6 min read · Written by Grant Rayner on 19 Jul 2023
Share by emailAs you go through the process of deciding what services to incorporate into your business, one of the first aspects to consider is how you can differentiate your services from those of your competitors.
I’ve already written about differentiating your business as a independent security professional. The points in that article remain valid. We’re now going a level deeper to explore how you can differentiate the services you offer.
One of the biggest risks you’ll face as you set out is that you’ll just do what you know. If you’ve done a lot of security risk assessments, you’ll simply do the same in your new venture. Why fix something that isn’t broken. You might even apply the ‘same but cheaper’ approach I’ve mentioned previously. In this case, you’ve chosen to differentiate on price. That’s a good place to start.
As an independent security professional, your lower cost base gives you the option of offering your services at a lower price than your larger competitors. However, doing so may not be the best approach.
A lower price is one of the weaker approaches to differentiation. Offering a parity service at a lower price point may be attractive to some clients, but it’s not enough to ensure long-term success. If you’re unknown to the client, a low price point alone won’t be sufficient to enable you to win that client’s business.
Instead of offering the same services at a lower price, you could consider offering unique services that your competitors can’t match because they don’t have your background or experience.
The other logical point of differentiation is to focus on your unique experience. You could, for example, reinforce to your clients that you have 10 years experience delivering a specific type of service. In most cases, that will be more than your counterparts in the larger security consulting companies (senior consultants and partners will have more experience, but it’s the junior staff that actually deliver the projects).
What does experience really mean in practice for services? Are you able to do it faster because you’ve done it many times before? Or is your experience reflected in the unique content of the deliverable? Both of these aspects are relevant. I’d argue the key benefit of experience is knowing what works and what doesn’t work, which you then infuse into your services. In my case, I’ve distilled all of my years of crisis response experience to develop a unique Crisis Response Framework and a Crisis Team Evaluation Framework (amongst others).
Of course, experience only matters if it’s perceived as valuable by a client. I’m not fully convinced that clients understand the value of experience and how that experience might translate to a better deliverable. Most clients will be more inclined to go with a well-established security company than an experienced independent security professional. In doing so, they’re confusing institutional experience (what the ‘company’ has done) with individual experience (what the individual delivering the project has done). Of course, there’s also the power of an established and recognised brand name at play.
Even at the institutional level, however, the larger security consulting companies don’t necessarily have experience. I’ve subcontracted to quite a few of the larger security consulting companies, and these companies don’t have effective project management practices, or even templates for basic deliverables. Experience tends to reside within people, not organisations.
Of course, you should still note your experience on your website and in your proposals. Just don’t expect that your experience alone will be enough to win new projects.
It should be obvious that you will want to differentiate on the quality of your services.
What does quality mean with services? More importantly, will your clients perceive the additional quality you’re able to infuse into your services?
The quality of the services you provide comprises two aspects: the quality of the deliverable and the quality of the overall experience of dealing with you as an individual.
When you’re delivering services, the primary deliverable will typically be a report or presentation. However, you should also consider that the secondary deliverable is your individual performance. For example, how you deliver the training and the quality of the advice you provide.
When it comes to the deliverable, where you can differentiate is in the area of design. Many presentations and reports are poorly designed. Some are borderline unreadable (text in front of images in PowerPoint slides, for example). You can easily do better than that. In written reports, the hierarchy of headings, line height, and selection of font all make the report more readable. Of course, making something pretty is largely meaningless if you can’t back it up with good content. More on content shortly.
Going beyond the quality of the deliverable, you should also consider the quality of the overall service you’re providing. The quality of your services starts with your initial discussions with your client and your proposal. It ends with ‘after care’ after you provide the deliverable. It also encompasses communication and project management. On that note, project management tools provide an excellent way to differentiate yourself. I’m yet to see any major security consulting companies use professional project management tools to enable effective collaboration and communication with their clients.
The challenge here is that you may struggle to convince some of your clients that quality matters. You may also find it difficult to express the quality of your services in your proposals. Where quality will help is retaining clients. Once a client knows you can deliver high quality work, they’ll be more inclined to work with you on future projects.
Let’s move our focus to the core of differentiation with services: content, innovation, and audience.
Content is the most important aspect of differentiating your services.
As an independent security professional, you should aim to develop unique content based on your unique experiences and perspectives. This content may include training material, frameworks, and methodologies.
This is not only where you can successfully differentiate your services, but also where you can make the most impact. I’ll share some additional thoughts on developing unique frameworks and methodologies in future articles.
Good content combined with great design will help you stand apart from your competitors.
In addition to building your own frameworks and methodologies, you can also innovate in how you deliver your services. In fact, I’ll go as far as to say that it’s ESSENTIAL that you innovate. There’s no point in going out alone as an independent security professional if you’re just going to do the same as your larger competitors.
In addition to unique content, a key area for innovation is how you deliver the service. For example, you could ‘productise’ some of your services. As you’ll learn later, productising selected services will enable you to expand your reach and will almost certainly increase sales volumes and revenue. In addition, you could build a complementary ecosystem that integrates your services and products in a cohesive way that’ll benefit to your clients but .
I’ll get into different approaches to innovate on service delivery in future articles.
Last but probably not least, one additional way you can differentiate is based on audience.
Typically, most security professionals will focus on the corporate market. In the area of services at least, that’s where the money is. However, you might consider expanding your reach to individuals. The obvious challenge, as you would expect, is that individuals won’t be willing to pay the same rates as corporate clients for your services. Accordingly, you’ll find products are more suited to reach individuals than services. One approach you could consider is to ‘productise’ a service. For example, you could package a training session that you typically provide to corporate clients and make that session available to anyone on a paid basis. Just be aware of the impact this may have on your other work. For example, you’ll need to balance charging a client $5,500 for developing and delivering a training session with offering the same or similar training online for $49.99 to a larger audience. I’ll explore these approaches in more detail when I focus on products.
For now, it’s important to recognise that you’re not locked in to supporting only corporate (or government) clients. There’s a lot of people out there with money in their pockets ready to spend that money on things that are aligned with their interests and that are useful to them. Keep this fact in the back of your mind as you design your services.
In summary, as an independent security professional, it’s key that you make efforts to differentiate your services. My recommendation is that you differentiate in ALL of the areas above. If you’re able to differentiate on quality and content, you may not need to differentiate on price. In fact, you may be able to charge a higher price.
Remember that simply stating these points of differentiation on your website or in your proposals is not enough.
You’ll need to walk your talk.