The Scoop
Applying a Dedicated Professional to Your Sales Support Environment
By Mimi Herrmann, CISSP
Abstract
In the last decade, corporations of every size have become more and more aware of the concept of Information Security. Overall, this a good thing, but it presents a problem for security services and product vendors. How do you differentiate your offering from your competitors’? Certainly the features of your service or product should be a selling point, but in an arena where the vast majority of products and services balance out each other in terms of features, what truly differentiates a security offering is the vendor’s support team. Mimi Herrmann is a professional with nearly a decade of pre- and post-sales support experience, plus experience in security engineering and analysis. Well-versed in many different types of security products and services, and with a strong background in network engineering, software and systems installation and integration, and speaking and presentation, Mimi will add a great amount of value to your company’s offering.
Information Security in the Corporate Environment
In the last decade, Information Security has gone from being something most companies were willing to agree was important, but few were able or willing to implement, to being something implemented by default by any company desirous of being taken seriously. In 1995, most people had heard of firewalls, but intrusion detection was still on the far horizon, and the only people doing network scanning were, in the opinion of the public, trying to crack into your network. Now, in 2005, firewalls are so commonplace as to be de rigueur; NIDS and HIDS are considered a necessary part of any security architecture; and network scanning, far from being Dan Farmer’s shocking "defend by attacking" solution to network security problems, are employed by more and more corporations as "risk management" devices. And these are just a few of the security services and products being offered. Identity management, cryptography, physical security, and security awareness training are all important and thriving fields in the larger field of Information Security, and all part of a security analyst’s responsibility when determining compliance with the new government regulations that have been passed worldwide in the past few years.
Similarly, a decade ago, the title "security analyst" or "security engineer" was largely unheard of. In many cases, the person or team in charge of security was a subset of the IT team, and were learning by doing. It has taken a decade for Information Security to be a profession, with many sub-professions beneath its umbrella, and for the CISSP certification, always a benchmark of Infosec knowledge and training, to be commonplace enough to be required by employers. The only thing that has not changed in a decade is the overwhelming amount of information that a security analyst must field, although the nature of that information has changed; where once the analyst was a pioneer of sorts, attempting to secure his network via the MacGyver method, now he is an integrator and information broker, putting systems together that will not only secure the corporate resources but will also produce results that are tangible for the directors and officers of that corporation.
Naturally, management will wish to choose the most effective products and services that their money can buy. However, the savvy security analyst knows that a good security offering, or set of offerings, does not rely only on a feature set or a good technical review. Given the scope of most security products, and the way that different products from different vendors need to dovetail into each other, there’s almost no such thing as a simple security solution, despite the use of GUIs and web interfaces. Security professionals need help to deploy and maintain the products and services they buy, and thus, the support structure of a security vendor is as important as the product or service itself.
Supporting the Enterprise Customer
The role of a good security solutions consultant is to guide a security analyst – her prospective customer – in the process of evaluating, purchasing, deploying, and maintaining a particular solution or set of solutions to assist him in securing his network. A consultant may work for a particular software or services vendor, and thus be most interested in guiding the customer toward that particular solution; however, the truly professional consultant will keep in mind that the customer very likely already has a network of security software and systems in place. The new solution, then, must conjoin with the existing solutions to form an integral whole. The consultant’s task is to work, sometimes in conjunction with representatives from other vendors, towards integration of the customer’s existing network structure.
Given the probable need for integration, the ideal security solutions consultant will possess a broad networking background and an ability to learn quickly and to apply her knowledge to many different types of enterprise environments. A strong temptation exists, when there is difficulty in integration, to point fingers at other vendors and insist that the issue lies in their products; but a good consultant will realize that integration is rarely seamless and will work in a professional fashion with other vendors and solutions until integration is achieved, keeping the customer abreast of the current status at all times and addressing any new concerns that may arise during the process.
Deployment, even when quickly successful, is never the last step in the support process. It is the nature of the security engineer or analyst to have a constant body of new questions about any solution, and to seek to dialog about new features and requirements. A good solutions consultant will stay in touch with her contacts at the corporations where she has deployed her solutions to make sure that they remain comfortable, referring them to post-sales support when necessary, but always ready to speak about any issues that may arise.
Supporting the Sales Process
As important to a solutions consultant as the end customer is the sales team that she supports. To this end, a good security solutions consultant will be comfortable speaking both extempore and from presentations she has tailored to the situation’s needs. An account executive often needs, with less than 24 hours’ notice, documents, presentations, or RFP responses, and the solutions consultant must be prepared to provide all these, drawing on her expertise both in Information Security in general and in her proposed solution in particular.
A solutions consultant should be ready and willing to speak at any time she is called on by her account executive to do so. The perfect presentation should flow smoothly, with the account executive providing most of the detail of the solution, based on his own sales experienced and rounded out by the answers that the solutions consultant has already given him. When he requires more technical detail, the account executive will call on the solutions consultant to give a technical presentation, and she will do so, keeping her points concise and providing a period for questions from the prospective client before turning the floor back to the account executive. The solutions consultant’s "big guns" are reserved for when she is deploying the solutions she has carefully constructed for the customer’s needs.
Tying It All Together
For most of a decade, Mimi Herrmann has been providing her security networking expertise to a number of different security solutions vendors, as well as having served in a security analyst role herself. Having experienced the needs of a security solutions customer, along with working with several different types of security solutions in both pre- and post-sales roles, Mimi brings a unique and important perspective to the role of security solutions consultant. In addition, she has a deep and broad background in network engineering, and an ability to quickly assimilate new knowledge, both of which enable her to assist with deployment and solutions integration.Mimi enjoys developing and giving technical presentations and providing training and documentation both to other team members and to end users. In most cases, she can turn a white paper or presentation around in a day or less. Because of her enjoyment of writing technically oriented articles, she generally can put her hands on material for a general presentation or paper immediately, or to work that material into a more specific presentation when needed. She has done extensive research into the history and various subfields of Information Security, and has a large personal network of colleagues in the field.
Mimi is dedicated and hardworking, willing to do whatever it takes to support both the end users of a product offering and the sales team. She has often received kudos from the sales teams of the companies for which she has worked for her unflagging enthusiasm, dedication, and can-do attitude, and from customers of those companies for her willingness to go the extra mile in providing solutions to their issues. In short, Mimi is an asset to any forward-looking security solutions vendor looking to strengthen its position in today’s changing Information Security marketplace.