InPhySec: A Business Specific Approach for Corporate Security

The cyber security and the wider security sector is changing, clients are becoming more discriminating and one-size-fits–all solutions are proving to be unsuccessful. There are no magic bullets or complete ‘packaged solutions’, security challenges need to be managed against business needs. At the same time, there is a shortage of security skills and expertise affecting this sector. At an organizational level there is often a real misunderstanding between management and the technical teams about security risks and how to address them. Marc Barlow, Consulting Partner, InPhySec says, “The IT People don’t speak business language, and the business people don’t speak IT language.”

InPhySec’s approach tackles these problems directly. As one of New Zealand's leading information and physical security consultancies, InPhySec has carved a niche and delivers relevant and appropriate security advice with a strong commitment to reflecting clients’ business context needs.

InPhySec serves a mix of both government and private clients. InPhySec offers a complete range of support including policy advice from Board and CEO level through to technical and forensic support. The company provides information and physical security consultancy that addresses; certification support to a number of standards (NZISM, ISO27001, PCI-DSS), policy preparation and support through to forensic investigation, and a specialized suite of technical services for its client organizations. With the help of its continuous monitoring and incident response capability, InPhySec keeps its clients aware of the impending threats and can provide appropriate response actions and procedures.

The company also works to support its clients to build a deeper knowledge of the risks they face and the responses they might want to use. Ian Fletcher, Managing Partner of the firm says, “We focus on two guiding principles—the first thing is to be realistic about our client organizations.

It’s important for us to work with them at the point they are at, rather than the point they imagine themselves to be at. And the second part is that we are trying to move our clients towards understanding that a continuous threat requires continuous assurance to manage cyber risk and physical security risks day by day.”

InPhySec starts with a deep and professional set of technical and management skills, developed at senior levels, which set it apart from traditional consultancies. InPhySec’s team is drawn from the Defense, Law Enforcement, and Intelligence sectors, and the company’s experience and knowledge are at the leading edge of cyber and physical security.

As it looks at its clients’ needs, InPhySec is also clear that it will continue to integrate information and physical security advice to address business risks. It is also clear that international standards, like ISO27001, will play a significant role in defining acceptable risk management for information systems. InPhySec will continue to be very well placed to advise in this area.

Looking ahead, the company will grow as it attracts the right people with the right skills and values that fit its culture. “Picking our colleagues thoughtfully is a big part of our story. I think that the long term success in this business is all about skills. Technology comes and goes; skilled security professionals are our backbone,” concludes Marc Barlow.