Controls and Benchmarks map to and are referenced by other industry frameworks and regulations that support his clients. Provided below is an overview of their current mapping and compliance.

 

Frameworks Provided with CIS Controls Mapping

 

Regarding his use of the Controls, Jean-Charles started performing audits with the three Implementation Groups (IGs) of the Controls. He complemented these efforts by using the CIS Benchmarks to guide clients when they asked him to perform an audit for Microsoft Windows 10 or a Windows Server, for example. In those instances, he provided a PDF of the corresponding Benchmark to the client and explained how they could use the recommendations to harden their systems. He didn't need to take any technical action on his part; because the CIS Benchmarks reflect the expertise of IT professionals globally, he relied on those documents alone to help clients optimize their processes.

Want to learn more about the development process behind the CIS Benchmarks? Check out our video below!

Expert Community and Up-to-Date Documentation in CIS WorkBench

The more he explored his SecureSuite Membership, the more Jean-Charles realized that CIS WorkBench was one of the most important benefits for Mint Expert. He found CIS WorkBench's listing of different versions for CIS resources useful, as he could quickly understand new topics/technology changes and then communicate these improvements to his customers. When his clients requested reports in French, Jean-Charles translated the WorkBench resources for them. 

Additionally, Jean-Charles found value in connecting with the CIS Communities on WorkBench. He used these groups as a networking opportunity to connect with experts with training in Active Directory, Windows, Google, and other technologies. From those connections, he did some research on his own to build his expertise and skills so that he could better serve his clients.

The Impact: Quicker Support for Clients Old and New in Achieving Their Goals

Saving Time and Money for Existing Clients

By becoming a CIS SecureSuite Member, Jean-Charles was able to help Mint Expert's clients fulfill their objectives. Provided below are some data points from one of Mint Expert's financial clients:

  • Prior to CIS implementation, the company averaged one significant security incident per month. After CIS implementation, this number fell to fewer than one incident every three months. 
  • Customer satisfaction surveys showed a 20% increase in perceived security measures by its clients after implementing CIS security best practices. 
  • The company observed a 15% reduction in IT operational costs within the first year of implementing CIS SecureSuite. 
  • Vulnerability assessment time was reduced by 30%, leading to a 25% drop in associated costs. 

"We are extremely satisfied with our services from Mint Expert," the company's Director of Operations explained. "CIS SecureSuite was instrumental in elevating our cybersecurity posture and optimizing our IT processes. The ongoing updates and support ensure we stay at the forefront of cybersecurity best practices. We’re hoping to further enhance our disaster recovery and business continuity plans with support from CIS going forward."

Saving Time and Attracting New Business

Mint Expert's clients weren't the only ones who saved time by using CIS security best practices. Jean-Charles found that his tasks took less time after becoming a SecureSuite Member. For instance, before he used CIS, he usually spent several hours on each audit due to all the manual tasks he needed to perform. After becoming a Member, he switched over to using the pro version of the CIS Configuration Assessment Tool (CIS-CAT Pro) to run automated scans of his clients' systems. This automation reduced the time he spent on each audit to just 15-20 minutes.

Mint Expert was also able to attract new business. Companies who started using CIS-CAT Lite on their own approached the services provider about running scans of their systems with CIS-CAT Pro. They wanted to work with a CIS SecureSuite Member to harden their systems to CIS Benchmarks not included in CIS-CAT Lite. Merely by having access to CIS SecureSuite resources, Mint Expert succeeded in growing its list of clients.

Now It’s Your Turn!

Through the use of SecureSuite, Mint Expert saved time conducting cybersecurity audits for its clients, brought on new business, and helped clients not only fulfill their objectives but also look to the future of their cybersecurity programs.

Interested in learning how CIS SecureSuite can benefit your organization?