Over the years I’ve had the privilege to hire and work with some talented information security consultants. Whether they came on to perform a 3rd party assessment necessary to drive remediation efforts (or satisfy compliance obligations), helped troubleshoot an issue or perform initial configuration on new tools, I’ve been fortunate, in most cases, to separate the wheat from the chaff. I’ve gotten better over time at recognizing the real deal from Joe Isuzu but some small businesses don’t have those hard learned lessons to fall back on. So…. here’s a few tips.
1. There is no such thing as 100% security. If someone is promising “complete security and protection” of your data find out what they are smoking because it’s probably really good stuff.
2. Do they throw around buzzwords and technical jargon OR do they talk about your business and how security controls not only fit within your business model but benefit your customers as well?
3. Do they spend the time to understand your needs or do they “already know” what you need (assumptions… bah!). If they don’t want to know about your business and how they can help YOU then you probably don’t want to hire them.
4. Do they up-sell unrelated services BEFORE delivering excellent results for the project you hired them for? If you’re looking for a point-in-time assessment, then pressuring you to buy long term managed services is pretty lame. If they deliver good work, THEN I want to know what other services they might offer… not before.
Big or small, there may come a time when you need a little help in protecting your business and your customers. A good consultant places your business success at the very top of any work they are doing. If they don’t care about your business, you shouldn’t care about theirs.
Photo credit: Master isolated images at FreeDigitalPhotos.net









Connect with me