From Enterprise to SMB: A Trial by Fire
Jake Lee
In my past lives at larger enterprises I often had access to best-in-class technologies, dedicated vendor representatives, and an extensive budget to pursue defense-in-depth (and in many cases, redundant solutions) layered controls and solutions. However, when I made a paradigm shift from a Fortune 50 to a fast, lean SMB (Small-to-Medium Business), I soon found myself in a proverbial trial by fire that would require innovation, agility, efficiency, and resourcefulness.
Not only was it a new environment, but it was also a new industry—going from the financial sector to healthcare—and I soon found myself on Day One wearing multiple hats and stretching every dollar; while still being expected to deliver enterprise-level protection.
Rebuilding the Security Program with Less
Without deep resources, robust vendor ecosystems, and specialized roles and departments, I needed to focus on what I could achieve. This was a whole new playing field, so before I committed to anything I first needed to identify my primary objectives: consolidate, prioritize, and shift focus on core, native platforms that need to deliver despite having multiple security issues.
The first thing I focused on was to identify gaps in our security, while also reducing our vendor footprint. This approach often gets negatively associated with cutting corners, but this was far from that. It was about starting from the blueprint and architecting the foundation.
For example, if your task is to secure a home, what’s the point of putting five deadbolts on the front door while it, and all your windows can’t be closed? When your resources and budgets are less than 1% of prior life, managing a dozen tools is not scalable. Instead, it becomes an exercise in futility. I focused on multi-functional platforms with solid integration and automation capabilities, strong customer support, and roadmaps that aligned appropriately with our expected growth, while still being able to filter and ignore frivolous bells and whistles.
Fortune 50 Strategy, SMB Budget
In a SMB you need to adapt and improvise. But that doesn’t mean you can’t have a strategy. Enterprise-level strategies don’t have to disappear, so what I did was focused on solid governance frameworks such as the NIST Cybersecurity Framework, assessed core and highest risk based on our core business model—looking at the hundreds of SaaS/PaaS technologies + architecture that the business depended on, and created a multi-phased implementation roadmap that mimicked enterprise structure for operation and governance.
That resulted in a key lesson: security and risk isn’t about how much money you throw at it, it’s about how to invest wisely and intelligently! Every dollar has to be justified in its spending and every decision, no matter how big or small, needs to show a return in risk reduction, compliance, and/or operational efficiency.
Built for Enterprises and Lean Teams Alike
Chris Camacho
At Abstract, we work with customers on both ends of the spectrum. Many of them have backgrounds like Jake, where they helped build or lead large scale security programs across global enterprises. Now finding themselves in fast growing companies or critical infrastructure environments where resources are limited but expectations are still high.
This is exactly why we built Abstract. Our platform scales to support both the largest data volumes and the scrappiest of teams. We handle the heavy lifting for you, whether that means deploying real-time pipelines, delivering threat analytics, or supporting compliance and detection strategies out of the box. We act as a force multiplier for smaller security teams and as a central foundation for larger organizations looking to consolidate and modernize.
Our customers use Abstract to control cost, improve detection, and simplify security operations. Whether they are managing hundreds of terabytes of data or standing up their first security operations center, Abstract provides the tooling, support, and flexibility to meet them where they are.
Running a security program without the benefit of a big budget or specialized teams isn’t a step down. It is one of the clearest tests of leadership in this field. If your organization is looking for a skilled security leader who understands how to scale programs intelligently, efficiently, and with impact, I highly recommend connecting with Jake Lee on LinkedIn. He brings a rare mix of enterprise level strategy and hands-on execution that makes him a powerful asset for any security team.