Hard-to-find security skills and the rapid pace of malware evolution make a strong relationship with a managed security services (MSS) provider as important as maintaining the internal tools to keep business executives apprised of IT-security risk, Foxtel information security manager Kevin Shaw has advised. Properly informing those relationships, however, remains one of the security executive’s biggest ongoing challenges: different expectations, changing technologies, malleable business objectives – and the constant dread of being the one confessing a security breach to a risk and audit committee or angry CEO – all force security executives to be as proactive as possible when it comes to managing risk. “I want to know that if someone adds a new server, that I can come back through my actionable intelligence and confirm that box has the right agents, has been hardened for the criteria we’ve mandated,” Shaw said. Under Shaw’s guidance, Foxtel has maintained a long-term MSS relationship with Symantec, which provides extra skilled staff that not only keep apprised of new threats, but monitor the company’s infrastructure 24/7 for signs of malicious activity.