8 min read · Written by Grant Rayner on 31 May 2023
Share by emailAs you design your business, you’ll need to build a strong value proposition.
The term ‘value proposition’ refers to the unique value that your company promises to deliver to clients who buy your products or use your services. It is the primary reason why a client chooses to do business with you. An effective value proposition is clear, concise, and specific to the target audience.
Your value proposition is a combination of the quality of your products and services, their unique features, and price. When these aspects align with the client’s needs, the value proposition is strong.
A strong value proposition will also be your main point of differentiation from your competitors. It answers the question regarding why a client should choose to work with you, rather than a larger and more established security company.
Examples of value propositions for consulting companies could include:
As you read through this list, you might consider that some of these value propositions are vague, to say the least. Although they may look nice on your company website, it could be debated whether they actually translate to benefits for your clients.
In this article, I will explore various value propositions and provide some insights into their usefulness for you as an independent security professional.
Let’s start with the most obvious value proposition.
The reality is that as an experienced, independent security professional, you can offer a better service at a lower price than your larger competitors. Is this a viable value proposition? The answer is both yes and no.
Although ‘better and cheaper’ may be compelling, price is not the only variable in your customers’ decision-making process.
The reality is that you will be selling your services to a risk-averse audience. You may be familiar with the saying “nobody ever got fired for buying IBM”. Well, in this case, replace IBM with Control Risks, Crisis24, Pinkerton, Kroll, or another large security company. The truth is that choosing your company, which is a less-established and possibly unknown entity, carries an inherent reputational risk. Very few corporate security managers will be willing to take this risk, even if they know they could obtain “better and cheaper” services from an independent security professional. They will not want to bear the responsibility if things go wrong.
If a client eschews a large security company to select you for a piece of work, and you screw up that piece of work, it’s unlikely you’ll work with them again. More importantly, however, is the fact that they’ll realise their error and only work with the larger security companies going forward.
In earlier articles, I wrote at length about engineering your experience and developing your niche.
There is no doubt that your area of specialisation is a crucial component of your value proposition. The question, however, is whether the depth of your expertise is meaningful enough to your clients for them to take the risk of hiring you. For instance, if the client has to choose between paying $5,000 a day for someone with just two years of security consulting experience from a global security company and paying you $2,000 a day for your over ten years of experience, there is a high probability that they will opt for the former, given the reasons outlined above.
There are a few other things to consider regarding your skills and experience.
First, it’s not easy to develop truly “unique” skills or experience (meaning skills or experience that no one else possesses). You may be able to gain more experience, but it’s challenging to acquire unique experience that larger security companies can’t also offer.
Second, it’s difficult to prove to a client that you possess unique skills or experience. If you are competing with a larger security company for a project, the client may naturally assume that they have more skills and experience than you, making it challenging to demonstrate otherwise.
Third, many clients of security services are unable to accurately assess your skills and experience. As a result, claiming expertise is mostly meaningless to them. Clients are more likely to use your services based on a referral from a friend rather than information on your website or self-proclaimed expertise. In fact, it’s likely that most corporate security managers are accustomed to security consultants exaggerating their skills and experience, and will dismiss any such claims you make.
You may choose to offer your clients a “tailored” or “bespoke” approach to service delivery as a key aspect of your value proposition. However, unless you’re selling completely standardised products, all services are tailored to some extent. For many security companies, “tailoring” may only involve finding and replacing another client’s name on a report.
The term “tailored approach” is so commonly used that it’s largely ignored, since anyone can claim to offer one.
From a business design perspective, tailoring services is antithetical to scaling your business. To scale, you need to take advantage of standardised tools and processes. The best approach is to develop your own unique tools and processes, which I’ll discuss below.
While many companies claim to offer a collaborative approach as part of their value proposition, the term may have limited value given it’s so commonly used. In reality, most security services are transactional rather than collaborative. Unlike management consulting firms, security consultants are not typically hired to transform an organisation, which would require them to work closely with people from the client team. Instead, most security consulting projects involve relatively basic activities, such as preparing a plan or report, or running some training or exercises. In such cases, the amount of collaboration required is often minimal. Additionally, it is worth considering whether clients actually expect or want to collaborate. They may simply be paying for the work to be done so that they do not need to be involved.
I’ve tried for many years to engage clients in collaborative processes with mixed success. Where I’ve had most success is in developing crisis simulation exercises. By using online tools, project team members can participate in each stage of exercise design, leading to greater engagement and collaboration.
Offering deep insights can be a workable value proposition if you are an expert in a particular country or industry. If you’re providing ‘vanilla’ security services, such as conducting assessments, writing plans, or preparing training, it’s unlikely you’ll be providing deep insights at all.
If you’re an analyst focusing on a particular country or issue, you may be able to provide deep insights and help your clients understand problems at a deeper level. However, large organisations may already have teams of in-house analysts producing reports on specific issues, and they may know their industry better than you do.
You may be able to offer a unique perspective on specific client challenges. However, the extent to which sharing a different perspective provides meaningful value and drives repeat business is debatable.
To summarise the sections above, relying on your skills and experience alone is not enough to present a compelling value proposition to your potential clients. Similarly, even if you have a good reputation, you may face the “IBM factor” mentioned earlier. Few corporate security managers will be willing to take the risk with an unknown entity.
A key lesson here is this: Once you onboard a client, you should do all you can to keep them. As an independent security professional, acquiring new clients will always be your biggest challenge.
Although the preceding sections may have painted a bleak picture, as an independent security professional, you have several options to offer a combination of quality, unique features, and price for your goods or services. Let’s explore them.
Most large security companies lack unique approaches to delivering services. Instead, they take a project-by-project approach. This often stems from the fact that these companies are so busy, they’re unable to focus on product development. Turnover also has an impact on a sustainable product cycle. Furthermore, these companies often fail to manage organisational knowledge and experience. Let’s contrast this approach with those of actual consulting firms.
McKinsey & Company has the 7S Framework and Three Horizons of Growth. Boston Consulting Group (BCG) has the BCG Matrix (aka Growth-Share Matrix) and the Advantage Matrix. Bain & Company has developed the Loyalty Effect and Net Promoter Score (NPS) frameworks. There’s also Deloitte’s Digital Maturity Model and Risk Intelligent Enterprise Framework.
Large security companies have not developed comparable frameworks that enable their clients to better understand their businesses or manage risk more effectively. (If you are aware of any that do, please let me know.)
This is a key area where you can differentiate yourself, and you are well positioned to do so successfully. Why? Because you have decided to focus on a niche. As you develop a defined set of services within your niche, also develop a unique set of processes and tools that support it. For example, you might create unique assessment tools, frameworks, processes, or methodologies.
For instance, I have created numerous frameworks and methodologies pertaining to crisis management.
RealityCheck is a concise assessment tool that provides organisations with a high-level view of the state of their crisis management program.
CrisisScore is a comprehensive assessment tool that determines the maturity level of an organisation’s crisis management capability. It covers multiple dimensions to provide a thorough evaluation.
The Crisis Response Process is a comprehensive methodology that assumes the Crisis Team may not be used to working together and may not know how to manage a crisis. This process has been a game changer for many companies struggling to improve the performance of their Crisis Teams. It is a fantastic resource that can greatly benefit any organisation.
Crisis Plans. I have also developed simple and highly usable crisis management plans. These plans are fantastic resources for a large number of organisations that want to build a crisis management capability but don’t have the necessary commitment to manage such a capability on an ongoing basis (which is the case for most organisations).
I’ll share more details on how to create products and services in future articles.
In addition to developing unique processes and tools, it’s important to pay careful attention to the design of your products and services.
You may be the most experienced person in your field, but if your client deliverables are poorly designed, you will struggle to differentiate yourself and achieve your full potential.
Over the years, I’ve seen some poorly designed reports and training presentations released by large security companies. I’m not sure how they can get away with delivering such documents to their clients. Perhaps the clients have low expectations? It’s difficult to say.
As an independent security professional, it’s important that you don’t follow this approach and instead take pride in your deliverables. Seek to make them readable and presentable. Carefully select typefaces, and focus on small details such as character spacing, line height, and heading structures to make your documents more readable. It’s easy to design pleasing client deliverables that will set you apart from your larger competitors.
Many corporate security managers are often focused on their own organisation’s challenges. As an independent security professional, you have the freedom to monitor emerging technologies and industry trends and assist your clients in adapting to these changes. Unlike larger security companies, you can quickly adjust to new developments and create products and services that allow your clients to take advantage of them.
For instance, when a new international standard is released, you can purchase it immediately, review its contents, and develop a practical solution for your clients. Some potential solutions include a gap analysis toolkit, an internal audit template, or a training deck.
In theory, you cannot be more responsive than large security companies that run 24/7 operations centres. However, larger companies can be slowed down by diverging commitments and internal bureaucracy. As an independent security professional, you can move faster than they can if you commit to doing so.
One way you can be responsive is to be on the ground when clients need support. Large security companies will be slow to deploy to incident locations where they don’t already have a presence in that location. You, on the other hand, can get the first flight in and email your clients the moment you’re on the ground to let them know you’re available for tasking. Do this more than once and you’ll get a reputation for being a useful resource. I’ve deployed to multiple incidents over the years, including to Kathmandu after the major earthquake in 2015 and after the terrorist attacks in Colombo in 2019.
Your value proposition will be a combination of things. You’ll need to have demonstrable skills and experience, useful products and services, at a competitive price point. But these factors alone won’t get you hired over a large and more established security company. The key is to focus on your niche and develop unique and useful assessment tools, frameworks, processes, or methodologies. Ensure your products are well-designed, and look for opportunities where there are emerging trends and technologies. If you’re able to do so, be responsive to critical client requirements.
There’s something to be said for being useful and reliable.