An Introduction to Services

A short definition of services, why clients might need services, and a quick introduction to some of the limitations of services.

5 min read · Written by Grant Rayner on 12 Jul 2023

Share by email

Recent articles have focused on business design. This and the next few articles will shift to focus on designing products and services.

As you set up shop as an independent security professional, one of your first priorities will be to determine what products and services you intend to sell.

How you approach the development of your products and services will be a major factor in your eventual success. Of course, how you promote and sell your products and services will also be a huge factor, but we’ll get to that in future articles.

In this article, I’m going to provide a brief introduction to services. I’ll start with a simple definition of services, share some thoughts on why clients need services, create a simple taxonomy of services. I’ll wrap up with some initial thoughts on the limitations of services.

Let’s start with a simple definition of services.

Defining services

In the context of a services business, a ‘service’ is a specific offering or solution that the business provides to its clients. Services can include consulting, training, assessments, or other specialised services that are tailored to meet the needs of your clients.

Why services are needed

You might think your biggest competitor is one of the global security companies. In fact, as an independent security profession, your biggest competitor is your client. More specifically, your client doing the work with their own internal resources rather than using your services. Why would they hire you to deliver a service that they can do themselves? Also, how do they justify to management that they need to allocate budget to pay someone else to do something when they could just do it themselves?

It’s interesting and instructive to explore why clients might need (or want) to pay for services. As you start the process of determining what services you want to offer your clients, it’s useful to consider the types of services they might actually be looking for and why.

A client may require services for a range of reasons, including the following:

  • Knowledge transfer. Where certain skills or expertise don’t exist in house, a client may bring in an external service provider. Training is a simple example of knowledge transfer.
  • Need for independence. In some cases, the work may be best done by an external party. Examples include audits and investigations.
  • External Perspective. Some projects may require an unbiased or fresh perspective. For such projects, an external service provider will be able to provide more objective results. Examples where an external perspective may be useful include facility security inspections, running crisis simulation exercises, or conducting physical penetration tests.
  • Risk Management. If a project is high-risk or sensitive, a client may hire an external service provider as a safeguard. This can help the client mitigate risk and ensure that any potential damage is minimised.
  • Geographical Limitations. If a client lacks a local presence in a particular market, they might need to rely on an external service provider to handle the work in that location. In such contexts, they may also require a country specialist.
  • Scale Operations. If a client needs to scale up operations for a short period of time, it might be more cost-effective for them to use external service provider rather than hire and train new employees.
  • Access to Specialist Technology. If the work requires advanced technology or software that the client does not have access to, they might hire an external service provider. Doing so not only saves on capital investment but also ensures that the work is done with the most up-to-date technology. Good examples include technical surveillance countermeasures (TSCM) and computer forensics.
  • Crisis Management. In the event of a major crisis, a client may require professional expertise to manage the situation effectively. For example, they might call in communications specialists for reputation management or cybersecurity specialists for a data breach.

In addition to these factors, there’s a few additional factors that should drive clients to use external services:

  • Speed and Efficiency. As a specialist in your field, you should be able to complete tasks more efficiently and quickly than the client’s in-house team.
  • Cost-Effectiveness. In some cases, hiring an external service provider can be less expensive than using in house resources. This is especially true for tasks that are only needed once in a while.

Clients may not necessarily consider these additional factors when they make their decision. As you build your services, you should integrate these factors into your value proposition. When you write proposals, you should certainly stress speed and efficiency, and cost-effectiveness, where appropriate.

There’s one additional factor, which I’d term ‘entertainment and variation’. A client might bring you in to provide training or a briefing that they could easily do themselves, but believe that bringing someone else in will be more interesting for their team. I’ve been involved with multiple engagements of this nature. Some paid and some pro bono, but always interesting.

A Taxonomy of Services

In the security industry, there are a host of potential services you could potentially offer as an independent security professional. Here’s a simple taxonomy:

Assessments and Audits

  • Security risk assessments
  • Vulnerability assessments
  • Penetration testing
  • Physical security assessments
  • Cybersecurity assessments
  • Compliance audits

Consulting

  • Crisis management planning
  • Security program development
  • Security policy development
  • Security awareness training
  • Regulatory compliance consulting
  • Threat intelligence analysis

Investigations

  • Fraud investigations
  • Due diligence investigations
  • Background checks
  • Workplace investigations
  • Intellectual property investigations

Training and Exercises

  • Security awareness training
  • Crisis management training
  • Tabletop exercises
  • Simulation exercises
  • Incident response training

Executive Protection

  • Threat assessments
  • Protective surveillance
  • Security advance planning
  • Executive protection training

Emergency Response

  • Emergency response planning
  • Emergency response training
  • On-site emergency response support
  • Crisis communication planning

Managed Security Services

  • Security Operations Centre (SOC) services
  • Managed detection and response (MDR) services
  • Security information and event management (SIEM) services
  • Vulnerability management services

This is obviously not an exhaustive list, and some services may overlap with others.

There’s quite a bit to choose from here, and there’s an art and science to determining which services you should incorporate into your business. Some services are also complementary. For example, if you were running emergency response training, it would also make sense to offer planning and on-site response support.

As we’re focused on independent security professionals—one-person operations—you’ll need to consider, out of these services, which can be delivered by an individual. As I’ll cover in a later article, response can be difficult service for an individual to offer, because you can’t always guarantee your availability at short notice.

Let’s wrap up this article by focusing on some of the challenges and limitations of services. How you manage these challenges and limitations will be key to your overall success.

The Challenges and Limitations of Services

You’ll face three main challenges and limitations when incorporating services into your business:

  1. Upper limits on revenue from services
  2. The need to consider time constraints
  3. The need to ensure that services are differentiated or unique

I’ll focus on one of these challenges here: the upper limits on revenue from services. I’ll cover the other challenges in detail in later articles.

The fact that there are upper limits on revenue from services is one of the most important things you need to understand as you design services, and it’s something you’ll need to take conscious action to mitigate.

What drives the upper limits on revenue? Time and rate.

As you’ll learn in later articles, you won’t have that much flexibility to increase your day rate. You’re also limited in the number of hours you can work in a day, and the number of days you can work in a year.

Let’s explore the upper end of the upper limit of revenue. Let’s say you can charge $2,500 a day and you’re capable of working 5 day weeks for 48 weeks of the year. Your business will earn $600,000. That’s a healthy revenue for a one-person services business, assuming you’re able to survive the year. However, unless you’re able to innovate, based on these parameters, your revenue potential is capped at $600,000 a year.

Of course, the reality is that it’s unlikely you’ll get 240 days of work a year. It’s also unlikely that you’ll be able to invoice $2,500 a day for every project. So, the reality is that your upper limit on revenue will be considerably less than $600,000.

A more realistic upper limit would be based on $1,500 a day for 3 days a week, working 48 weeks a year. In this scenario, your annual revenue would be $216,000 a year. That’s nowhere near as good as $600,000 and considerably less than your earning potential. But at least you won’t kill yourself getting there.

I’ll explore how to break through these revenue limits in future articles.