Today we finished Day 3 of the online Making Money with Security workshop – using an actual assessment sent to me by one of the attendees, we were able to walk through the process companies should go through to create the perfect assessment document and deliverable/presentation-one that will lead to more business.

By observing the information and writing style of the assessment, we were able to ascertain how the assessment might have been conducted, who would have been involved in the assessment process, and how the findings were put together to create justification to move forward.  Here is what we found:

1. Fees – given the size and detail of the assessment, the seller probably could have sold it for more.  However, most assessments are sold to IT people who have no liability.  Creating justification for more expensive assessments requires asset owner involvement, and a belief that things might not be as secure as originally thought.  On there other hand, there are ways to conduct complementary assessments that can result in even great long term gross profit.

2. Interviews – the discovery process was probably limited to more technical people, and did not involve business people, top performers who use mission critical data, or executives who ultimately carry liability for both the systems and data their companies depend on.

3. Executive Summery – Like most executive summaries I read, this one did not speak to executives.  Instead, it was a summary targeting a technical audience.  It was called an executive summary simply because it was a summary…it’s unlikely an executive will read it.

4. Recommendations – most of the findings were written in a passive format, stating that certain Trojans or other common attack vectors could gain access to data.  This rarely moves a buyer.  It’s like saying, eating fatty foods might contribute to heart disease.  No one will act unless the doctor says, “You’re on the verge of a heart attack!”  Every company has urgent issues, but rarely are they called out with passion and urgency.

5. The seller’s involvement – It appears that this document was put together without the involvement of the rep.  As a result, it will be difficult for the rep to own the information and lead the charge for remediation.  Great sales people are trained and skilled in selling – how can the remediation phase be sold without the rep leading the way?

By going through this process, we were able to redefine the roles of the seller and consulting team, reformat the assessment document, and talk through the proper delivery process to move forward with both remediation and managed services contracts.  The next step – each attendee will have a one hour private coaching session allowing us to make specific applications to their business using the tools and strategies learned over the past week.  Stay tuned for our next online class, and join the success.

© 2011, David Stelzl