April 29, 2012
If you are going to hire some third party to validate your firm’s network security systems, some thought should be given to what constitutes a “good” one? In other words, you have got to know the person you hire is not only capable of performing the job, but can be trusted with your delicate data, and access to your corporation’s network.
The basics still apply here. Google them, especially Google them regarding bad reviews, negative ratings, or grumbles against them. That is step one, and a thing you must do with any vendor you plan to make use of.
2nd will be to talk with them on the telephone or eyeball to eyeball if you can organize it. If you aren’t technically inclined, get someone from your IT staff to have that conversation for you. You’re not trying to find anything particular here, but instead, simply to be certain the seller you choose for the job has a working knowledge of networks and security. You would be amazed at the things a few individuals will make attempts to pass themselves off as in order to part you from your money, so a little checking up front can save you lots of grief later .
Eventually, do not be shy about asking for references, and then follow up and contact the references they supply you. So often , a request is formed for references, and once they are supplied, it never goes any farther than that. This is stupid. Any person can write a name and a telephone number on a chunk of paper and give it to you. Do not fall for what must be the oldest trick in the book. Pick up the telephone and spot check! Call 1 or 2 and get a sense for how the people listed feel about the service and level of data they received for their money.
Network security is too important to leave anything to chance. You owe it to oneself and to your company to select smartly when picking an independent security expert.