The Big Data Talent War: Don’t Get Drawn In

Big Data Talent War Do Not Get DRawn In

Today’s demand for big data talent reflects a recurring theme that happens whenever a new valuable technology becomes available. Companies face the conundrum of figuring out how to quickly capitalize on the latest technology to gain business advantage during a time when a limited supply of skilled talent exists in the marketplace. 

Internally, the tug of war begins because marketing, operations and customer service all push to leverage these technologies as quickly as possible, while IT tries to figure out how to get it done. The business ends up with two options: develop the expertise internally or partner with an outside resource.

Build the Expertise
The conditioned response is to invest in hiring new talent with the needed expertise or training teams to capitalize on the new technology. We, however, would argue that choosing to develop the technical expertise internally is the wrong approach for most businesses.

Recruiting scarce big data talent is a tall order, and it can cost corporations precious time and hefty compensation packages. McKinsey reports that the United States is facing a shortage of 140,000 to 190,000 people with expertise in analyzing large amounts of data and 1.5 million managers and analysts with the skills to understand and make decisions based on big data analysis.

Recruiting a team for big data is expensive and takes significant time to onboard, train and maximize new capabilities effectively. The team can be invaluable once they are fully engaged and bring a greater return on investment for your company. Unfortunately, far too often, a team member or members can be lured away before delivering the hoped-for value.

Companies often believe they can train in-house teams of employees in new technologies rather than recruiting new employees, but this can come with a significant “cost of discovery.“  Members of the team typically learn by trial and error slowing progress and often causing frustration on several levels of the organization. The company will also invest substantial resources to build up employees’ expertise while losing valuable time.

It could take 12 to 18 months to see tangible business benefits if a company goes down the path of building a new capability internally, whether by recruiting new talent or training a team in-house. By the time the capacity is built and value is gathered from the team, the competitive differentiation is significantly diminished or even lost.

Buy the Capability, But Buy Smart
We encourage companies to consider choosing not to fight the big data talent battle. Companies can leverage the skills, tools and infrastructure of industry leading partners to create an outcome-based relationship, dramatically reducing time to market to capture the sought after competitive advantage. This allows companies to gain a dynamic competitive advantage that returns business results quickly before the advantage disappears. 

Business results can typically be realized in less than six months by leveraging a service provider to significantly reduce time to market. However, the key is to buy smart. This means understanding what skillsets you need and at what capacity. You should hire for outcomes versus output—keeping the team focused on the value proposition. It is also critical to clearly understand the ebb and flow of your department and partnering with a team that can quickly flex to meet the demand.

Bottom line: time to market is critical. Waiting for supply and demand to come into balance often means losing sought after competitive advantage. In our experience buying capacity is the better, faster route when you buy smart.


Big Data/Analytics Acceleration and Capto Dogfooding …

Recently, we here at Capto had the opportunity to “eat our own dog food” at one of our clients, a Fortune 100 company. In the middle of a Capto-designed Business Intelligence (BI) Analytics Acceleration Program—part of our Synaptic methodology—our client’s big-data analytics leader accepted a position in another area. The VP in charge of BI asked us to step in and fill the leadership void in the analytics team. This meant that we were tasked with

  • Running the day-to-day aspects of the department
  • Implementing our Synaptic innovation programs
  • Implementing, in detail, the organizational change management and process tasks we had designed
  • Hardening and putting into production architectural modifications to the Big Data/Hadoop environment
  • Working with the team’s sourcing partner to implement the accelerated innovation program to quickly identify and deliver Big-Data analytic solutions to the business community.

While we pride ourselves on leveraging academic research and in the strategic value we bring to our clients, it is the implementation of the strategy that proves our methods and forms the cornerstone of our approach to building, refining, and socializing the Synaptic methodology. Not only does this opportunity demonstrate our commitment to our methodology, it gives us first-hand experience in executing our own program. In short, we love to eat our own dog food!


Cyber Security: Leveraging an Audit to Reduce Risks

Cyber security has garnered substantial media coverage in recent weeks, and CIOs and CISOs (chief information-security officer), along with their bosses, are probably wondering if they are doing enough to protect their company’s mission-critical data/information.

If you want to know if you are doing enough, conducting a security assessment/audit is a great place to start. But the key to assurance is on the back end—taking prescriptive steps for mitigating risks the audit uncovers and considering the use of a Managed Security Services (MSS) provider.

The flow of a security assessment/audit looks like this:



> Discovery—During this phase, the auditor performs reconnaissance to identify the client’s infrastructure and obtain information, both public and private, about the target environment.

> Target Profiling—Using the information obtained during the discovery phase, the auditor further evaluates the client’s infrastructure in order to develop a targeted testing approach.

> Examination—This is the phase where the auditor conducts detailed vulnerability scans against the prioritized target groups. Usually the auditor will use a combination of commercial, open-source, and proprietary tools. The objective of this phase is to identify potential security vulnerabilities that affect the client’s overall security posture.

> Risk Validation—The auditor reviews the vulnerabilities to determine their impact on the client’s overall security posture and performs targeted penetration testing that focuses on the high-risk vulnerabilities. Exploitation of these vulnerabilities often yields access to critical systems and sensitive information vital to the client’s operations. The objective of this phase is to provide the client with a clear understanding of the risks associated with the identified vulnerabilities.

> Evaluation—The auditor evaluates the security impact of the identified vulnerabilities as well as the effectiveness of applicable remediation procedures. The auditor should prioritize vulnerabilities based on a combination of factors, including previous experience, ease of exploitation, impact to the client’s overall security posture, and the required remediation effort. The deliverable for this phase should be a roadmap for remediation that can be effectively executed. Most importantly, you should ensure that the auditor presents the findings in a clear and detailed manner.

Some vendors add an assurance phase consisting of ongoing assessments to ensure that the remediation and mitigation steps outlined in the evaluation phase have been properly implemented.

In summary, it is helpful to think of cyber-security audits as an end-to-end process which not only raises the level of awareness regarding risks/vulnerabilities, but is also prescriptive in what proactive steps are necessary to reduce risks.

“An ounce of prevention is worth a pound of cure.”

― American Remembrancer, 1795

From Audit to Implementation:

For companies ready to take the next steps towards implementing a means for keeping their sensitive and mission-critical company information secure, one option is to seek assistance from a Managed Security Services (MSS) provider. Gartner defines MSS as “the remote monitoring or management of IT security functions delivered via shared services from remote security operations centers, not through personnel on-site.”

We recommend selecting two top-tier providers, one to manage the environment and one to conduct the assessment and review and to oversee the deliverables promised.

A key benefit to outsourcing is fast deployment of functions of that do not fit into a company’s core competency, yet must be done well. Another benefit is reduced costs. MSS are available at a fraction of the cost (hardware, software, and staffing) of adding capabilities in-house.









Getting to Know Managed Security Services recently ran a story about outsourcing trends that pointed to “a growing appetite for managed security services” due to the rising complexity and volume of cyber threats. Keeping the enterprise secure is becoming a primary consideration over other business initiatives.

With the increased focus on security, it is important that business and IT leaders understand Managed Security Services (MSS)—what they are, when to use them, and how to maximize the outcomes of a company’s outsourced MSS efforts.

What are Managed Security Services?

Gartner defines managed security services as "the remote monitoring or management of IT security functions delivered via shared services from remote security operations centers, not through personnel on-site.”

MSS broadly includes:

  • Monitored or managed firewalls or intrusion-prevention systems (IPS)
  • Monitored or managed intrusion-detection systems (IDS)
  • Distributed denial-of-service (DDoS) protection
  • Managed secure messaging gateways
  • Managed secure web gateways
  • Security information and event management (SIEM)
  • Managed vulnerability scanning of networks, servers, databases or applications
  • Security vulnerability or threat notification services
  • Log management and analysis
  • Reporting associated with monitored/managed devices and incident response

Firewall/intrusion prevention, intrusion detection, and log collection form the core of most MSS engagements. The Fortinet survey referenced in the piece confirms that, noting over three-quarters of IT leaders in large enterprises say “functions like firewall, IPS and email protection would be suitable to apply to an outsourcing strategy in their organization.”

Why Outsource Managed Security Services?

The primary reasons companies seek a MSS provider are:

  • Improved visibility to threats: An experienced MSS provider has trained specialists with the tools and know-how needed to deal with potential issues/threats and can do so in a timely manner.
  • Advanced security or compliance demands: In some industries, like financial services and healthcare, there are strict compliance requirements and specialized requirements. A MSS provider who has deep knowledge of those industries can quickly and efficiently ensure their client is operating by the book. Also, since cyber security is their area of expertise, these specialists will have access to innovations and leading-edge technologies that can be rapidly deployed.
  • Accelerated Time to Market: A key benefit to outsourcing is fast deployment. The services mentioned above probably do not fit into a company’s core competency, yet they must be done well. Rather than climbing a time-consuming learning curve, hiring a seasoned MSS provider can ensure all the necessary security requirements are met quickly.
  • Reduced Costs: MSS is available at a fraction of the cost (hardware, software, man-power) of adding capabilities in-house.

A recent study calculated that a large investment management firm achieved a return on investment of 109% and cost savings of $3.36 million, with a nearly immediate payback period, by partnering with an MSS provider.

The report concludes that the organization achieved comprehensive, enterprise-level security monitoring at a lower cost than the alternative of implementing and maintaining an in-house, 24x7 security operations center. The firm also achieved a lower risk of loss due to security breaches and were better able to track security performance for audits and reporting, thus building credibility for their security program within the organization and with customers.

Source: “The Total Economic Impact Of Dell SecureWorks’ Managed Security Services,” a commissioned study.

How to Use Managed Security Services:

When considering whether or not to bring an MSS provider on board, it is important to engage an advisor who can assist in the following areas:

  • Conducting an MSS provider assessment to ascertain how ready your business is for outsourcing MSS and to determine which provider best fits your company’s needs, competencies, and culture.
  • Communicating the cost/benefits at the executive level so management understands all relevant aspects of implementing proposed services.
  • Determining and explaining what changes are needed in your environment for successful implementation of an MSS.
  • Deployment, implementation, and integration; which includes provider selection, contracting, and implementation support of the provider offerings.

Also, make sure that your advisor, as well as the candidate service providers, are communicating in a concise, jargon-free manner. Business terms should be clearly spelled out: what am I getting, for how much, and what are the risks?

Selecting a Managed Security Services Provider:

We recommend that companies pick at least two top-tier providers:

  • One for managing the environment
  • One for assessments, testing, reviews etc. for ensuring services deployed are performing as promised.


Keeping to the progressive, outcomes-based, SYNAPTIC thinking we use here at Capto, we highly recommend that the contracts with MSS providers structure incentives and payment schedules based on reviews, penetration tests, etc.


Closing Thoughts:

It is no surprise that keeping sensitive and mission-critical company information secure has moved to the top priority among those managing enterprise IT functions.  By moving swiftly and proactively to outsource MSS that includes both crisp communication and checks and balances, you can better prepare for the threats that are increasingly part of doing business in today’s dynamic, global environment.

Our Story

We founded CAPTO Consulting on the premise that technology investments far too often fail to meet their operational or economic objectives. Our experience on both sides of the equation—in leading strategic technology investment initiatives for Fortune 200 companies and in having held executive-level positions at leading service and technology providers—has taught us that the technology ecosystem MUST perform to higher standards of timely, predictable, value-driven performance.

Our methodology, SYNAPTIC, was born out our private equity practice and shaped over time to drive solutions to our customers at the speed of thought and benefiting from our diverse, multi-disciplined background to make cognitive connections necessary to knit together the components necessary for differentiating outcomes...


Read More