Uncategorized Aug 17, 2020

Monday Security Memo

SMD - Subs Must Deliver!


Years ago, before I opened up my own consulting firm, I worked as a subcontractor to train a group of Fortune 500 executives who were about to travel to a war zone.  The client had paid nearly US $40,000 to receive one day of instruction from me and a highly-decorated former intelligence official. 

Because of the audience - and the money involved - I prepared and rehearsed my training modules for weeks in advance.  I opened the morning session by laying out the threats that the executives would likely be facing.  I acted, essentially, as the warm-up act for the Big Gun instructor, so I tried to be entertaining and informative. 

I spoke for three hours, including breaks, and I used a lot of recent statistics, visual aids, relevant stories and even some humor.  The students seemed engaged, and the first part of the day got off to a fine start.  Now it was time to introduce the expert with the impressive resume.  

After a lengthly litany of his awards, titles and achievements, the senior official took to the podium.  I will never forget his opening remarks.

"So, what do you guys want to talk about?"

Everyone but the accountant who had stroked the man's sizable check thought he was joking.  Unfortunately, he wasn't.  He fumbled through an excruciating PowerPoint presentation he had obviously never seen before - someone else must have created it for him.  He would read each slide to himself for about 30 seconds, which felt like 30 minutes, before commenting on what he had just read.  In some instances, he would read the slide, mumble "Hmmm," and then move on to the next one, as though he wasn't even sure what the slide meant.  It was a complete disaster.  

Apparently, my fellow instructor didn't think he needed to prepare for his audience.  He assumed his sheer presence and occasional war stories would suffice.

After the presentation, the client decided to abruptly end the training.  I was informed by the client that I had done a great job and would be fully compensated, however, the company would be requesting a refund for my co-instructor's time (again, this was not SMI offering the training). 

It was a bitter experience, but the lesson wasn't lost.  From then on, I never assumed that because someone had impressive credentials they could perform to a client's satisfaction.  You do the same.  Vet your subs before they represent you; otherwise they could seriously damage your reputation.

Unless I've seen a sub perform, I make him or her deliver the upcoming presentation to my staff beforehand.

Remember, in the security consulting world, you rarely get a second chance.  Therefore, adhere to the rule of SMD - Subs Must Deliver!

Stay safe and vigilant,




