A crash course to learn how to differentiate your security consulting company in an age of increasing commoditization
In InfoSec, Experience Is Not Enough…
There is increasing competition and commoditization in the information security marketplace. For better or worse, pure technical knowledge and experience is not enough. InfoSec companies must go out of their way to demonstrate and communicate their value to potential clients. This includes optimizing and standardizing internal processes and client-facing communications. This article discusses the problems facing InfoSec companies and some strategies for standing out from the crowd.
There is increasing competition and commoditization in the information security marketplace. InfoSec companies must optimize and standardize their business processes and methodologies to differentiate themselves from competitors. This article discusses strategies for getting some immediate “quick wins” at your company. It looks at some steps you can take now, today, to start seeing improvement and better responses from your clients.
Making Your InfoSec Team Stand Out Through Continual Improvement
Business practices at information security companies can be difficult to change, often due to unceasing project work and a cultural lack of focus on the client experience. This article discusses strategies for implementing long-term, continual process improvement at an InfoSec company. It focuses on: 1) using the report as a driver for process improvement, and 2) getting your technical staff on the same page.
Making The Most of Your Team's Knowledge and Experience
Knowledge transfer is very important at InfoSec companies, but the large and ever-increasing amount of new information makes this task difficult. This article talks about why it’s so important to make sure employees are up to date and sharing information, and what steps an InfoSec company can take to improve knowledge transfer.
InfoSec companies encounter very specific obstacles and challenges when it comes to correctly scoping their projects. This article discusses some ideas for implementing efficient, effective scoping procedures. It focuses on getting an upfront understanding of the needs of the client and the project, and ensuring the necessary information is made available to the team delivering the project before the engagement start date.
How Standardization Makes You Smarter and More Responsive
Standardization of processes is key to success at information security companies. But these companies also face cultural obstacles, such as the idea that imposing rigid standards stifles worker creativity and spontaneity. This article explains why process improvement at an InfoSec company actually leads to more opportunities for creative expression, not less. It also gives tips on starting a standardization process, given these cultural obstacles.
As information security consultancy becomes more commoditized with more testing tools and more competitors in the market, consulting companies are looking for ways to survive and to thrive. This article discusses methods to stabilize revenue and increase it. Ideas discussed include subscription services, retainer agreements, and recurring pentesting.
Many information security companies struggle with changing their culture. It can be difficult to get an InfoSec team to focus fully on the issues that are important to the long-term health of the business: customer experience and process improvement. This article looks at some methods to implement cultural change at an InfoSec company in ways that will be sustainable and won’t alienate your team members.