Common mistakes to avoid when starting your cybersecurity practice
Cybersecurity is a booming business. So, the time is ripe to start your IT security practice, but before you take the leap, let us warn you: it’s not as easy as it looks.
To help you avoid common pitfalls, we interviewed Kevin McDonald, executive vice president and chief information security officer at Alvaka Networks, to ask him what advice he would give to new solution providers who want to enter the market.
“What often happens when solution providers start to launch their security business is that their active client base starts to get nervous and say, ‘I thought your solutions were already secure,’ which starts to undermine their existing business,” he says. “That’s really not how you want to start the conversation with your customers.”
One unexpected challenge solution providers will encounter as they start out in the cybersecurity field is the incredible demand for talent. “There are around 340,000 job openings in the security industry,” says McDonald, “and that number is expected to balloon to 3 million by 2021. That’s a big deal, and very big challenge for solution providers across the country.”
There are currently around 780,000 certified IT professionals employed in security with average salaries in the low six figures. “The average midsize VAR can’t afford to hire the kind of talent they need to meet the demands for cybersecurity,” says McDonald. “That’s why I usually recommend outsourcing whenever possible to augment your team and expand your portfolio.”
Keep it real
Another pitfall that new security providers should avoid is pretending. “I mean that in the very literal sense,” says McDonald. “Don’t pretend to understand security. You can’t wing it. You have to make sure you have professionals who have expertise in the field and a team that’s committed to doing it right. Don’t take chances with your reputation or with your customers’ security.”
He also suggests avoidance of certain phrases that could come back to haunt you later. “Never promise or guarantee to secure your clients’ networks from cyberattacks. It can’t be done. There are no guarantees in today’s threat landscape,” he says. “Also, I recommend avoiding the word ‘expert’ and replacing it with the word ‘security practitioner’ because you might be an expert at the moment, but 5 minutes later a new virus takes down everything and you’re no longer an expert. In security, there’s always something new to learn and understand.”
The best advice McDonald has for up-and-coming cybersecurity VARs is simple. “Start slow. Gather disciples. Use contractors for areas where you lack specializations,” he says.
Want to learn more? Join Kevin McDonald at the upcoming Ingram Micro IT Security Boot Camp in Austin, Texas.
At this two-day event, Kevin will help you gain a better understanding of the balance between risk and reward in providing security and compliance consulting and managed services.