Few phrases annoy me more than ‘Trusted Advisor’, not because it’s a bad concept, but because it is most often used by people and organisations that have no right to do so.
Just because you sell security services or products, you are not trusted, or an advisor, you are a vendor. At most you are a consultant, and it’s not until your client has reached the Business as Usual phase in their security programme life-cycle can you begin to be a trusted advisor.
If you have taken your client all the way from your discussion over business goals to Business Continuity Management, then you are in the ball-park. If you have been instrumental in helping your client engender a security culture with senior management buy-in, you are close. Finally, if your client turns to you for guidance related to every aspect of their continued growth and evolution, then, and ONLY then, can you add Trusted Advisor to your repertoire.
On the other hand, not every organisation is even READY for this level of interaction with security. Most see it as a necessary evil, with limited to no ROI, so trying to dazzle them with a concept such as this is a wasted effort. As in all things, you will have respect when you’ve earned it, and you will only have earned it when you have put the client’s needs at least on the level of your bottom-line.
I am not a believer in altruism (what’s the word for a one-word oxymoron?), and I fully accept business is about profit. What I AM against is profit above value, not EARNING your profit, and not leaving the client better off than when you started. Without ethical values you will never, EVER be a Trusted Advisor.
Besides, calling yourself a Trusted Advisor is like saying you have a great sense of humour, or you’re a good cook, it’s the RECIPIENTS of your service that must bestow this title on you. You don’t ask for thank you notes, it has to be voluntarily provided for it to mean anything.
To me, these are the qualities of a true Trusted Advisor:
- Knows their client’s business goals
- Has helped gear the development of the security programme to ENABLE those goals
- Works along-side the senior leadership to help to develop a security culture
- Is an invited member of the Governance Committee
- Is the first person called to help resolve Business vs. IT challenges
I used the word ‘help’ 3 times in 5 bullets. That should indicate the real nature of a Trusted Advisor more than anything else.
VERY rarely will you ever achieve this, which is why it’s such a great goal to strive for with all your clients.