Security

IT security may keep your consultancy in the black

Even though companies are reprioritizing and slashing their 2009 budgets, Susan Sales Harkins predicts that one area will hold its own -- IT security. She encourages IT consultants to specialize in IT security.

 Despite the budget slashing and teeth gnashing that's going on in conferences rooms across the country, most of your clients probably won't reduce their IT security budgets for 2009. If they do, they'll put away the chainsaw they took to the rest of their budget and use embroidery scissors.

That reaction is actually a trend: Over the last few years, IT security budgets have grown. In some cases, IT security budgets have doubled. Think about it, even during a recession, clients still have to protect their data. Brian Prince quoted Forrester Research in his eWeek article Putting a Price on Security: "...security has gone from 7.2 percent of enterprise IT budgets in 2007 to 12.6 percent in 2009." And according to Forrester analyst Jonathan Penn, as quoted in Putting a Price on Security, "IT security is slowing less than IT in general."

In order to pay for IT security, your clients won't implement new technologies. In fact, clients will cannibalize non-essential budgets to feed IT security. That means consultants who've been training in the latest and greatest technologies might not have any place to show off -- at least, not for a while.

My advice is to put your energy into IT security. If IT security is your specialty, don't be shy about it. If it isn't, bone up. Several areas that your clients will look to you for expert advice include the following:

  • Phishing and malware remain a huge problem, and its one all of your clients share. Even with the best technology, keeping systems clean and performing at peek can be a huge, on-going job. The latest threat seems to be rogue malware removal tools -- not everything is as it seems! To avoid being duped, clients need your expertise and experience in this area.
  • Help clients provide mobile security to their employees, both at home and while traveling. Maintaining secure and dependable remote connections is a true art these days.
  • Wireless networks come with unique threats; as your clients make the move, they'll need your expertise to keep their employees connected and their networks safe.
  • Information security, which involves protecting information and information systems, is a growing area.
  • If clients don't have tight security policies and processes, help them improve.

As your clients reprioritize their technology needs, your consulting business can survive this recession by making IT security your priority.

About

Susan Sales Harkins is an IT consultant, specializing in desktop solutions. Previously, she was editor in chief for The Cobb Group, the world's largest publisher of technical journals.

20 comments
PMPsicle
PMPsicle

Better advice is to monitor what is happening in the world. Yes, security is a big thing today. The number of spam artists, crackers and thieves is increasing. And will for the foreseeable future. But the other side of the coin is supply. As the number of people entering the field increases (if only because of columns like this) the excess demand will decrease. IT as a whole is a good example. When everyone was hot to trot about Y2K and the future of E-Commerce (aka the Dot Com boom), demand for IT of any type far exceeded the supply. It didn't matter what you knew you could find work in IT. Boom went bust and now everyone is looking for their own tiny little niche within IT. In fact, the situation has so changed that the customers are only interested in people who have specialized in their niche (aka niche buying). The cycle goes up, the cycle goes down. Better still than jumping on the security bandwagon -- figure out what the next bandwagon will be. Glen Ford, PMP http://www.TrainingNOW.ca

ssharkins
ssharkins

I agree, we need to always have our eye on the future, but we need a wagon to ride on right now too. Well, at least, I do! ;)

Sterling chip Camden
Sterling chip Camden

Even one month without receivables would put me seriously behind the 8-ball.

PMPsicle
PMPsicle

Excellent point Chip. You can't succeed at a job you hate. And even if you could ... would it be worth it? Marty: Good summary of the proper way to select a niche. Or at least one of them. I might add a few other bits and pieces related to the market and risk. (For example, who is selecting candidates and how. And how many clients can be supported at a time.) But overall a good summary. Glen Ford, PMP http://www.trainingnow.ca

PMPsicle
PMPsicle

Sorry, you hit a hot button ... that's why the hammer is now a melted puddle :8} Glen

Sterling chip Camden
Sterling chip Camden

Make sure the niche is something you enjoy doing. In this economy, it's very tempting to take anything you can get -- but the more you settle into a niche, the harder it is to ever get out of it. So waiting just a little longer for the one that matches your personality might be a good idea.

santeewelding
santeewelding

Except for the forgetting, of which I am sole proprietor, leaving no room for you.

PMPsicle
PMPsicle

This is a forum/blog on IT Consulting. Most of the people here are Proprietors not Entrepreneurs (to use one terminology). And most of the people here are (like most tiny biz people) primarily techies not business people at all. Like everyone else we need to learn how to do business. Not IT. The IT Consulting business. Which mostly means we need to learn the business part. A very few of us have been raised at our great-grandfather's knee as an entrepreneur (yes, I am strange I admit it). Some of us have been around long enough to learn the difference on our own. But most of us are just trying to get by day to day. And yes, IT is currently feeling the heat. Not as severely as the rest of the U.S. but feeling it and seeing it nonetheless. (How's your welding business? Built any ships lately? Built any fishing boats lately? ). Even if we are busy we are seeing our clients worry and that makes us worry. And many of us have seen our niches destroyed. Either because IT is a constantly changing field, because of bad decisions by media reading managers or because of a business version of lamprey eels. Those of us who've been in IT longer than 10 years have been in at least 3 different niches just to survive. So yes, we are worried about the future. And yes, you are right. Entrepreneurship crosses all boundaries and does not require knowing a thing about the actual industry. And every industry suffers from the same issues of learning the difference between working on and working in a small business. Just as every industry is filled with people who believe that their industry is special and different. That's why there's so many entrepreneurship coaches around. Glen Ford, PMP http://www.trainingnow.ca

Marty R. Milette
Marty R. Milette

... to people looking for what to study or work on developing skills in is to do some homework. I found a three-step process very effective. First, to look at what skills you have and then try to find job titles that have requirements listed that include those skills. Next, to see which of those job titles are in demand and get some idea of salary or daily billing rates to be expected. (Salary is irrelevent if there are only 3 job postings in the whole country. :) Once you have the right job title -- harvest a list of education, certification and skill requirements from 10 or 20 similar job postings and use the difference between what you already have and what is on that that list as the basis of your personal training plan. I started doing this a couple of years ago and it helped me to discover and move into a very profitable niche (SharePoint Architecture/Infrastructure) with high demand, limited competition and exceptional billing rates. The recruiters are calling pretty much every day. Had I not done the homework, I would never have even thought of that particular niche.

santeewelding
santeewelding

Feeling the heat? "Entrepreneurship" crosses all boundaries. I don't need to know a friggen thing about your particulars. But I do. I linger here to see how you do.

PMPsicle
PMPsicle

Absolutely true Chip. And even worse there are niches out there where the market has been so f***ed up that it's not practical for the independent to be involved. Where W2 (I think that's your version of our T4) is the only available work. And if you are strictly corp-to-corp (either by choice or because of location and laws) you won't be selected. Being able to choose a good niche is one of those skills that we - as entrepreneurs - need to develop. Glen Ford, PMP http://www.trainingnow.ca

Sterling chip Camden
Sterling chip Camden

It's good advice, but conversely you also need to pick a field that will have some demand. There are lots of empty niches out there, but some of them won't support even one consultant full time.

PMPsicle
PMPsicle

It's why we all TALK about keeping a safety net in place as one of those key things you need to do as a consultant. One month without receivables? Try three or four ... Having said that, yes, we all need to worry about today and having work. The best way to make sure of that is to ride the up tick of the next big thing. Same career advice as is given to students ... Look at where there is a current lack of students then sign up there. In 4 years (i.e. when you are looking for work) there will be a lack of new people. Also known as buy on the low point aka contrarian investing. 'Course if you're out of work right now ... anything goes including cutting grass (which would be hard to do here right now :> ). Glen Ford, PMP http://www.trainingnow.ca

Sterling chip Camden
Sterling chip Camden

Knowing how to teach your clients to write secure code is a bug bonus.

ssharkins
ssharkins

Sounds like an article to me Chip... when can I expect that???? :)

Sterling chip Camden
Sterling chip Camden

... but I might be competing with my good friend Chad over on the IT Security blog.

A_dangerous_mind
A_dangerous_mind

The need is there, and I don't think that you can underestimate it! The number of developers doing code for the Internet who don't account for SQL injection attacks and cross site scripting attacks and other possible exploits is frightening. Further, I would doubt that many coming up through or who have come up through many comp sci programs have had relevant or up to date coursework on IT security and secure coding practices.

ssharkins
ssharkins

Nothing wrong with a little competition -- I'd read an article on security code. :)

Editor's Picks