When looking for a consultant, companies often prioritize risk analysis as the primary concern. And while risk analysis is essential, companies should also look for consultants that clearly establish their value and show how their services will simplify operations to free up resources and grow the business.
For consultants, improving the cybersecurity posture and overall well-being of the client’s organization is crucial, but establishing a consultant-client relationship based on strong communication and trust should be an equally high priority.
The Apptega Cybersecurity Podcast recently caught up with Michael Faas, director of strategy and risk at MorganFranklin Consulting, and James Jackson, senior manager of cybersecurity, to get their perspectives on how to build an optimal client-consultant relationship.
The Consultant-Client Relationship
Consultants offer companies diverse expertise across specialized areas of focus, providing additional resources to achieve faster and more effective outcomes. When searching for consultants, companies need to acknowledge the importance of both conducting risk assessments and fostering a strong relationship.
According to Faas, “Engagements are risk-based but relationship-driven.” A consultant should act as a technical expert, capable of delivering tailored solutions and fostering a collaborative environment, but the role of consultants goes beyond providing specialized skills. Establishing a personal connection with the client helps build trust.
Consultants should seamlessly integrate into the client's staff, contributing both to high-level strategic thinking and hands-on implementation. Companies should seek consultants that prioritize understanding the unique needs of the business and provide guidance based on their expertise.
To cultivate a successful client-consultant relationship, it is essential to strike a balance between technical expertise and clear, transparent communication. By establishing a personal and balanced client-consultant relationship, companies can effectively manage risks and achieve transformative outcomes.
Garnering Client Buy-In
A strong consulting process that prioritizes a relationship-driven approach starts with identifying the problem that needs solving and understanding the unique needs of the client. This approach, laid out by Jackson, enables consultants to work backward – sometimes mapping to a framework, sometimes creating a tailored approach to further company initiatives that are already in place.
To earn client buy-in, consultants must demonstrate how they can help their clients progress to the next level. This involves asking the right questions and addressing pain points, rather than offering a predetermined set of solutions. Consultants should strive to learn about the client’s business and uncover opportunities for protection and improvement.
Furthermore, consulting is an ongoing and iterative process, with continuous improvement ingrained in every aspect from gap assessment to ongoing audits and certifications. Jackson states that, “Continuous improvement must be baked into everything that consultants can do.”
Identifying indicators of success for clients requires defining end-point goals, involving subject matter experts and stakeholders from the outset, and maintaining transparent communication regarding the level of effort required.
Growing Businesses Through Consulting
By introducing cybersecurity best practices, consultants alleviate the burden on clients. Establishing trust and building a strong relationship is crucial for consultants to act as extensions of the client’s staff, facilitating vendor vetting, the creation of optimal protection strategies, and implementing the necessary controls.
While risk remains a constant, selecting the right consultant can be a game-changer. A skilled consultant not only ensures that the client's voice is heard but also assists in enhancing their expertise and quality of business. By building a strong relationship and employing active communication and trust, consultants can effectively manage risks, bolster cybersecurity posture, and contribute to the long-term success of their client’s businesses.
Listen to the full conversation here.