Todd Willoughby and Daniel Gabriel are not necessarily looking for years of technology or security experience when they hire people for RSM US's managed security services team: They're looking for specific personality traits.
"Someone inquisitive, who doesn't accept the status quo," is how Gabriel, principal in security privacy and risk consulting at the Top 10 Firm, describes the ideal candidate. "We are looking for a profile of the individual — not necessarily someone with years of security experience."
Often, they will look at ex-military and ex-law enforcement personnel to fit this profile, he explained, as the firm can provide the technical education. "The team has put together a word-class apprenticeship and training program to support their development," Gabriel said. "We target talent differently than a lot of our competitors."
The RSM team has also been targeting talent to support RSM Defense, the global managed security operations service that the firm launched in June 2021, which has a team of roughly 50 people serving 200 clients — and adds 10 to 12 more clients monthly.
A unique mission
Gabriel — along with RSM Defense director and and threat operations leader Willoughby, and Steve Kane, managing director of managed security services — was brought onto RSM to build this service that had "a unique mission to solve for," he explained. "[RSM's] consulting covers the entire spectrum of market that RSM services, from small to midmarket-sized organizations, yet the team serves upmarket clients consistently, especially with cyber-related services. The platform the team built scales in both directions — to provide value-added solutions to both small and large organizations."
The solutions the firm delivers as a managed security service provider include threat detection, response and intelligence services in an "extended detection and response," or XDR, platform, among other services.
In assembling the team behind these cybersecurity services, Willoughby leaned into RSM's strong partnerships with nontraditional secondary education institutions, sourcing directly from certification boot camp programs with cybersecurity-specific trainings, and other programs such as Veterans2tech. "The programs at these institutions differ in investigative, critical thinking outside the traditional secondary education program," he explained. "It encourages them to be curious, and take the extra steps needed. The cybersecurity industry as a whole is in a global talent shortage. Our approach is to reverse this on its head. We get in there early enough with these talented individuals and change how they're looking at these cyberthreats."
RSM builds these relationships with candidates through industry events, school partnerships, and then internal training activities and events. "We get [candidates] exposed to our technology and curriculum, so that they come out of developer programs and schools ready to hit the ground running as actual practitioners," Willoughby shared.
"We have heavy partnerships with nontraditional secondary education institutions," Gabriel added. "Certification programs and not-for-profits develop talent [that] we find develops very strong practitioners."
The firm also partners with groups like Hiring Our Heroes, which helps place veterans in the civilian workforce. "They have a similar persona of being inquisitive and not accepting the status quo," Gabriel explained. "Veterans bring a varied and relevant background to what we are trying to do. The ideal candidate is not an MIS graduate from a four-year university."
"With law enforcement, they possess an investigatory mindset," Willoughby agreed, adding that even within this demographic, recruitment and training is rigorous: "There is a lot of vetting, and then a 12-week training program we put them in, before they even work on client tickets."
Whatever their background, after being hired and trained, some of these professionals join RSM Defense's threat engineering team, tasked with identifying system vulnerabilities.
"The engineers do the hard, heavy lifting of taking disparate sets of data and normalizing them into useful data sets for large companies' threat intelligence operations," Willoughby said, explaining that this can include scrolling the dark web to research the latest cybersecurity threats to "stay ahead as much as we can."
The latest risks, according to Willoughby, are not necessarily new, as business email compromise threats like phishing persist. The size of company these cybercriminals are targeting, however, has shifted,
"Who we've seen to be more susceptible is smaller entities overall," Willoughby shared. "The challenges we are seeing by enterprise, is the move downmarket. Some other trends are that, in the supply chain, the attacks continue to grow — they are not even targeting the company directly but the service providers, living-off-the-land attacks. Living-off-the-land, or LOTL attacks, are when they are blending into the already existing tools of the environment to make detections even harder on the defensive side. On the defensive side of the house, we have to get it right all of the time — the threat actors just have to get it right once. It's a challenging field to work in."
Attacking from all angles
It's also a competitive field, Gabriel noted: "The security monitoring space is heavily crowded by boutiques as well as large organizations," he said. "We operate like a boutique with the backing of a 100-year-old public accounting firm — we relate quite well with our client base. We're not going anywhere, which is an issue with other, newer firms that are fly-by-night … The level of trust and integrity [we have] as part of RSM, with the global backing — that helped accelerate our success in the marketplace."
Clients are also well served by RSM's collaboration across service lines, with RSM Defense clients having access to firm professionals in services like forensic accounting, AI, analytics and cloud services, among others.
"We're really spoiled here at RSM," Willoughby said. "With people knowing different cloud environments … If something goes wrong, we have go-to specialists internally."
With RSM's consulting arm comprising over 30% of the firm, according to Gabriel, there are a wealth of experts on hand, and they extend globally, both through RSM US and the firm's global network, RSM International. RSM Defense's services are currently offered in North America, Central America and Southwest Asia, but there are plans to expand that reach.
"RSM Defense is primarily driven out of the U.S. firm, but as we look on the horizon, the platform is going to a global underpinning for the broader firm, to provide a consistency of services across [RSM International] member firms," Gabriel shared. "Holistically, with the platform and how we deliver services, we will expand globally to different markets. We will bring in more individuals similar to Todd and his team, and bring them on regionally and upmarket; individuals who understand the culture, speak the language, and can expand the reach of services across the globe."
In any region, Gabriel stressed that their team is just one important part of RSM's larger consulting practice. "RSM Defense is one of many services, and it's exceptional what the team does, and has done in such a short period of time," he said. "There is so much more behind what we do that makes us an attractive offering to our clients. We don't have to direct our clients to someone else to help — we have internal teams ready to assist."
"It's quite funny to see in person," Willoughby added. "RSM Defense may have a client stressing about having third-party risk problems, and [we'll say], 'Hold on, we'll get someone on the phone from that team, an expert in that field.' It's interesting to see happen live." AT