Three Steps to Understanding and Addressing Customer Service in the Delivery of Cyber Security

Reposted by Aaron Christmas on Jan 07, 2017

Addressing Customer Service in the Dilivery of Cyber Security

So, I have gotten it from both ends: As a developer forced to implement “security” changes by some cyber guy who’s never implemented a system and as a cyber consultant powerless to get an application owner to implement a single line code changes.

No doubt, this antagonistic relationship should not be. Cybersecurity, Application Owners and their technology partners need to be in a symbiotic partnership. For the simple reason that if that partnership does not exist, processes will be circumvented. Leaving applications, programs, and agencies open to security audit findings and a generally weaker security posture.

My foray into this topic began when tasked to work with a team developing a new cyber security site for a large organization. The site was strictly for internal use. Ultimately it turned into a tool to both understand what our cybersecurity customers wanted to know and a method of delivering actionable knowledge to facilitate simpler interactions. If your cyber customers don’t get frustrated in dealing with you it’s much more likely that they will think of cyber as a partner. So they’ll come back, instead of trying to avoid cyber…

Essentially we use traditional consumer facing methods to build sites that treated our internal users as consumers with shopping options. Here is what we did in three simple steps:

  1. Be Data Driven: There are two pieces to this. First putting hooks in to collect information about how your consumers are interacting with your site and services. Secondly putting mechanisms in place to enable the controllers of content and process to be empowered and capable of making the change.
  2. Facilitate Service Delivery: Your consumers don’t know all your processes. Make it easy for them to find out what they need to do. This can be as small as links to documents instead plain text. But can be as broad as an automated ITIL service catalog.
  3. Have a catch all bucket: Sometimes your automated systems are simply not going to work to “answer the mail” for a particular user. Have a place with a tight SLA that consumers can interact with a person.