Infosec would have a better reputation if all consultants were perfect like me. When speaking to a project manager, we should have completed our research. Scoured the internet, finding out what a particular application does and how many security vulnerabilities are out there. The list goes on, but suffice to say a good consultant always does their homework before they actually start talking to people and make themselves look like an ignoramus.
Like I said, some of us are perfect. It's those other consultants who wastes time, and means you have to wait two weeks to complete a 10 minute decision. I have been watching these people, and they fall into a few distinct categories:
Reassurance Guy - Gonna OK it but Needs His Hand Held
This chap is a good bet for spending a quiet afternoon mulling over one tiny risk. He will endorse eventually, but it's going to take a long time to get him there.
He'll be asking question after question, even though he has likely done his research and already knows the answers. He might even contradict himself, but eventually, after much foreplay, he'll send the approving email.
Think of it like a first date: You have to go through hours worth of dinner-buying, listening with feigned interest, hand holding and such before you get to put the cash in the register, as it were.
Annoyance factor: 3/5
Columbo - Questions and Never Decides
This is the guy I get stuck with on projects all the time. He drifts from assignment to assignment, usually on a Friday afternoon (hey, it's not like he has a girlfriend to hang out with) and asks questions. They'll range from lamely open "Which encryption should I recommend" to pointlessly precise, designed only to show that he knows something "So, this has the encrypted media, but this one has USB lockdown. Which is best?
The worst part is that everyone knows this can't decide on anything, and the project is left having to answer the never ending inquiries. This guy takes longer than anyone, and you never know when it will end. It's like an episode of Columbo - "Oh, one more question."
Annoyance factor: 5/5
This one is a pain for the business, but great for other consultants. Try-Out Guy has already done his homework online and narrowed the selection down to three security products. He is on the project merely to get a feel for the kit and decide which one he would like to spend the most time in the test lab with. You'll recognize him as the professional looking fellow who tells the project that he "can't decide" between the, products and wants one last scan before deciding. At every stage hell tease the poor PM that he's almost decided.
Us other consultants love this guy as he plays around for a few days to his hearts content with some bleeding edge technology and we get to use the results.
Annoyance factor (for consultants): 0/5
Annoyance factor (for project manager): 5/5
Quick Question Guy - It's Never Quick
This one is a real pain. You know the guy - he calls you up just as you're heading off to lunch and says "Hey, mate, a quick question!" How can he refuse? If you were hoping it would be a quick "Do you have the latest template? Great, can you email me one." then you are a gullible fool. Quick Question Guy always manages to make it long, either rattling off more questions or just acting as if he scheduled a meeting in the first place. I hate this guy.
Annoyance factor: 5/5
This article was originally published at www.infoseccynic.com