As I sit here to write this for our company newsletter, I am reminded that 100% is not enough. In today’s competitive market, status quo just isn’t acceptable. At SeNet, we pride ourselves on the quality of work we provide for our clients. We are fortunate enough to have many customers with whom we have had successful business relationships. So what can we do to keep those relationships going into the future as the landscape for IT security changes? The first thing we can do as analysts and engineers is bring our ‘A’ game to the table every single day. It is our obligation to put the clients’ needs first while adhering to our virtues, rules and regulations, and ethical standards as analysts. In that ‘A’ game should be a solid understanding of the clients’ needs and concerns. As obvious as this may sound, we need to be aware of the challenges and issues the client is facing, so that we can tailor our security authorization evolution to meet their needs. Plopping down in a chair and asking questions about their systems isn’t going to work; the relationship needs to be formed from the get-go at the kick-off meeting, and it needs to be made clear that we are in their corner and will do what it takes (within reason, of course) to help them achieve their security goals. Be ready to offer suggestions, recommendations, and ideas. We are consultants, of course!
I am going to take you on a brief stroll down memory lane for a bit. When I was a business development associate at Staples, yes, that’s why the easy button is on my desk, we were instructed to look for PAIN—what I mean is what potential issues did they have with a contractor in the past? Were there communication issues? Were there issues of meeting deadlines? Were there quality assurance or analytical issues? These are things that you may not have to ask about; it may be offered, but definitely listen for it. This will help you tailor their security authorization evolution, avoid making the same mistakes as previous contractors, and really show that you are there to guide them through the process. All the while, you may not know it, but you could be setting the foundation for future business relationships and for more work to come down the pipeline.
Another thing we can do is be prepared and be ready for the potential challenges that come with conducting a security authorization evolution. There’s nothing worse than going on site in front of a client and being unprepared because it’s a reflection on SeNet and could potentially upset future business opportunities. Have you coordinated with your ISSO to set up interviews? Does your engineer have all of the testing mechanisms and tools to begin technical testing? Do you know all of the evidence you need and do you have it when you leave? A ‘can do’ attitude will show your client that his or her needs DO come first and that you are dedicated to helping him or her.
The last thing we can do is be a strong team and be open-minded. Everyone on the team: analysts, engineers, junior analysts, etc. should be able to freely and appropriately offer suggestions, outside of the clients’ presence, of course, with the team’s goal of only making the product better. I hate the cliché, but I am going to say it, “There’s no I in team.” There’s nothing worse than offering suggestion after suggestion after suggestion only to be repeatedly told, no thanks. It is up to us to take the initiative and bring added value—an extra perk—something the ‘other guys’ won’t or don’t do—that’s what sets us apart from the competition.
One last thing I learned very early on here: It’s better to say ‘I don’t know and I’ll get back to you with an answer in 24 hours’ than to try to dance. Think about it. Good Luck! Jason Oksenhendler