At ASIS 2017, I had many discussions with consultants, integrators, technology vendors and security executives. The common thread throughout was the acknowledgement of the complexity of our profession. Complexity is not our friend. It is the enemy of execution. However, where there is complexity there is also opportunity for technology and service providers who understand the complexity, embrace it and reduce its impact on their client’s organization.
Unfortunately, clients have been taught to under-value these providers. Here are some examples of the myths within our industry:
- Consultants believe the expectation of the client is the size of the report. One consultant suggested that the tagline is: “I get paid by the pound.”
- Specifiers say the expectation is they get paid by the drawing.
- Integrators have helped foster an expectation of being paid by the labor hour, not by their knowledge or expertise.
- Technology vendors are often limited to discussing their features and functions, not by the problems they solve.
The good news? It is encouraging. We have more technology vendors beginning to shape their market strategies around the root of every CSO’s business problem: harnessing data to create a complete picture of the risk and the performance of the risk mitigation processes and procedures within the organization.
Some are positioning as smart hubs. That is, they are going to collect the data from the IP devices/sensors (the spokes) leveraging more open APIs and more sustainable business-friendly API programs. They will place that data in the context of a need. This could be feeding an overall view of a program (# of employees travelling or onsite in key regions around the world) or the analytics needed for an automatic response (providing an alert to a SOC based on a behavior). This is the beginning of machine learning.