It's been a few weeks since my last blog posting. That's the bad news. The good news is that it's the result of being rushed off my feet with consultancy assignments. Interestingly it's not my usual line of business. I generally set out to try and make a living from research and write white papers.
But I detect that the security consultancy market is going through a much needed change at the moment, with many clients getting fed up with buying the usual, off-the-shelf, template products offered by Big 4 and other large outfits. They are looking for more practical help from experts who are prepared to listen to their concerns and develop a tailored solution.
I'm particularly finding this in the Middle East where many of my customers started by buying identical paper bricks from big consultancies. These tomes now sit unread on the shelf gathering dust. Implementing them is the problem. Paperwork is useless unless everyone understands it. It might get you part of the way towards a certificate, or help to impress an inexperienced auditor. But it's near impossible to put a hundred page manual into action if no one has read it.
This issue is largely inevitable. Consultants tend to measure their worth by the amount of paper they generate. Twenty years ago that might have been a challenge, but with the today's instant availability of thousands of policies, standards and control methodologies on the Internet, now anybody and everybody can be a security consultant. You just need to be able to cut and paste text and questionnaires.
I prefer to take a different approach. Rather than copying a business continuity manual from a previous client, I prefer to start with a two page plan and then show the client how to progressively build it into a more comprehensive working document. My clients from last year now have plans of around 50 pages. The difference is that they developed it all themselves. Now that's real security. Once upon a time I thought that was becoming an impossible dream. Perhaps there's hope for us all yet. So let's celebrate the fact that boutique consultancies are coming back into fashion.