Looking back at my first job, I realize that some of the same concepts which I used to sell camera equipment in a retail store still apply to my consulting job that I have today. Being responsive to customer needs, explaining the benefits of what they are considering purchasing (or already have purchased), and in general going over and above the minimum requirements for your job are all perfectly valid concepts that apply even to security consultants.

As an example, in my current engagement I’m deploying a part of a tokenization solution to satisfy PCI requirements that my customer is required to satisfy. The scope of the engagement from my perspective is rather limited, but I’ve taken a deliberate effort to go above and beyond the minimum requirements outlined in the SOW (without increasing my scope, a fine line to walk for sure!) Specifically, while I was in the customer’s data center performing some configuration tasks, I looked around and noticed that there didn’t appear to be any cameras in position to observe the equipment I was configuring. As the customer explained that the equipment was considered ‘in scope’ of the PCI DSS requirements, I pointed out that requirement 9.1.1 of the DSS requires the use of a video camera to monitor equipment (and yes, I know that the requirement is an and/or requirement). The customer contact I was working with was not part of the physical security team and couldn’t confirm whether or not the area was in fact monitored, but he took it as an action item to follow up on.

While in all likelihood this will turn out to be a non-issue, the customer expressed appreciation at my observation. This in turn leads to a stronger sense of trust between us and, in my opinion, enhances the overall value of the engagement. So next time you find yourself in a position where you can offer a little extra advice to your customers, consider going the extra mile. You won’t regret it!