How to Hire a Security Consultant – And What Guarantees a Failure – Mainstream Managed Services

‭+1 (603) 285-9680‬

How to Hire a Security Consultant – And What Guarantees a Failure

Have you been paying attention to the news, lately? If you have you know that our “esteemed” representatives in Congress, hired a group of purported IT specialists and gave them access to some of the most secretive information they had access too.  But they ended up being scammed, and it cost the US Taxpayer multiple millions of dollars and put our national security at risk.  Turns out that the lead “Technician’s” lost his last job at McDonald’s!

After hearing this, I decided that I needed to offer some guidance on how to hire an IT professional even when you do not understand IT because this is an issue, especially for startups or small companies.

Many may not be aware of how important it is to understand who you are hiring to handle your information technology.

How can you interview and hire an IT professional if you don’t understand what they do, what skills they need to help you and their day to day capabilities?  Your IT Network is by far one of your most valuable assets. So how do you make an informed and fruitful hiring decision regarding your IT?


First and foremost you need to find someone you trust who understands and has expertise in the area of Information Technology then you do or someone who has recently hired an IT person.

Small companies often need someone to help them structure their IT infrastructure. They can’t really afford a full time IT professional and will more than likely need to consider someone with a general IT knowledge.  If you do not understand IT how can you hire this person and be assured of their level of expertise?

One of the first things you need to consider is what your needs and requirements are.  Always make sure the consultant whois “running the show” is briefed on everything your company is doing, and everything that you’re planning on doing. They will need to focus their energy and time on designing and maintenance of your IT infrastructure.  I recommend following a structured analysis and design methodology to determine the scope of the project before hiring an IT consultant. It will take time. It is important that no single manager be allowed to drive the business requirement.

How do they go about accomplishing their design decisions?  What criteria do they use?  Do they always use a particular brand? Why? Do they get kickbacks from them?  Or do they search for and implement Best-of-Breed Technologies for the job?  You should always consider someone who has broad best of breed technology experience.

Since most startups or smaller companies have limited IT, budgets are they able to make decisions and evaluate solutions that can meet your needs and stay within your budget.  You are looking for someone who has the technical and financial acumen to make those decisions.

Are they biased by their affiliations with particular vendors?  Can and will that affect the decisions that they make on your behalf?  It is important that you know about all these relationships and how they might affect you.

Questions to Ask Yourself

How much IT experience do they have?  What responsibility did they have on previous projects?  How much involvement did they have?  What problems arose during the projects and how were they handled?  What recommendations would they make for your company and why?  Can they discuss the benefits and drawbacks of those recommendations?  What specific IT solutions would they recommend you not consider and why?

Are you hiring this person as an individual to do the work or to manage the project?  If you are hiring them to do the work, they can perform the work you need and not just control people they hire. Many IT consultant shops work to win the job first then try to find workers who will staff the project after they win the work.

What certifications do they have?  Although having certifications does not assure that they have real demonstrative expertise that you require, it does demonstrate that they at a minimum amount of technical exposure to it.  Experience trumps Certifications.

Can they write?   They will have to possess decent technical writing skills. When you are designing an IT system, having documentation is of utmost importance.  Knowing what hardware is in use? What is the preventative maintenance schedule? When will it be done?  By whom? What software is in use?  What revision is in use and what is the update schedule that is necessary to keep it in top operating condition.  Additionally, they will also be responsible for assisting in building your business continuity and disaster recovery plans.

How will they address tech support issues?  Do they have an efficient help desk structure and workflow that they can implement?  Can they record, organize and track all requests and provide solutions promptly?

Are they going to be on-site or virtual?  If they are going to be virtual, then you will need to assign one of your full-time employees to manage them.  That person will need a full understanding of the project and its deliverables so they can evaluate the quality of the work.  If you created an RFP that included the product and services you require, it is necessary that the person you are considering to have the experience to carry out your plan.

Get references and check them.   How well do they work with others?

Have them give you examples of their work on systems like those you are using.  What solutions can you offer that will make my life easier?  What are the costs?

Ask them to present a solution for you.  A good IT person will have listened to you; they should be able to give you a good general idea of how they would attack your problem taking into account what is important to you and your organization.

Do they have a security mindset?  Are they willing to design and deploy a plan that can and will continually secure your IT systems and mission critical data?  Do they perform routine security audits?  How will they respond, an attack happened to your company?

What is their availability?  You will need someone who is committed to this project, and you need to make sure they understand your expectations.

What does your gut tell you?  Do you trust the person in front of you?  This person will have full administrative login credentials and be able to access most if not all your sensitive and proprietary business information.  Run a criminal background check!

Make sure that you keep it simple and open ended.

Malcare WordPress Security