Seperating the Men from the Boys
Do you hire security consultants? Perhaps you are one... Wim from Belgium is this weeks guest and fires torpedoes into what some consultants today consider as 'established practice'. As with many things in life, just because everyone else is doing it, doesn't mean you have to follow. It all comes down to how you define value. Value for your customer or some deluded sense of self-value hinged on the "latest and greatest" vendor. By Wim RemesI enjoyed reading Balazs' post a few weeks ago and what he was telling us was nothing but the truth. I would like to expand on the subject and maybe wake up a few more dogs while rattling the cage. That's what we are here for. Sure, we see customers every week coming to us because they have a particular problem and they think they need a point solution for that. Do you see what the key word is there? Right, it is "think". They call us, to consult them in their choice. Now, consulting has changed a lot in the past years. Where we actually built solutions from the ground up about a decade ago, we are now led by marketers and companies with a big budget which have build an ecosystem around them of silver, gold and platinum partners who are rewarded when they sell those specific solutions, wait, I mean products. In the process, they have actually dumbed down the consultants that were once bright and inventive people by feeding them product-specific certifications. Nowadays, you rarely find a "perimeter" specialist. You will find tons $vendorname certified engineers though. You, as a customer can act against this trend. How? By stating your problem clearly followed by a deafening silence. Why?
Because this way, you'll know what you're partner is about. If he starts throwing marketese at you, you will know he learned this from going through a bunch of white papers and computer-based trainings and someone was probably holding his hand while he clicked on a,b,c or d for the multiple choice exam. The partner you are looking for will solve your problem, depending on the complexity of it, combining several point solutions, tied together to actually improve your security posture. He will combine well-known and lesser-known commercial products and won't hold back to integrate open source products. What is most important though, he will have a clear answer to every question you ask and he will know which part of the new infrastructure fits which purpose. Also, as his solution will probably not exactly be what you had in mind, he will do his best to explain why he made surprising choices. I hope to see an rise in the number of consultants, or whatever you call yourself, that return to the beautiful art that is information security. Not by adding another certification to their wishlist but by starting to offer real solutions for real problems. Thinking out of the box is not a trend, it is what separates the men from the boys and that, my friends, is what our customers are looking for: Real men creating real solutions to solve real problems.
Because this way, you'll know what you're partner is about. If he starts throwing marketese at you, you will know he learned this from going through a bunch of white papers and computer-based trainings and someone was probably holding his hand while he clicked on a,b,c or d for the multiple choice exam. The partner you are looking for will solve your problem, depending on the complexity of it, combining several point solutions, tied together to actually improve your security posture. He will combine well-known and lesser-known commercial products and won't hold back to integrate open source products. What is most important though, he will have a clear answer to every question you ask and he will know which part of the new infrastructure fits which purpose. Also, as his solution will probably not exactly be what you had in mind, he will do his best to explain why he made surprising choices. I hope to see an rise in the number of consultants, or whatever you call yourself, that return to the beautiful art that is information security. Not by adding another certification to their wishlist but by starting to offer real solutions for real problems. Thinking out of the box is not a trend, it is what separates the men from the boys and that, my friends, is what our customers are looking for: Real men creating real solutions to solve real problems.
