Unleashed - How to Thrive as an Independent Professional podcast

583. Christian Hyatt, Growing a Cybersecurity Firm

0:00
32:18
15 Sekunden vorwärts
15 Sekunden vorwärts

Show Notes:

Christian Hyatt, Founder of Risk3Sixty, discusses the top three or four things that chief information security officers at sub-enterprise firms are most worried about right now.  He explains that these concerns include the business environment, threat actors, cybersecurity regulation, nation-state actors like Russia and China, and phishing campaigns. He also highlights the unique bridge between cybersecurity and information technology coming to a head with the recent CrowdStrike incident.

Advice to Clients on Cybersecurity 

Christian suggests that independent consultants should ask clients questions or warning signs to raise their concerns and consider consulting a cybersecurity expert. He suggests that clients are looking for someone who is a good listener and not operating off fear, uncertainty, and doubt. By listening to clients' needs and concerns, consultants can offer advice on implementing best practices on their existing toolset and spreading security awareness. Christian emphasizes that many big enterprise tools, such as Office 365 and Google Suite, have built-in security, covering many bases. Independent consultants should listen for how well implemented their tools are, listen for business problems they have, and offer security assurance. Offering advice on implementing best practices and spreading security awareness can help firms understand how security is impacting their business and make informed decisions about investing in security measures.

Cybersecurity Due Diligence

In the context of due diligence, Christian states that it is important to consider the company's internal infrastructure, including its cloud-based and on-premises systems. This can help identify potential red flags and ensure the company's sustainability and scalability. For example, if a product company is being acquired, it is crucial to ask about its application security, product security, and scalability. Additionally, understanding the company's mastery of its own product and its ability to scale without the team is essential. Another key factor to consider is the company's internal infrastructure, whether it is cloud-based or on-premises. Integrating with the acquiring firm can impact the cost of the process.

Cybersecurity for Independent Consultants and Boutique Firms 

Independent consultants and boutique firms with a few employees should also take cybersecurity precautions. Some good tools for small businesses include G Suite or Office 365, which have built-in tools for file share sharing, email security, and internal messaging. These tools help protect against cybersecurity attacks that originate from email. Installing antivirus tools like CrowdStrike and Sentinel can help prevent attacks at the endpoint level. Blocking and tackling security processes, such as using file sharing platforms like OneDrive or Dropbox. It’s also important to identify areas where money changes hands and take protective measures. Creating an offline backup of key files once a month can help protect against ransomware attacks. Office 365 or G Suite can also be used to store files in the cloud, with tools like spanning for Office 365 creating backup copies of cloud storage. Exploring the full suite of options available to small business owners can help them get coverage for their biggest risks.

Employee Training on Cybersecurity

The conversation turns to the importance of raising employees' awareness of phishing dangers. He recommends using tools that periodically send white hat phishing messages to test employees' skills. Christian suggests that small businesses should focus on creating a culture of awareness and vigilance, letting candidates know about potential scams and asking questions if they feel uncomfortable. There are several tools available for security awareness training, including Curricula. Additionally, he suggests using YouTube videos as part of training, as they can be more effective than expected. By implementing these tools, businesses can create a culture of vigilance and prevent employees from clicking on suspicious links.

The Origins and Growth of Risk 3 Sixty

Christian started his firm as an independent consultant eight years ago, with a trajectory of impressive growth. He initially had one client, a $30,000 one-off engagement, but from there eventually grew the business to 60 clients. Christian shares a few of the tactics behind the growth, including his shift towards cybersecurity.  He focused on a few cybersecurity services that had great demand and packaged them as multi-year deals, and recurring revenue. He also learned that organizations have huge compliance requirements. They built a SaaS platform to help them manage the information. They invested in the SaaS platform and started selling it as a subscription. Today, their services are tech-enabled services, where companies often outsource their entire programs to them due to the need for human labor. Christian made strategic decisions early on, scaling the business around recurring revenue streams, over-delivering, and building a good culture. He centered around those activities that felt risky at the time, saying no to big contracts that didn't fit within his revenue stream. He also explains how a book by Gino Wickman, Traction, and The Entrepreneur Operating System, helped him shift the responsibility for business development off of his shoulders to other members of the firm. 

Recruiting Talent for Risk3Sixty

Christian hired a West Point graduate to become an ops manager. He believed that hiring great people was a risky move but ultimately helped build a sales function and complement the founder's role. The company also hired a strategic partner with Georgia Tech to hire top students. Despite the early hires, the success of the company can be attributed to the smart people who pushed the founder to think more like a leader and helped him see the future. The company's success can be attributed to the excellent people who helped him make decisions that he wouldn't have made on his own. 

The Structure of a Successful Company

Christian’s company has 60 employees, and a top-down structure consisting of an Executive Leadership Team (ELT) consisting of six members: the CEO, President, Head of People, the Chief Operating Officer, the Chief Revenue Officer, and the CTO. The CEO focuses on mission and metrics, breaking down the vision into KPIs and measurables, and making sure everyone understands it. He also works on brand equity through social media, podcasts, and speaking events. He also talks about how he approached pay bands and benefits to attract talent and maintain retention. The CEO manages the ELT, ensuring they are motivated and have the same vision. An initiative Review Board was created to address pent up projects or initiatives that were not previously budgeted. This allowed people to request new projects or initiatives outside of budget season, providing a pressure relief valve for strategic initiatives.

A Successful Marketing Philosophy

Christian's marketing philosophy focuses on teaching good concepts and adding value to people, rather than being an influencer. He uses content such as videos and white papers to add value and engage people, leading to more leads and engagement. He initially used LinkedIn outbound to find open job opportunities and reach out to hiring managers, but found that more people would ignore him than respond. Christian shares his teaching methods on LinkedIn, YouTube, and a newsletter. For cybersecurity-focused content, he hosts a weekly cybersecurity executive brief on YouTube. He also has a marketing team that helps with content creation, and practice leaders who produce content regularly, called media properties, on LinkedIn. Each member of the team has a dedicated content pillar, and it's up to them to create content that resonates with the audience. A marketing team supports them with video editing and accountability. Christian initially did it all himself, using a video editor tool and recording videos and writing white papers. 

Timestamps:

03:14: Cybersecurity precautions for independent consultants and small firms

08:10: Cybersecurity awareness training for small businesses

13:51: Growing a consulting firm through strategic decision-making and recurring revenue streams

18:19: Scaling a consulting business by hiring a leadership team

22:24: Leadership decisions and team structure

26:55: Using LinkedIn for business growth and content creation

Links:

 

Unleashed is produced by Umbrex, which has a mission of connecting independent management consultants with one another, creating opportunities for members to meet, build relationships, and share lessons learned. Learn more at www.umbrex.com.

 

Weitere Episoden von „Unleashed - How to Thrive as an Independent Professional“