Like, what kind of challenges?:<\/strong> With today\u2019s ever-evolving cybersecurity threats and regulatory landscapes, you\u2019re pressured to meet cybersecurity compliance deadlines or react quickly to emerging threats, but you may not have a chief information security officer (CISO) or employees with the right skills to do the work.<\/p>\n Finding those people can\u2019t be that hard, right?:<\/strong> There\u2019s no shortage of companies offering cybersecurity services. The larger ones come with lots of bodies and a high price tag. Smaller firms offer cookie-cutter solutions that don\u2019t meet your needs.<\/p>\n Give it to me straight!:<\/strong> Centric Consulting Cybersecurity Senior Manager and Technical Lead Mike Hamilton says, \u201cI have a lot of clients who have been sold some snake-oil solution guaranteed to stop 100 percent of all breaches. We see this all the time. The marketing in this field is criminal.\u201d<\/p>\n OK, so now what?:<\/strong> Read this blog to learn how Hamilton and three of his colleagues \u2014 Jamie Rucker, Matt Kipp and Shane O\u2019Donnell \u2014 work collaboratively to be the right cybersecurity team with the right solutions for your most valuable digital assets.<\/p>\n In Rucker\u2019s view, a successful cybersecurity project<\/a> starts with a conversation \u2014 or dozens of them \u2014 not assumptions.<\/strong><\/p>\n \u201cIn a recent Centric engagement, I was blessed to have the person I was working with say, \u2018You need to talk to these 30 stakeholders and get an understanding of the perception of our risk team,\u201d he recalled. \u201cThat’s how I would prefer every single engagement to happen. Invite us in so we can get a good understanding of what\u2019s going on in the organization.\u201d<\/p>\n Rucker, a former senior program manager for security GRC at Salesforce and director of compliance management information systems at Navient, uses those interviews to build a framework for the assessment. He has experience with HIPAA, PCI DSS, GDPR and other leading security frameworks<\/a>. Decision points include:<\/p>\n <\/a>With the framework identified, Rucker uses his expertise in issues management, regulatory and compliance training, and policy management to help determine his client\u2019s GRC vision and develop their strategic roadmaps<\/a>.<\/p>\n \u201cWithout understanding what matters most to the business, even the most technically sound security analysis can miss the mark,\u201d Rucker added.<\/p>\n “My role is to boil things down to what makes sense in the real world,” Kipp explained. “Many organizations get overwhelmed by security frameworks because they seem abstract. I make them practical and implementable.”<\/p>\n Kipp\u2019s ability to simplify comes from his deep understanding of modern security challenges, built over his 20 years of risk-control experience. Those decades included serving as lead analyst for SAP GRC for General Motors, which gave him even deeper insight into enterprise-level security requirements.<\/strong><\/p>\n In his IAM role at Centric, Kipp:<\/p>\n \u201cThere\u2019s a lot of jargon, abbreviations and acronyms in the security field,\u201d Kipp said. \u201cMy goal is to help clients understand what we are testing for and then present our recommendations in clear, understandable terms.\u201d<\/p>\n Rather than overwhelming clients with security jargon, he presents findings in clear, understandable terms with realistic expectations.<\/p>\n “Most companies focus on flashy, advanced threats while neglecting the basics,” Mike notes. “Our job is to show them how attackers actually get in, which is usually through simple vulnerabilities and human error.”<\/strong><\/p>\n In addition to pen testing, Hamilton\u2019s technical expertise includes:<\/p>\n He uses both manual and automated techniques to thoroughly test client systems, networks, web applications, and infrastructure components. Regarding AI, Hamilton pointed out that its relationship with cybersecurity is complicated.<\/p>\n \u201cAI is everywhere<\/a> now \u2014 in our phones, in apps, in every Google search,\u201d he said. \u201cAs security experts, we do see how we can use it for offensive security and penetration, and it can automate many tasks.<\/p>\n \u201cHowever,\u201d he continued, \u201cwe also see AI as a huge attack surface and something that bad actors can abuse and manipulate. A hands-on keyboard threat actor probably needs to be dealt with by hands-on keyboard smart defenders who know how to use AI.”<\/strong><\/p>\n Besides, many attacks don\u2019t involve much technology at all. That\u2019s where Hamilton\u2019s experience as a correction officer comes into play.<\/p>\n \u201cWe\u2019ve successfully gained unauthorized access to secure facilities, including bank vaults and server rooms, by posing as repair personnel or using other social engineering tactics,\u201d he said. “Companies often have a false sense of security from expensive alarm systems, for example, which they haven’t properly tested. We kick the tires on those products to see if they actually do what they claim.”<\/p>\n “Our clients need cybersecurity that balances protection with practicality,” O’Donnell said. “We’re that middle ground between the big firms that charge premium rates and the budget providers that just throw bodies with cookie-cutter solutions at the problem.”<\/p>\n Through his leadership, O’Donnell ensures that:<\/p>\n O’Donnell’s background makes him especially suited for this leadership role. With extensive experience growing and mentoring high-performing technical teams, he understands both the technical and human aspects of cybersecurity challenges. However, he says Centric’s unique culture and approach to teamwork help the cybersecurity team achieve these objectives.<\/strong><\/p>\n “At previous places I’ve worked, the employees competed against their peers,” he said. “They were told, explicitly and implicitly, ‘You’re being measured against the person sitting next to you,’ and the metric often came down to speed. That doesn’t lead to the right team environment.<\/p>\n “When you’re looking for the right team,” O’Donnell concludes, “you need to find a place where everyone can succeed, not a place where people are judged on how quickly they appear to wrap up projects or the number of hours they log. Our focus on outcomes creates a healthier, more sustainable approach that leads to more secure systems for our clients.”<\/p>\n \n
\nWe Start With Conversations, Not Assumptions<\/h2>\n
![\"Centric](\"https:\/\/centricconsulting.com\/wp-content\/uploads\/2025\/05\/The-Right-Team_Trading-Cards_Cyber_Jamie.png\")
<\/a>“The first step is understanding the organization’s regulatory landscape and stakeholder needs,” said Jamie Rucker<\/a>, senior manager and governance, risk management and capability<\/a> (GRC) lead. “We meet with key personnel across departments to build consensus about what security means for their specific organization.”<\/p>\n\n
We Cut Through the Jargon<\/h2>\n
![\"Centric](\"https:\/\/centricconsulting.com\/wp-content\/uploads\/2025\/05\/The-Right-Team_Trading-Cards_Cyber_Matt-300x300.png\")
<\/a>With the framework, vision and roadmaps in place, Director of IT Risk and Cybersecurity Matt Kipp<\/a> \u2014 who is also an identity access management (IAM) and security frameworks expert \u2014 can then evaluate the organization’s existing security structure against industry standards.<\/p>\n\n
We Put Security to the Test with Penetration Testing<\/h2>\n
![\"Centric](\"https:\/\/centricconsulting.com\/wp-content\/uploads\/2025\/05\/The-Right-Team_Trading-Cards_Cyber_Mike-1-300x300.png\")
<\/a>While Rucker and Kipp focus on frameworks and governance, Mike Hamilton puts his clients\u2019 systems to the test. Centric\u2019s senior manager and technical lead for pen testing<\/a>, Hamilton brings a criminal justice background and mindset to identifying and exploiting vulnerabilities in clients\u2019 networks to show where the weaknesses lie.<\/p>\n\n
Seek a Cybersecurity Partner Who Values Results, Not Checklists<\/h2>\n
![\"Centric](\"https:\/\/centricconsulting.com\/wp-content\/uploads\/2025\/05\/The-Right-Team_Trading-Cards_Cyber_Shane-300x300.png\")
<\/a>As vice president of Cybersecurity Consulting Services, Shane O’Donnell<\/a> brings nearly 20 years of experience in GRC to coordinate the work of cybersecurity experts like Rucker, Kipp and Hamilton. His goal: to translate the team’s findings into actionable business decisions.<\/p>\n\n