Accenture Continues To Build Cybersecurity Practice, Hires Former Fidelis CSO To Head Incident Response Practice
Continuing to build up its new cybersecurity unit, Accenture has hired former Fidelis Cybersecurity chief security officer Justin Harvey as managing director and global lead for the company’s incident response practice.
Accenture said Monday that in his new role Harvey will lead and expand the Dublin-based consulting company’s incident response and breach readiness solution team, which addresses the preparedness of client IT systems to handle security threat identification and eradication.
’My goal is to really help the existing global 2000 customers that we have … not only [to] just respond to threats, but also to build awareness and help these organizations get better," Harvey said in an interview with CRN.
[Related: Accenture Hires Former CIA Tech Exec To Head Its Federal Services' Cybersecurity Practice]
’It is not enough to simply respond to a breach or to remediate a compromised organization. What is critical here is how they recover and how they mature their own cyber defense programs,’ he said.
Harvey brings more than 20 years of experience in endpoint security threat detection and response, cyberespionage defense , security operations, incident response and threat intelligence to Accenture – No. 2 on CRN’s Solution Provider 500 list.
The security executive said his years of experience with such companies as FireEye, Hewlett Packard Enterprise security, Encari and Mandiant have spanned a number of industries, giving him and his team a clear understanding on how security can best serve each industry.
Harvey, however, said he believes that his team’s greatest differentiator is the way its members are able to think about client security breaches. ’We know the mind of the adversary,’ he said, explaining that his team works side-by-side with specialists from Fusion X - a cyber security company Accenture acquired in August of 2015 - who are trained to actively simulate an adversary looking to breach client systems and capture ’flags" - predetermined and agreed-upon targets of attack.
Red teaming, which is what the practice is called, is a way for organizations to test their security systems and processes, helping an organization close any gaps in its security efforts.
Working in tandem with the red team, Harvey said, helps his team to better understand the mind of the attacker, giving his team an edge when identifying and correcting a breach for Accenture clients.
’We know the mind of the adversary, we know how to respond to a target threat and we have domain expertise … we know exactly where to look,’ he said.
’Justin has a wealth of experience and cyber crisis management expertise in helping organizations in the commercial, government and defense sectors manage large-scale incident responses,’ Accenture Security Managing Director Kelly Bissell said in a statement.
’How a business manages the immediate aftermath of a cyberattack is just as important as what they do to prevent a breach from happening in the first place,’ he said.
The addition of Harvey to Accenture Security is one of several moves the company has made to focus on its security offerings since the division was launched in June and hired Deloitte executive Bissell to head the new unit.
Within the last two years, initially in preparation for the creation of its own cybersecurity unit, and later to bolster it, Accenture has acquired a number of cybersecurity companies.
In August of 2015,the company bought Arlington, Va.-based Fusion X. Then, in December of 2015, the company acquired Houston-based industrial IoT security specialist Cimation. In February 2016, the company acquired a minority stake in Israeli cybersecurity company Team8 and in March bought a minority share of Arlington, Va. -based Endgame.
In June Accenture closed its acquisition of Israel-based cybersecurity company Maglan. And just last Friday the company bought Arlington, VA-based Defense Point Security LLC, further expanding its federal security cloud offerings.
Accenture's creation of its cybersecurity unit combined all of its cybersecurity lines of business, previously scattered throughout the company's divisions, into a dedicated, standalone security practice. At the time Accenture predicted the new organization would bring in well over $1 billion in annual revenue – more than the $500 million to $1 billion the company previously brought in from security-related services – by addressing industry-specific vulnerabilities and growing Accenture's presence in such areas as mobile security and in traditional governance, and risk and compliance (GRC) consulting.