Why Certify: Steven Drew

Why Certify:

March 25, 2003

Forward by Stephen Northcutt:
Last year, I learned about a company, LURHQ, that requires employees to either possess a relevant certification, or acquire one soon after being hired. LURHQ felt that their certification requirement gave them a long term competitive advantage and since this is one reason they continue to grow in the market, GIAC is interested in following their progress. Chief Operating Officer, Steven L. Drew, GCIA. Mr. Drew joined LURHQ in December 1999 with responsibility for managing LURHQ's team of network security engineers and the delivery of all LURHQ services. Mr. Drew started his career at Horry Telephone Cooperative (HTC) where he was responsible for the roll out of several service offerings including Integrated Services Digital Network, Internet Service Provider and Asynchronous Transfer Mode data service. Before leaving Horry Mr. Drew developed and managed HTC's network operations center. Mr. Drew is a GIAC Certified Intrusion Analyst. In addition, he holds a BS in Computer Engineering from Clemson University and an MBA from Winthrop University.

1. Forgive me, but I just have to ask, where did the name LURHQ come from? And how long have you been in the information Security space?

Our Founder, Tony Prince, has been involved in the security industry for last 10 years. While at Trusted Information Systems, he saw that organizations had limited resources dedicated to security and recognized the need for Managed Security Services. So in 1996, he created LURHQ to address this market need. The name LURHQ really does not stand for anything, although most think it's an acronym when they see it. LURHQ was merely the product of a brainstorming session that Tony and his team had back in 1996. It is pronounced, lur-ick'.

2. Many people are wondering if a Security Certification really makes a difference in the way you conduct your day to day business and if it makes your client's feel more confident in your knowledge base expertise and incident handling response?

Absolutely. The difference is felt in many ways. The GIAC Certified Intrusion Analyst training and certification validates that our staff has the skills necessary to effectively analyze and respond to security events across multiple platforms. Our customers see the certification as a strong third-party validation of our skill sets.

All new Intrusion Analysts that monitor client networks are required either to hold a relevant GIAC certification or obtain one within 90 days of employment. Because all of our analysts hold the certification, our team, and consequently, our service delivery is strengthened by this common knowledgebase. This promotes consistent analysis and response to security events against our Incident Handling Process. On the back end, each analyst understands the methodologies and analytical techniques another team member used to arrive at a certain conclusion.

3. Can you share how the decision was made for your team members to obtain GIAC Certifications and the value of such certification?

Effective delivery of our services depends on quality in people, process and technology. Our clients require proof of our capabilities in each of these areas. We found that we are able to validate process and technology easily with third-party audits and demonstrations. However, we needed some way to validate our employee's abilities to effectively manage client threats. The GIAC certifications were chosen to fill that role, as well as providing an effective training mechanism to increase our Intrusion Analysts proficiency at incident identification and response.

4. Does having a team of 100% GIAC certified analysts help you win the sale when you compete with other managed services companies?

Absolutely. We have actually begun to see an increase in the number of Managed Security Request for Proposals list the GIAC as a requirement to be selected as a finalist. The awareness of the GIAC and the knowledge it delivers has definitely risen in the marketplace. More and more companies, at least when evaluating a providers Intrusion Analyst team, look for the GIAC over other certifications, such as the CISSP. We expect this trend to continue for the foreseeable future.

5. I can't help but notice some of the information posted in your research section, http://www.lurhq.com/technical.html. Looks a lot like excerpts from GIAC practical assignments, does this help draw people to your web site?

We definitely leverage the work our staff has done to attain their GIAC certifications to increase our website traffic. The level of quality required for GIAC research projects is set very high by SANS' GIAC team. Because of this focus on quality, our Analysts create reports that are very useful to security practitioners all over the globe. We combine these reports with some of the Threat Intelligence produced by our researchers to provide useful, actionable and vendor-neutral information to the security community. This information has been a solid source of leads and brand awareness for LURHQ.

6. Do you think any of your team members will attempt the GSE Certification?

We currently have no plans to mandate the GSE Certification at LURHQ. Our Intrusion Analysts are very focused on incident identification and response so we feel that the GIAC Certified Intrusion Analyst Certification provides them with the knowledge they need to succeed. However, we do have a couple of GSECs on staff and encourage all non-SOC personnel to consider this certification in order to gain a fundamental understanding of security and why it is important to our clients.

7. Where do you think your company will be in two years... and in five years?

LURHQ has continued to experience rapid growth since its inception in 1996. In two years we see LURHQ prevailing as one of the top providers of Threat Management through an integrated suite of Managed Security Services that encompass the key operational security elements of prevention, early warning, discovery and assessment, and detection and response. Over the next 5 years, LURHQ will remain focused on our integrated suite of services and our service delivery strategy to provide a more effective and hassle-free solution, resulting in unmatched value for our customers.