At times, it either seems there is nothing new left to do in the “security” industry or everyone is doing pretty much the same thing. Even worse, prospective clients seem to continuously talk about their desire for innovation and new solutions to only then tender for exactly the same services or product they were using 10 years ago, thanks largely due to their slow, poor procurement processes and lack of technical capacity to select advanced, smarter security products or services. The result is that the industry then tries to compete solely on price rather than outcomes and efficiencies.
Security consulting is the perfect opportunity to inject new ideas, smarter solutions and innovations into existing and new security strategies.
Regardless of the in-house security team’s expertise and experience, nearly all new ideas are likely to originate from outside their team due to the sheer velocity of innovation and evolution available in the security industry. If a business doesn’t have in-house security professionals, they can leap over all the time and costs that come with research and development and benefit from the newly minted solutions, straight out of the box.
Like it or not but the security industry and commercial services sector still suffers from a distinct lack of business acumen.
There is more focus on the technical aspects of the service, discipline and industry that results in poorly optimised businesses and commercial integration with businesses of all shapes and sizes. Anyone can achieve return on investment [ROI] but true professionals get the highest possible yield from a change, improvement, solution or business unit. It is this area that security consultants can contribute the most to clients and customers.
As a security consultant, buyers advocate and trusted adviser for clients, I come across a lot of situations and circumstances where the business can benefit from innovation and evolution. Sometimes it is because it has been a long time since the security strategy and supporting systems/resources have been reviewed and just need a long overdue “spring clean”. Sometimes it is because management has been asleep at the wheel, and the resulting security outcomes look like they have been kept in a time capsule all this time with nothing new, effective or contemporary….its just “there” and that makes some people happy. Especially if you don’t have to spend any money on it. I find this to be more the case where security is managed by admin, safety, legal, HR, etc.
Nearly every aspect of general business can be improved and updated every 6-12 mths, this includes security.
Sadly, the bigger the business, the slower the evolution.
You know the type, those still using Windows 95 because its too expensive to upgrade and if they did all their other outdated systems wouldn’t work either.
The rate of change and innovation in all facets of business is staggering. No wonder managers can’t keep up, this is where consultants add value. Accounting software advancements, improved project management systems, people management, communications, online based systems and international procurements are just some of the areas security is often well behind and stuck in the past, including service providers.
With the benefit of a lot of international consulting experience and projects, it can be quite confronting when you undertake a new project and discover just how in need of innovation and evolution some companies and apartments are until you start. On one project, the client was managing a workforce of over 500 people….all on an Excel spreadsheet! As a large multinational, selling the promise of advanced commercial solutions, it was more than a paradox. With over 50,000 individual cells requiring update, verification and quality checking, poor results were inevitable. Not long after making recommendations and enhancements where possible [remember what I said before, culture takes longer to change than documentation], the senior management and HR team of the company was replaced after a significant commercial failure….and not taking good advice when it was presented at the time. Not the first time unfortunately.
I know for a fact that certain individuals and companies dedicated resources to capturing and analysing nearly everything I release online, try to emulate it and then claim the idea or approach as their own. A quick shout out to them….you know who you are 🙂 These companies are great, they prove that some companies and management, regardless of their marketing and revenue are just followers and there will always be opportunity and market share for security consultants that can [especially if they can do it often] innovate and raise security to levels commensurate with other professional services sectors.
If you can successfully capture the essence of your innovation or unique selling point and get the message in front of a prospect or buyer who is genuine or can be educated, you will secure more business and growth than sticking with the “safe” and dated approach.
This doesn’t mean you go out and promise and promote all manner of unsubstantiated solutions but you can demonstrate value in your approach and have some degree of evidence as to why your solution is superior and you will break through. Trust me, pioneers are the ones with arrows in their backs, so you can expect delays, frustration and even rejection because you are living and applying the future for most prospects and that can be a confusing or scary thing for many. Buyers will at some point feel they are taking a risk by investing in your solution, no matter the benefits and improvements you can deliver. Humans are funny like that. If you can condition yourself to constantly innovate and evolve, you will have a perpetual business and service suite to keep you and your business profitable, but it doesn’t happen over night.
It is not the strongest of the species that survive but those that evolve the fastest to meet the environment and threats.