Eugene Tawiah, founder and CEO of Complex Technologies, shared his insights at the ASCII Chicago event on how solutions providers can effectively navigate the cybersecurity landscape.
1. Don't Assume One Size Fits All
Tawiah emphasized that security solutions vary widely. He noted that "there are all sorts of firewalls, next generation firewalls, Web application firewalls" and other options available. He cautioned against assuming open-source products are universally viable, warning that without proper support infrastructure, providers become dependent on community forums rather than professional assistance.
2. Brace for Higher Prices
Security products command premium pricing. Tawiah advised that while these costs may seem substantial, they translate to improved margins when properly structured. He expressed caution about suspiciously inexpensive security solutions, questioning what corners they cut.
3. Call Your Lawyer
Legal considerations are paramount. Tawiah recommended having attorneys review master services agreements and coordinating with insurance providers to ensure adequate coverage for information security liability exposure.
4. Charge More
Security services warrant premium rates. Tawiah stressed that learning client operations requires significant time investment and expertise, making button-press installations unrealistic. Providers deserve compensation reflecting this effort.
5. Know the Language
Tawiah highlighted essential terminology distinctions, including:
- White box versus black box testing
- Threat versus risk versus vulnerability
- Standards versus guidelines versus policies
- Penetration testing versus vulnerability assessments
6. Know Your Limits
Specialization matters. Tawiah advised against offering services outside core competencies—if not web-focused, avoid web vulnerability services. Partnering with specialized vendors fills gaps while maintaining credibility.
7. Invest in Yourself
Continuous learning drives success. Tawiah emphasized reviewing daily security vulnerability releases, listening to relevant podcasts, and staying current with emerging threats.
"The key to success in cybersecurity is continuous learning and staying ahead of emerging threats through daily engagement with vulnerability releases and industry podcasts."
— Eugene Tawiah