by Daniel Humphries
Managing Editor, Software Advice
March 06, 2014
Original link at http://blog.softwareadvice.com/articles/security/questions-to-ask-when-hiring-security-consultants-0314/
Questions to Ask Before Hiring an IT Consultant
Having an in-house security team may be too expensive for most companies, but that doesn’t mean that securing your business should be any less of a priority. I recently joined a trio of security experts who spoke with Software Advice’s IT Security analyst Daniel Humphries to help him identify the most important questions to ask before considering an IT security consultant. Here are some of the questions I suggested to help you select the right person for the job:
1. Will you train my employees in the new security measures?
End users can be a company’s biggest worry, as they are the “low-hanging fruit” that hackers will target.
2. What related experience do you have?
I advised to ask the consultant for specific “war stories” that qualify them for the job. This way you know exactly what the consultant has done in the past, as opposed to what they could hypothetically do for you.
Also ask the consultant to make analogies for you, so that you can better understand his technical lingo.
3. Who should I expect to come in and do the hands-on work?
Knowing who is going to end up performing the security work is important. I suggested that you Google the consultant’s name as a way to verify that there are no obvious red flags that you need to worry about.
4. Should certifications matter to you?
This is a topic that will bring many passionate opinions out of consultants, and the answer is up to the individual. My advice is that while over-reliance on certifications is unwise, ultimately certifications are not a bad thing to have, and in fact may be valuable tests of knowledge- particularly at the advanced level. Other experts think that practical experience is the only thing that should sway your decision to hire someone or not.
“You can read more of my interview with Software Advice about hiring an IT security consultant here.”