blog header - How successful cybersecurity consultants drive higher client satisfaction

How Successful Cybersecurity Consultants Drive Higher Client Satisfaction

As an ex-assessor turned product company CEO, I believe great inventions spring from the minds of people hardened through their own struggles and challenges in a unique arena of expertise. For the team at, we’re a Software as a Service (SaaS) company, but if you ask our clients what we do they’ll likely say we’re in the business of helping risk stakeholders drive value and positive change to their end clients.

This article offers a perspective of the one thing all consultants can do better to drive deeper engagement to retain customers.


What the Data Uncovers

In 90% of anonymized feedback on product assessments and improvements since the Fall of 2019, “stakeholders” are actually internal or external consultants with direct experience in managing or assessing risk. For example, asset-owning companies in critical infrastructure usually task corporate-retained OT and IT teams to “consult” on risk management activities.

Additionally, external consultants are brought in to support asset-owning teams in the form of OEMs, industrial integrators, MSSPs, and consulting firms. What we find is regardless of the of these stakeholders or consultants, we’ve uncovered a trend of what’s working to keep customers engaged (and retained). The consultants that do this well set themselves apart on a global and multi-sector scale within the risk management landscape.

So what are some consultants doing different?  In my opinion, the consultants with the most satisfied clients effectively share the “so what” and the “what’s next” throughout the various phases of the risk management lifecycle, not just the raw data in the form of a compliance or maturity score.

 The Common Pitfalls Consultants Run Into – And Why

Many consultants worth their salt will explain that stating the above confidently (and continually) to a customer requires a blend of data, experience, intuition, and business context. I think many would agree the role of the consultant is to offer, create, and implement a system and method for:

  • Determining or uncovering the data from the customer
  • Incorporating the ever-evolving context of the customer’s business
  • Translating the data into meaningful insights
  • Using their experience to transition meaningful insights into customer calls to action, thereby creating knowledge that then becomes (new) data again

A common pitfall risk management programs experience is stopping at the uncovering data phase and stating, “Hey you’re missing TONS of cyber controls….you ought to just replace everything, patch everything, scan your IT systems, do a pen test, and buy an asset discovery solution for OT.”


Unreasonable. Why is this? Lack of experience? – I think not. Lack of willpower or planning? – not likely.

The unfortunate reason consultants risk failure of delivery on the “so what” and “what’s next” is that they’re ill-equipped; they lack the tools to efficiently translate data models into meaningful info, thereby thwarting their capacity to impart knowledge (and eventually wisdom) to the customer.

spreadsheet data

Simply put, they get stuck in manual entry mode and spend the majority of their time sifting through troves of data (insert 17 sheet Excel file here;  pain! 😣) to uncover what that data means to the customer (insert 63-page written report here; tears! 😭) .In turn, they exhaust their resources (time, energy, or budget) without reaching a valuable state of wisdom for the client.


How Consultants Can Turn Info into Insights

We created a graphic to outline the correlation between client satisfaction, the efficiency of a given risk management program, and the transition of raw data to wisdom. It takes knowledge and wisdom to effectively drive the understanding of the “so what” and for the client to invest in activities listed as “what’s next.”

graphic of relationship between client satisfaction and value of data

Why This Matters

Remember, most consultants get stuck in the “data” and “meaningful info” phases. Assuming the consultants desire to incorporate business context (more) and use their experience to translate insights into meaningful action (more), they must find ways to drive efficiency and scale to the risk management process to swiftly move through “data” and “meaningful info” phases faster.

Ted Gutierrez

Ted Gutierrez is Co-Founder and CEO of SecurityGate, A risk assessment, improvement, and documentation platform used by security and risk leaders at the world's largest critical infrastructure organizations and consulting firms to enable deeper alignment across cyber teams and their leadership.

Share this post


Recent Articles

Contact Us