I provided consulting services for information security, technology strategy, or a combination of the two, which often has a focus on IT operations assurance. Here are some examples of typical customers and work I did for them:
- For early stage technology companies, I provided technology strategy development, often an acting as Chief Technology Officer or working closely with executives and engineering leaders. These projects focused on articulation, selection, and alignment of market needs, innovative approach to meet those needs, customer perceived benefits enabled by the approach, and an account of potential substitute goods, alternatives, competition, and inaction.
- For small to medium sized technology companies, I provided similar services, but often specifically focused on the role of information security in the company’s target markets, product definition, technical capabilities, integration, deployment, competitive factors, or customer perception. In some cases, the acting-CTO role was also part of the project, while in other cases it included the security-related product and market strategy below.
- For established technology firms, I provided product and market strategy, including security-related competitive analysis; impact on product line and company competitive positioning; effect on product definition, packaging, delivery and deployment, including channels and integrators.
- For new and established technology firms, I provided security-specific technical consulting on the security-related or security-relevant aspects of technology and product. These services typically included security architecture, design, or review of applications, systems, and services;
- For enterprise IT organizations I provided security program review, design, and development, and related consulting on security technology acquisition, usage, practices, procedures, and risk management. In some cases, the focus was on the company’s IT security programs and practices, while in other cases the focus was on security technology design and deployment planning.
- For larger enterprise IT organizations I provided services related to IT operations assurance, often in a datacenter setting. Operations assurance included but did not focus on technical security, but instead encompassed technology and practices related to critical system identification, management, integrity, reliability, accountability, and audit of IT asset management. Particularly in growing or maturing IT operations teams, the drive for higher accountability, together with internal or external compliance issues, creates a need for the definition of assurance practices or processes, in which there can be high value in the perspective of a previously uninvolved party.