Most people in business, including consultants, will tell you that there are times when you need an outside objective assessment of…something. From training, sales, IT technical support, business strategies, and a myriad of other issues.
Unfortunately, security is one of those issues that you never think about beforehand. It usually takes and incident which could have, or did, turn out badly, to even call a consultant. In those cases it may just be too late.
Using a security consultant before an incident is a waste of money in the minds of many business leaders. I have heard this exact quote from more than a few say that. But they can save your financial resources in the long run by giving you the expert advice you need before an incident or event occurs.
So if you need or want to hire one what do you look for? Sometimes that is not always an easy question to answer, but here are a few things to consider, and this is by no means an all-inclusive list, on that subject;
- Listening Skills
For whatever job and skill set you hire them for, the consultant needs to be able to listen to you and consequently break down your problem (s) in a few choice sentences. If they can’t do that then you may not have the right person for your company.
Additionally, the consultant should be able to break through the clutter and discover the actual issue in what you are asking them to accomplish. This may be uncomfortable but…
While this is related to listening it is a separate component of its own. The consultant needs to be able to communicate with you on a level of knowledge, intelligence, and practical level. I’m talking about ideas and feedback. If they can’t communicate what they think to you, then they may not be able to assist you. It doesn’t matter if they stutter, lisp, or have another speech impediment. If they tell you quickly and efficiently what they are doing and why they are doing it…
They must have the expertise to be able to handle your issues, no matter what they are claiming and throwing out to everyone. If they tell you that they can’t do the job because they don’t know how… that is the sign of an honest and reliable consultant. If they can hire the right help or point you in the direction to go.
Regular or advanced degrees, Certifications, years in the field, and presentations given are no indication that they can work for you well. While all those things are important, it’s just as important to have someone you can work with efficiently & effectively both in the office and in the field.
- Personal Discussion
How long are they going to talk to you on the first meeting? This can be an indication of whether you want them or not. If they take up the time of your initial meeting with meaningless minutia, then probably not. Likewise if they start talking about sheep and goats, a South African friend does this to engage the audience and client, and keeps on then, well…
Are they asking pertinent and probing questions? Do they get the problem? Are they taking notes and thinking of ways to solve the issue while the meeting is going on? Ask yourself, and them, these questions in the first meeting;
It is unfortunate, but many times the size of a consultant’s report is the basis on whether or not they did a good job or not. The size of the report means absolutely nothing, except they spent an inordinate amount of time writing it for one purpose – to pump up your response as well their payment and reputation.
I have written reports like I write everything I do. Succinct, concise, & blunt. No verbose or flowery language or security jargon. And if I did use jargon, I defined it in the report. I made the report simple, sweet, and easily understandable to anyone who read it.
Did it offend some people who read such a simplistic report? Yes, but in the end they appreciated how easy it was to read and implement. One client had my report of 10 pages or so. They hired another consultant who wrote the same ideas that I did and their report was 90 pages long. The difference was my company did it for free and they paid $5,000 for the consultant’s report.
Are they truly independent or are they actually trying to sell you a product that they represent and get a commission on? There are consultants out there who will try hard to sell you products of one type or another. An independent consultant will only recommend general products and services specific if asked.
In this instance you have to beware of those who try to sell from only one company. They say they are independent consultants, but in reality they are trying to sell you on one product or service instead of giving you options.
This should not be the final consideration factor for hiring a consultant. Most consultants who are truly independent and not affiliated with services or products will usually be more than willing to work out a payment system. So if their price seems a bit high and you want to hire them ASK. It never hurts to ask and if they won’t negotiate… then move on if you wish.
Hiring a consultant is a big step for any company to accomplish. They can cost thousands of dollars or as few as a couple of hundred. Just don’t get blinded by the flashy reputation or promotional methods/items they present to you. Cut through the glitter and ensure that they are right for you and your company. Not all will be a good fit.
Facebook.com/oneistoomany or Twitter: @robertsollars2
I May be Blind but my Vision is Crystal Clear