What Questions Should an SMB Ask When Hiring Outside Cyber Security Help

Choosing the right cyber security consultants for an SMB can feel intimidating, but it doesn’t have to be. You don’t have to know much about cyber security to ask the right hiring questions.

To make an informed decision, an SMB should ask about the consultant’s qualifications, track record, quality of work, breadth of technical services, payment model, and price. By gathering information about your candidates in these categories, you’ll be able to reach an informed decision about who to hire.

Qualifications: Good security starts with good people. You want smart, well educated, experienced and well skilled consultants. A computer science degree, high level professional certifications, and a track record of continuing education are good indicators. There are many trash certifications – don’t be fooled by the number of certifications.

Track Record: Here SMBs need to ask to review the client list and ask for specific reference accounts.  Speak to the references and ask them questions such as:

  • What was the quality of the work?
  • How timely was the work performed?
  • Was it a one time project or an ongoing relationship?
  • What did you think of the skill level?
  • How responsive and communicative?
  • Would you use the consults again?

Quality: Review the consultant’s written collateral – if you find spelling errors or poor grammar that is a red flag. Review a sample report carefully and assess the thoroughness of the methodology and the clarity of the presentation of the findings.

Breadth of Technical Services: Does the consultant offer the services the SMB needs? Does the consultant offer a specialized cyber security service or a portfolio of services?

Cultural Fit: Is the SMB looking for a one-time project or an ongoing relationship? Does the consultant charge by the hour or fixed price engagements?

Price: Don’t get hung up on the nominal professional fee – you get what you pay for. Usually the higher priced consultants can do the work faster and deliver better quality. In cyber security small mistakes or omissions can be big trouble; you don’t hire the cheapest surgeon.