What To Look For In A Security Consultant
Running a secure business means achieving organisational priorities in a fast-evolving landscape. This requires anticipation and adaptability.
Threats to business change rapidly and unpredictably, and your adaptability will be fundamental to your ability to sustain and improve security levels. You can only achieve this if your business environment and security strategy evolves based upon the latest expertise and technologies.
With that in mind, what are you looking for in a security partner?
Don’t tell me, show me
The best way to choose a security partner is to ask them to show you, in real-time, how they are protecting themselves. This allows you to evaluate a potential partnership and security strategies, including from a compliance perspective.
Multi-nationals and governments have the additional challenge of large previous investments and shadow IT, and the size and complexity of these environments must be acknowledged. A consultative approach for road-mapping can help large organisations to better understand their cyber security issues by identifying risks in their existing systems and processes.
Road-mapping on the basis of vendor agnostic thinking is fundamental to this. To do so, I recommend you ask yourself the following questions:
Is my partner of choice offering to leverage previous investments made for operational, technical and commercial benefit?
Can an advisor show me a roadmap of how they’ve designed, implemented and operated relevant multi-vendor platforms?
What is their track record in integrating and adopting latest expertise and technology for themselves and their customers?
Partnerships
After selecting the right partner, the next step is assessing yourself in the context of your business priorities and what you are trying to protect. This assessment should cover three areas:
1. Your business, including your strategy.
2. Your existing security landscape, including previous investments made.
3. Your solution and services landscape, including your operating model.
The transformation plans suggested from this should include how your existing technology choices can be incorporated and leveraged to the benefit of a cost-efficient security posture.
Following the roadmap
This approach requires the practitioner/security partner to show you a roadmap which will provide you with adaptability to change, making sure your business is sustainable.
It also means they must show you the ICT reality in order to demonstrate that the proposed theory is sound and realistic. And that it protects what’s relevant for your business in an adaptable manner, strategically, operationally and commercially across people, process and systems.