Make Security a Core Competency, Not a Vertical

No one on the face of the earth today who has access to an internet-connected device is unaware of cyber threats. It's now a very integral part of our lives, just like heat and fire. Think back to when you were young. You had to be educated at a very early age to be careful not to play with fire or you would get burned. Your parents looked out for you and taught you not to stick your hand on the stove, as it may be on or still hot. Cyber security is similar today except that the education about it is lagging behind the technology for the most part. This was the case when the first stove was shipped and plugged into the wall at the first home. Were there explicit instructions to keep flammable things and small fingers away from the burners at all times? There was likely a note of some sort from the manufacturer directed at the installer and the end user but not much directed at the education of the end users' families. It took awhile to be ingrained into society as a best practice how to respect the power of the stove and all the required safety precautions for it. And so it is with the internet and cyber security.

With the threats out there today, we see an escalation in available training for the tech, clients, and end users. We see more and more tools and protective devices coming onto the market. The legislation and regulations are lagging further still than education, but they too are coming along. And, of course, I see so many companies saying, "We're going to get into security as a vertical, it's a high demand field," which is why I wrote this article. You need to "get into security" as a core competency! Yes, going vertical is awesome and I highly recommend it, but if you think about the reality of it, every IT service provider had better significantly step up their game or they're going to lose a pretty good chunk of their business, and soon.

The thinking is that this is a wave of opportunity for a few when in reality, it is a requirement of everyone in the industry. It's a call to step up your game across the board to keep your market share of customers and take good care of them. Failure to do so means someone else who has security as a core competency will get those clients when you fail to protect them. It is a zero sum game too. If a client chooses someone else to do their basic day-to-day security, they are likely going to also have them do the day-to-day technology as well.

My point is this: Every IT provider had better step up their security game fast just to keep up with the trend, not pursue it as a vertical that they can stand on top of. Those companies - the true verticals in security - they are who you'll be getting your training from. If I were in the IT business today, I would have a handful of security competencies at the top of the learning and growth initiatives for my organization, and I would have short deadlines for completion. If you think you're going to be a pack leader, you'd better look a lot farther out on the horizon; the leaders get it, and they're going to rely on the fact that those IT companies that don't are their "in" to expand into the market.