Launching an IT Security Practice: An Interview with Brian Larson, Sr. Channel
Manager, Symantec
We recently met with Brian Larson, Sr. Channel Manager for Symantec to talk
about the opportunities available in one of the hottest IT markets - the specialized
arena of security services. According to Brian, "Launching a security practice
is a different animal from most IT services. No other area relies on trust as
much as the security practice. To succeed, you must quickly establish an extraordinarily
close relationship with your customers."
So we asked Brian to consider the broad spectrum of IT companies with which
he's worked over the years and share with us the Top 10 Keys to Success in
Security Services. Here's his list:
- Launching a security practice requires a commitment to work incredibly
closely with customers on highly sensitive topics. Therefore, you must have
buy-in from your senior management, the President or CEO, before you launch
a security specialty.
- Security services are a separate endeavor from other IT areas and require
specific resources. A separate business plan must be developed, focused on
the security practice.
- As in all IT service areas, you must develop and communicate a clear roadmap
of service offerings. What security problem are you solving and how? Will
you focus on a specific market area, such as healthcare, or will you attempt
to leverage a particular technology across all markets?
- You must approach the new security practice with the right mindset and
with an appropriate level of funding. High-end security sales take time, so
be prepared to absorb the front-end lead time.
- A security practice requires an incredibly detailed level of technical
expertise. Know what you're doing or you run the risk of seriously jeopardizing
your clients' businesses.
- You must dedicate the right resources to a security practice. Because the
level of knowledge required is significant and trust is all-important, you
must have a dedicated security practice director. This person will take direct
responsibility for keeping in-house resources abreast of the latest technologies
and will be the "buck stops here" contact for clients.
- As in any IT business, you must be able to communicate that you have the
requisite level of expertise in the security area. So make sure you have a
knowledgeable sales staff.
- Don't rely on just any sales team, though. These people must understand
how to communicate the intangibles that encompass a service sell.
- Remember, your security practice is only as good as the products you sell.
Make sure you have strong partnerships with vendors who can support your efforts.
- Many IT businesses fail in the basics…getting the word out. Make sure
you fully fund a marketing program that will effectively communicate with
your target market. Focus on your technical expertise and those capabilities
that differentiate you from all the other IT firms out there.
Brian continued, "To set up a security practice, make sure you have at
least two CSSP or GIAC certified security professionals on staff. And have a
thorough understanding of the regulatory environments for the markets in which
you'll be selling. For instance, financial services and healthcare have regulations
that mandate firewalls, IDS, and monitoring services. Know the industry's requirements
and target those markets that need you most."
A successful security practice must have some degree of vendor independence,
as well. Brian suggests starting with a core of one to three offerings in each
product category, such as firewalls, network intrusion detection, and authentication.
Look for integrated offerings that allow both small and medium sized businesses
to view all of the security logs and alerts in one console. Easy to manage equals
easy to secure. And leverage channel-friendly vendors who can provide many of
your product capabilities through one company.
While security is a hot market, Brian notes that competition is increasing.
Many of the providers are advertising their security practices through offerings
for discounted auditing and penetration testing. To succeed, make sure you have
the dedicated expertise and the ability to communicate that to the market. The
more you can provide focus and resources, the more credible your new security
practice will be. And the more likely you will succeed.
For a great example of how to establish a successful security practice, read
our in-depth interview with Chris Poolen, CEO of one of the hottest IT security
companies, FireTower. Coming in the next issue.
|
