Rising above the noise in the InfoSec industry

A crash course to learn how to differentiate your security consulting company
in an age of increasing commoditization

In InfoSec, Experience Is Not Enough…

There is increasing competition and commoditization in the information security marketplace. For better or worse, pure technical knowledge and experience is not enough. InfoSec companies must go out of their way to demonstrate and communicate their value to potential clients. This includes optimizing and standardizing internal processes and client-facing communications. This article discusses the problems facing InfoSec companies and some strategies for standing out from the crowd.

Read entire article

Getting Some “Quick Wins”

There is increasing competition and commoditization in the information security marketplace. InfoSec companies must optimize and standardize their business processes and methodologies to differentiate themselves from competitors. This article discusses strategies for getting some immediate “quick wins” at your company. It looks at some steps you can take now, today, to start seeing improvement and better responses from your clients.

Read entire article

Making Your InfoSec Team Stand Out Through Continual Improvement

Business practices at information security companies can be difficult to change, often due to unceasing project work and a cultural lack of focus on the client experience. This article discusses strategies for implementing long-term, continual process improvement at an InfoSec company. It focuses on: 1) using the report as a driver for process improvement, and 2) getting your technical staff on the same page.

Read entire article

Making The Most of Your Team's Knowledge and Experience

Knowledge transfer is very important at InfoSec companies, but the large and ever-increasing amount of new information makes this task difficult. This article talks about why it’s so important to make sure employees are up to date and sharing information, and what steps an InfoSec company can take to improve knowledge transfer.

Read entire article

Avoiding Common Scoping Mistakes

InfoSec companies encounter very specific obstacles and challenges when it comes to correctly scoping their projects. This article discusses some ideas for implementing efficient, effective scoping procedures. It focuses on getting an upfront understanding of the needs of the client and the project, and ensuring the necessary information is made available to the team delivering the project before the engagement start date.

Read entire article

How Standardization Makes You Smarter and More Responsive

Standardization of processes is key to success at information security companies. But these companies also face cultural obstacles, such as the idea that imposing rigid standards stifles worker creativity and spontaneity. This article explains why process improvement at an InfoSec company actually leads to more opportunities for creative expression, not less. It also gives tips on starting a standardization process, given these cultural obstacles.

Read entire article

Stabilizing (and Increasing) Revenue

As information security consultancy becomes more commoditized with more testing tools and more competitors in the market, consulting companies are looking for ways to survive and to thrive. This article discusses methods to stabilize revenue and increase it. Ideas discussed include subscription services, retainer agreements, and recurring pentesting.

Read entire article

Creating Sustainable Cultural Change

Many information security companies struggle with changing their culture. It can be difficult to get an InfoSec team to focus fully on the issues that are important to the long-term health of the business: customer experience and process improvement. This article looks at some methods to implement cultural change at an InfoSec company in ways that will be sustainable and won’t alienate your team members.

Read entire article

Back to top