by Daniel Humphries
Managing Editor, Software Advice
March 06, 2014
Original link at http://blog.softwareadvice.com/articles/security/questions-to-ask-when-hiring-security-consultants-0314/
Questions to Ask Before Hiring an IT Consultant
Having an in-house security team may be too expensive for most companies, but that doesn’t mean that securing your business should be any less of a priority. I recently joined a trio of security experts who spoke with Software Advice’s IT Security analyst Daniel Humphries to help him identify the most important questions to ask before considering an IT security consultant. Here are some of the questions I suggested to help you select the right person for the job:
1. Will you train my employees in the new security measures?
End users can be a company’s biggest worry, as they are the “low-hanging fruit” that hackers will target.
2. What related experience do you have?
I advised to ask the consultant for specific “war stories” that qualify them for the job. This way you know exactly what the consultant has done in the past, as opposed to what they could hypothetically do for you.
Also ask the consultant to make analogies for you, so that you can better understand his technical lingo.
3. Who should I expect to come in and do the hands-on work?
Knowing who is going to end up performing the security work is important. I suggested that you Google the consultant’s name as a way to verify that there are no obvious red flags that you need to worry about.
4. Should certifications matter to you?
This is a topic that will bring many passionate opinions out of consultants, and the answer is up to the individual. My advice is that while over-reliance on certifications is unwise, ultimately certifications are not a bad thing to have, and in fact may be valuable tests of knowledge- particularly at the advanced level. Other experts think that practical experience is the only thing that should sway your decision to hire someone or not.
I’m a government cleared cybersecurity expert (a Certified Ethical Hacker), and the Vice-President of Cyber at SIRCO, an investigations and protections firm in Montréal, Canada.
I’m also a frequent contributor to National & Global media reportage about cyber-crime, spying, security failures, internet scams, and the real social network dangers that families and individuals face every day.
Latest posts by tcutler (see all)
- TerryCutler blog selected by Feedspot panelists as one of the Top 75 Hacker Blogs on the web - August 14, 2017
- Where technology goes, so do hackers - August 13, 2017
- Unknown missed calls good for Vanuatu, but not you - July 20, 2017