Boutique consultancies are back in fashion

| 3 Comments | No TrackBacks
| More

It's been a few weeks since my last blog posting. That's the bad news. The good news is that it's the result of being rushed off my feet with consultancy assignments. Interestingly it's not my usual line of business. I generally set out to try and make a living from research and write white papers.

But I detect that the security consultancy market is going through a much needed change at the moment, with many clients getting fed up with buying the usual, off-the-shelf, template products offered by Big 4 and other large outfits. They are looking for more practical help from experts who are prepared to listen to their concerns and develop a tailored solution.

I'm particularly finding this in the Middle East where many of my customers started by buying identical paper bricks from big consultancies. These tomes now sit unread on the shelf gathering dust. Implementing them is the problem. Paperwork is useless unless everyone understands it. It might get you part of the way towards a certificate, or help to impress an inexperienced auditor. But it's near impossible to put a hundred page manual into action if no one has read it.   

This issue is largely inevitable. Consultants tend to measure their worth by the amount of paper they generate. Twenty years ago that might have been a challenge, but with the today's instant availability of thousands of policies, standards and control methodologies on the Internet, now anybody and everybody can be a security consultant. You just need to be able to cut and paste text and questionnaires.

I prefer to take a different approach. Rather than copying a business continuity manual from a previous client, I prefer to start with a two page plan and then show the client how to progressively build it into a more comprehensive working document. My clients from last year now have plans of around 50 pages. The difference is that they developed it all themselves. Now that's real security. Once upon a time I thought that was becoming an impossible dream. Perhaps there's hope for us all yet. So let's celebrate the fact that boutique consultancies are coming back into fashion. 

Enhanced by Zemanta

No TrackBacks

TrackBack URL: http://www.computerweekly.com/cgi-bin/mt-tb.cgi/45560

3 Comments

Hello David, I enjoyed your blog about the return of the boutique consultancy. I work at one myself (www.seilevel.com) and it is nice to have some camaraderie out there for the original, non-copy and paste, work we do every day.

Weston

I was sure that it will happen one day! I think that the boutique consultancies will coming back into fashion really soon because we all know that the process in the world are cyclic. RemovalCompany

I'm not sure what the big deal is, tailored advice just sounds like good everyday practice to me.

Mind you, if Managers do buy template systems then they get what the deserve, and I have a warehouse full of very expensive perpetual motion machines which I am sure they would love.

Leave a comment

About this Entry

This page contains a single entry by David Lacey published on December 13, 2011 7:10 PM.

Following the rules of the game was the previous entry in this blog.

No fix in sight for SCADA security is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Archives

 

-- Advertisement --