LA Cybersecure Pilot

The following is from our grant proposal to the Center for Internet Security: SecureTheVillage will launch an action-focused Pilot Program to measurably improve the cybersecurity practices of participating small and midsize organizations. We will also develop a strategy and budget for a scalable Program to extend the Pilot throughout the Los Angeles region.

The Pilot Program is for small to midsize organizations, businesses, nonprofits, and IT service providers (IT/MSPs).
We are looking for 50 organizations with 1 to 500 employees, contractors, or volunteers. 

● 25 IT and Managed Service Providers (IT/MSP)
● 25 small and medium-size organizations, both for profit and nonprofit.

These questions will give you an idea of the kinds of organizations that fit our program. A “yes” to any of these suggests one should consider our program.
● Do you store people’s personal data or other private / confidential information in your computer systems? .
● Do your clients / customers expect you to have quality cybersecurity controls?
● Would a computer breach harm your reputation?
● Would a computer breach cause your employees undue stress and fear?
● Would you be unable to serve your clients / customers if your computer systems were down?

While we have a preference for organizations in the greater Los Angeles area, the program is open to organizations in other communities as well.

SecureTheVillage is launching our Pilot Program to help small and midsize organizations better protect themselves against the cybercrime gangs that prey on them.

If you’re a small or midsize organization, you struggle with cybersecurity.You don’t have a lot of resources. You have little time. This makes you ripe targets for the cybercrime gangs. 

The situation is even more challenging if you’re a small or midsize nonprofit. You face all the cybersecurity dangers of for-profit businesses with even fewer resources and less money. 

If you’re a small or midsize IT or managed service provider (IT/MSP), you also struggle with cybersecurity. Even as you offer cybersecurity solutions to your clients, you know you have weaknesses and you know you have to keep getting better. And you would also like to profit in the marketplace as you strengthen your security.

Our why is to help you. We magnify, we amplify, your cybersecurity investment. 

Our program will result in greater protection – higher security – than you could achieve on your own with your resources. We are what the military calls a “force multiplier.” 

In addition to helping you, we also want to learn from you. To understand how to scale our program throughout Los Angeles and the country, we need your feedback. This is a Pilot Program for a reason: No one has ever tried to do what we’re doing. 

The Center for Internet Security gave this grant to SecureTheVillage because they believe our Pilot Program approach may help the nation turn the tide on cybercrime and the cybercriminals.

It’s new. And it’s necessary.

And this brings us to the final thing we are looking for. We are looking for organizations who enjoy creating new solutions, who like working collaboratively on difficult challenges, and who want to be part of something bigger than themselves.

If this is you, we encourage you to review the rest of this program description and apply to our Pilot.

The Pilot Program builds on the work of our Program Partners: The Cyber Readiness Institute, Sightline Security,and our funder, the Center for Internet Security. (SecureTheVillage, the Cyber Readiness Institute, Sightline Security, and the Center for Internet Security are all members of Nonprofit Cyber, a first-of-its-kind coalition of global nonprofit organizations to enhance joint action to improve cybersecurity.)

We based the Cybersecurity Leader role on the Cyber Readiness Institute’s Cyber Leader. Our coaches have been trained by the Cyber Readiness Institute in their coaching model. Our cohort model builds on the work of Sightline.

Cybersecurity Leader: Each participating organization will appoint a person to the role of Cybersecurity Leader. This is a leadership role. It is not a technical position. The Cybersecurity Leader is not expected to have any technical skills.The Cybersecurity Leader may be in finance, HR or even a sole-proprietor.

The Cybersecurity Leader leads their organization through the Pilot Program. The Cybersecurity Leader participates in the monthly Cohort meeting. 

The Cybersecurity Leader is a role, not a full-time position. While large organizations have a full-time information security officer, small organizations have neither the resources nor the need for a full-time information security officer.

Coaches: Each Participant will be supported by a Coach, familiar with the overall Pilot Program process and materials. The Coach will check in with the Cybersecurity Leader weekly to review progress, answer questions, and provide guidance.

Coaches
1. Advise Participants regarding the Program requirements.
2. Support participants in completing the Cyber Readiness Program.
3. Participate in Cohort meetings of their Participants and other activities. 

Cohorts: Cybersecurity Leaders will be organized in Cohorts. Each Cohort will have 5 Cybersecurity Leaders who work together improving their organizations’ cybersecurity readiness. A Cohort will either be 5 IT/MSPs or a mix of for-profit and nonprofit organizations.

Cybersecurity Leaders will participate in monthly Cohort meetings. These monthly meetings are the primary education and training elements of the Pilot Program. 

Each Cohort will be supported throughout the program by a trained Coach. 

The Pilot Program is 6 months, spread  over two 3-month phases.  

Phase 1: Educate and Assess
During Phase 1, Business and nonprofit participants will go through Sightline Security’s KickStart Program and the Cyber Readiness Program from the Cyber Readiness Institute. Participants will receive training in – and be assessed against – the National Institute of Standards and Technology’s Cyber Security Framework (NIST CSF). These have been specifically customized to the needs of small and midsize organizations, including nonprofits, by Sightline Security. Included in the Cyber Readiness Program from the Cyber Readiness Institute are four basic policies, staff awareness training, and completion of a basic incident response plan. Upon completion, participants will receive a Cyber Readiness Institute Certificate of Completion.

During Phase 1, IT/MSPs will receive training in the Center for Internet Security Critical Security Controls (IG1 and some IG2). They will also conduct a self-assessment of their organization’s implementation of the controls.

Phase 2: Implement. Participants will implement the prioritized Phase 1 improvement objectives from their assessment. To what extent organizations are able to complete their improvement objectives is one of the major unknowns we expect the Pilot Program to shed light on. Those participants who complete their improvement objectives will receive the SecureTheVillage CyberGuardian^TM Certificate of Completion. 

A key benefit of our Pilot Program Cohort strategy is our objective to minimize the time a Cybersecurity Leader must invest in the program. We want to make cybersecurity easy to manage.

Monthly Cohort meetings: 90 minutes.

Phase 1: The Cyber Readiness Institute estimates that Phase 1 to take 2 – 3 hours of the Cybersecurity Leader’s time over a period of 4 – 6 weeks. Phase 1 also includes company-wide awareness training, which consists of five short training videos, each 2 – 3 minutes in length.  According to Sightline Security, Cybersecurity Leaders can expect about 7 hours of total time commitment over 6 – 8 weeks. We expect it to be similar for IT/MSPs, but this is currently unknown and one of the key questions the Pilot is designed to answer.

Phase 2: The time investment for Phase 3 will be customized to each Participant organization, as it is dependent on the specifics of the organization’s needs, its particular risks, and its current security capability. The amount of Cybersecurity Leader time required in Phase 3 is one of the major unknowns we expect the Pilot Program to shed light on.

Our program features a unique combination of high-value and low-cost.

Powerful cybersecurity foundation: Our program is built on a foundation of nationally recognized cybersecurity frameworks, including the NIST Cyber Security Framework and the controls of the the Center for Internet Security Critical Security Controls.

Designed for small and midsize organizations: Our program has been specially curated to meet the unique needs of small and midsize organizations, including the extra-special needs of nonprofits. We’re supported in this by our nonprofit colleagues, the Cyber Readiness Institute and Sightline Security.

Based on a team-based scientifically-sound learning foundation: Our team-based program utilizes scientifically-sound learning methods designed to support the special cybersecurity management challenges in smaller organizations.

Learn by doing: Participants will improve their organization’s cybersecurity by implementing cybersecurity practices.

Learn in community: By working together, we expect participants will learn together, help each other, and challenge each other to do better.

Teamwork: Our Cohort delivery model takes advantage of the human value of working in teams, both collaboratively and competitively. By working in teams, we expect participants will learn together, help each other, and challenge each other to do better.

Make a difference: LA Cybersecure is about making the LA region the cyber-safest in the nation. By being part of our Pilot, you’ll be part of this ground-breaking first-of-its-kind intitiative.

These features are expected to yield the several valuable benefits.

Protect Your Business or Nonprofit: Better protect your organization. Lower your likelihood of a costly incident. Minimize the impact of an attack.

Maximize Your “Bang for the Buck.”  Measure your cybersecurity against cybersecurity best practices to better inform your decisions on what to improve. Know your relative strengths and weaknesses. Prioritize improvements.

Boost Cybersecurity Confidence: By measuring your cybersecurity against cybersecurity best practices and focusing on high impact improvements, you will have confidence in your program. You will know your relative strengths and weaknesses and prioritize improvements.

Gain Operational Efficiencies: Our experience is that organizations gain increased operational efficiencies as they improve their cybersecurity. 

Earn CyberGuardian^TM Certificate: Participating organizations will earn the new SecureTheVillage CyberGuardian^TM Certificate. The CyberGuardian^TM Certificate demonstrates commitment to managing cybersecurity. This will increase customer confidence, help you grow your business, and improve your cyber-insurability. Nonprofits will increase donor and grantor confidence in your sustainability.

Improve your cyber-insurability: The documentation developed as you earn the SecureTheVillage CyberGuardian^TM Certificate demonstrates your cybersecurity practices to underwriters.

Access to Support Tools: SecureTheVillage anticipates making support tools available as they are identified by Participant Cybersecurity Leaders. Cybersecurity Leaders will have access to SecureTheVillage’s Slack site. Cohorts may also have a private Slack Channel. Cybersecurity Leaders will receive a workbook for managing their assessment and improvement efforts.

Through our grant from the Center for Internet Security we are able to subsidize the costs to participate in the Pilot Program, charging only a small registration fee.

Small and midsize businesses, including IT/MSPs: $250 registration fee.

Small nonprofits: $125 registration fee.

By managing the security of your clients’ IT networks, IT/MSPs occupy a special place in the cybersecurity ecosystem. This means the more effective you are at building your business, the faster we will secure the community. This makes the growth of your business a key component to the success of LA Cybersecure.

To take advantage of your improved cybersecurity capability, our Pilot Program includes a special 12-month Business Development Roundtable designed to help you grow your business via a hands-on training and coaching program to increase sales to existing clients and to increase your new client conversion rates, the percentage of high-value prospects who become clients.

The Business Development Roundtable is led by William Leider. Bill is Managing Partner of the Axies Group and the author of Mastering Your Balance: A Guide to Leading and Living at Your Full Potential. 

Bill is a master at hands-on training and coaching technical people to use the science of story-telling to more effectively connect with clients and prospects. Over the course of his career, Bill has helped Fortune 500 and smaller companies succeed at this.

This program is not a magic silver bullet. It is a challenging program requiring ongoing commitment and the will to learn new skills that you likely haven’t yet developed or are not yet using effectively. This program will take you and your people out of their comfort zone.

Given the nature of this challenge, we require participants to make a commitment. Participation in the Business Development Roundtable to grow your business has a price of $1,500 a month. Through our resources we are able to subsidize a total of $1,300 a month. This makes the net price $2,400 for IT/MSPs for the 6-month Pilot Program and for 6-months thereafter. 

Send an email to Pilot@SecureTheVillage.org with the following information, or fill out the form below!

1. Organization name
2. Organization address: Street, city, zip
3. Organization website
4. Name of Cybersecurity Leader or other Point-of-Contact
5. Point-of-contact phone and email
6. Industry
7. Size: Number of staff (W2s and 1099s)
8. If you are not an IT/MSP: Name of your IT/MSP (or describe what you do for IT support)
9. Describe the work your organization does
10. Describe why you want to join the Pilot Program
11. How did you hear of us? Who referred you?

After reviewing your application, if we find you are a good fit for our Pilot Program, we will assign you a Coach.

We will also review your information for the purpose of putting you in a Cohort with other participants that are similar to you. 

Our objective is to assign you to a Cohort as soon as one becomes available for which you are a fit.

Generally, we anticipate creating Cohorts whose participants are approximately the same size and with similar circumstances.  All other things being equal, we also hypothesize that Cohorts will be more effective if all participants are in the same or adjacent industries.