Booz Allen Commercial delivers advanced cyber defenses to the Fortune 500 and Global 2000. We are technical practitioners and cyber-focused management consultants with unparalleled experience – we know how cyber-attacks happen and how to defend against them.
Our strategy and technology consultants have empowered our international clients with the knowledge and experience they need to build their own local resources and capabilities.
In facing challenges of modernization, our Middle East and North Africa clients have complex requirements that benefit from our proven experience in guiding major programs and projects for governments and private-sector organizations. The services we offer in UAE, Qatar, Egypt, Turkey, Kuwait, Morocco, Jordan, and other regional countries build on our consulting legacy.
Our clients call upon us to work on their hardest problems—delivering effective health care, protecting warfighters and their families, keeping our national infrastructure secure, bringing into focus the traditional boundaries between consumer products and manufacturing as those boundaries blur.
Booz Allen was founded on the notion that we could help companies succeed by bringing them expert, candid advice and an outside perspective on their business. The analysis and perspective generated by that talent can be found in the case studies and thought leadership produced by our people.
Learn more about Booz Allen's diverse culture and environment of inclusion that fosters respect and opportunity for all employees.
We've come a long way delivering innovative solutions. But our next chapter is still being written.
Our 22,600 engineers, scientists, software developers, technologists, and consultants live to solve problems that matter. We’re proud of the diversity throughout our organization, from our most junior ranks to our board of directors and leadership team.
Booz Allen takes pride in a culture that encourages and rewards the many dimensions of leadership—innovative thinking, active collaboration, and personal service. We’re particularly proud of the diversity of our Leadership Team and Board of Directors, among the most diverse in corporate America today.
February 13, 2014
Today’s chief information security officers (CISOs) and Chief Risk Officers are in the midst of many changes that are greatly impacting how their organizations, whether public companies or government agencies, respond to and prepare for cyber threats. It was only a few years ago that the industry was moving toward making the role of the CISO an executive-level position. Now, the conversation has evolved to breaking down the Tower of Babel that exists in many organizations between the server room and the board room.
I often have the privilege to speak with CISOs at industry events, such as the upcoming RSA Conference, one-on-one. Regardless of the setting, regardless of the industry, whether private or public, CISOs tell me that they see the imperative to translate their cyber concerns, plans and needs in a manner that CEOs and board members understand. In addition, CISOs are beginning to understand that the fast-paced and relentless nature of cyber threats demands immediate delivery of the information and intelligence to enterprise leadership that is actionable, real-time and easily interpreted into business risk decisions.
Recently, the CIO Journal printed an article I wrote on this subject, where I identified the future for CISOs and Risk Officers. I said they need "to accept and understand that a remediation-centric cyber defense is not enough, and to build a communications link to the C-Suite…Organizations need to change their entire security model from one of compliance – meeting basic standards for data protection – to a holistic multi-faceted program of engagement.”
To help their organizations not just survive, but also thrive, CISOs must embrace their responsibility to set the path for their organization’s holistic cyber risk management program. It is important for CISOs to consider the roles and responsibility of the C-suite and determine whether it is appropriate for leaders to manage every component of a holistic cyber defense - intelligence-based monitoring, crisis management, remediation, legal, insurance, crisis communications, organizational planning, staff training, etc. The alternative is to collaborate with a provider who can apply broad expertise to the aggregate. My belief is that sharing risk with others is almost always the better solution.
How can we make this work in today’s threat environment? You can read the day’s news headlines to appreciate the challenges that the CISOs and leadership at some of our largest public companies – Target, Neiman Marcus, and JP Morgan– must address. It is one thing to know what to do in cyber security, but given how quickly events occur and the impact on brand reputation, it is just as important to work out ahead of time how to do it. CISOs can learn a lot from the experiences of others and apply that knowledge to a holistic evaluation of the true effectiveness of their cyber security risk management program.