Talk is cheap -- at least when it comes to marketing IT consulting services. Any consultant can have a flashy website...
or impressive brochures. But how can you be sure you're hiring the right IT consultant for the job?
I've been on both sides of the table with this issue as an information security manager and as a consultant. Here are some questions that need to be asked when a company is shopping for IT consulting services, but, unfortunately, aren't asked often enough:
- How long have you been in the field? How many years of experience do you have implementing and administering the technologies we need help with?
Experience isn't everything, but it ranks right up there with oxygen. Five to ten years of solid experience is required to become an expert in a particular technology area.
- What are you doing to stay on top of IT and all of the changes associated with technology and security?
If they're not reading, watching webinars, listening to podcasts and attending classes, seminars or conferences, then they're behind the curve -- period.
- How would you handle the dilemma I face of having to somewhat blindly hand over the keys to my kingdom and trust that everything you're doing stays in check?
As long as you're reasonable in your approach, anything short of complete transparency should be a red flag. Hire an IT consultant who is familiar with the technology at hand and who offers some solutions to help put you at ease.
- Would you be willing to work in conjunction with another third-party consultant who performs independent security assessments to make sure no stone goes unturned?
I've found that many consultants are sensitive to anyone criticizing their work. As long as everyone is on the same page, taking the same approach toward the end goal of minimizing business risks, you shouldn't have any problems.
- Are you OK with signing our nondisclosure agreement and security policies?
Interestingly, I still see and hear of businesses granting access to every nook and cranny of their networks without ever creating a safety net to fall back on in the event the person you hire for IT consulting services does something stupid.
- Beyond basic project management, what will you do if you see that you're getting in over your head?
One of the best signs that you're hiring an experienced IT professional is the willingness to admit that he or she doesn't know it all and is open to bringing in additional expertise when roadblocks arise.
More information about hiring an IT consultant
Consultants really, really want to help
Dumb things IT consultants do
A consultant knows better, right?
Business consulting – the next battleground in IT services
Navigating your way through the IT consulting services world is tricky. It can be hard to find the right consultant, and you may even have to go through a few until you land the right one. Getting results in this area, though, is part of being a valuable IT pro. The good news is that the economy, especially the one we're in now, has a way of filtering out the least capable.
The important thing about hiring the right IT consultant is to not become complacent and assume that one expert is as good as any other. You've got too much on the line. Ask the right questions, get some references and go with your gut.
About the author: Kevin Beaver is an information security consultant, expert witness, author and professional speaker with Atlanta-based Principle Logic LLC. With over 22 years of experience in the industry, Kevin specializes in performing independent security assessments revolving around minimizing information risks. He has authored/co-authored 10 books on information security including Hacking For Dummies. In addition, he’s the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. You can reach Kevin through his website www.principlelogic.com, follow him on Twitter at @kevinbeaver and connect to him on LinkedIn.