The case for a guild of security consultants


Flask Data provides a one-stop cloud subscription for EDC, data management and statistics.

The notion of a security consultant guild is a seductive idea.  Promoting  quality, defining service levels and enhancing professional standing are good  things, but there is a red ocean of professional forums so – I would not just jump in and start a guild.

Just take a look at forums like LinkedIn and Infosec Island – most (sometimes it feels like all…) of the folks in professional networks are independent  consultants – and that makes perfect sense – we all have to eat. Yet LinkedIn cannot replace industry forums like ISACA or ISC2 that work to promote industry standards, improve security awareness, drive private-public partnerships etc.

The problem with ISC2 and similar industry lobbies – is that they have vested interests, therefore they don’t or can’t represent independent security consultants.  When was the last time Raytheon called me up – asking to collaborate on a data security project for DoD – like never?

I would take some lessons from the IETF.

Any security consultant organization should have three principles: free, open, and based on vendor-neutral standards.

Note my emphasis on “Vendor-neutral standards”.  This is the secret of the success of the IETF and the Internet in general and it will be the core of the success for any group of security consultants that want to do more than kibitz in LinkedIn security forums.

Regarding standards. There is this eternal debate between the US and the EU – but I think that we can probably agree that ISO 2700x is the most comprehensive, vendor-neutral standards framework existing today – and that should be the one vendor-neutral standard adopted by the guild.

However a guild of consultants is not enough.

We already have similar entities in the shape of the Linked In security communities – which are in general a bunch of consultants talking to each other – with endless threads with shallow input generated by  open-ended questions like “What is the best anti-virus” or “What is the best firewall” or “How should I choose a UTM appliance” or “Is confidentiality, integrity and availability part of your security strategy?”.

In order to turn a consultants guild into something of value – (and I mean dollars and cents – not social networking gratification) the  guild most include and engage (using it’s own terms of engagement of free, open and vendor-neutral standards) with 3 other kinds of people:

1. End user line of business decision makers

2. Vendors

3. Hackers

I am aware that this is a tall bill of requirements – but is, I believe, the only way to create something unique with value to all.

Related Posts Plugin for WordPress, Blogger...

Flask Data is a technology company with a strong people focus. We are a diverse group of computer scientists and clinical operations specialists based in Israel, the US and India. We are accomplished at providing our customers with the most effective way to achieve high quality clinical data and assure patient safety. There is no single solution that works for every clinical trial. We work hard to understand your unique situation. We work with your team to develop the best solution to achieve high quality clinical data and assure patient safety the same day you engage with patients.

Flask Data – same data data and safety solutions for clinical trials.

Contact us to learn more

Tell your friends and colleagues about us. Thanks!
Share this

Leave a Reply