Recently I was asked for advice from a passionate professional who is establishing a security company. They asked for strategic insights to help guide their organization. With a quick pen to cocktail napkin, I produced three nuggets of wisdom.
I want to share with the community my thoughts and more importantly hear from others what your advice for this emerging leader of security practices. Share your knowledge and insights.
My three pieces of advice:
The measure of success for a security company is how you can make a meaningful impact on your customers ability for them to manage their security posture
In security, customers must balance three aspects: Risk, Cost, and Usability. Risk mitigation is obvious, as it directly ties to the purpose and benefit of security. Cost must be a consideration as no customer has an unlimited budget. They must seek a level of cost, both initial and sustaining, which is appropriate for the level of risk they want to maintain. Thirdly, usability factors are important as they can impede business and make for a poor end-customer experience. For enterprises, it can also lower employee productivity, create worker frustration, and place greater demands on the IT infrastructure. For consumer facing organizations, security demands can cause customers to dislike products or services, which is greatly detrimental for business. Help customers determine and achieve the right balance for their business objectives.
Risk is about risk of loss. This could be loss of assets, reputation, customers, IP, system uptime, litigation fees, regulatory barriers, etc. Tie the value of what you provide to the real/actual potential losses your customer is currently or will likely experience. Don’t use fear, uncertainty, and doubt, but be realistic to build trust with your customers. In the end, providing security is about trust. Be trustworthy.