How did the idea to create a company come to fruition, what are the company's goals and what value does it offer, versus competitors.
Working as a consultant in the technical IT security field is accompanied with many challenges, most of which boil down to having to keep up-to-date with its rapid and constant changes (i.e. growth). This, most often, does not only apply to the consultants, but also to professions, which they interact with and the performance of which greatly impacts their own results (e.g. sales, HR, management departments).
As a consultant, not being able to keep up-to-date with this ever-growing field, soon results with having outdated knowledge/skills. This implies delivery of uncompetitive/undesireable (i.e. lower quality) services.
From the perspective of other mentioned professions, the lack of knowledge of and understanding for this field and its requirements, results with not being able to make decisions from an informed, realistic and objective standpoint, but from a purely subjective one, instead. This, almost exclusively, results with bad decisions and additional stress, with which service delivery (i.e. consultants) has to deal with (on top of being a stressful area, to work in, on its own):
– the lack of adequate knowledge in the sales department often results with poorly sold projects, which always results with an additional workload/stress for service delivery
– the lack of adequate knowledge in the human resources department often results with both missed opportunities of employing good candidates, as well as not avoiding bad ones, both of which result with an unproductive/undesirable working environment, which negatively impacts the performance of service delivery
– lastly, the lack of adequate knowledge in the management department very often results with leadership not being able to identify and address the mentioned issues on a company level (e.g. poor performance in other departments), resulting with work conditions, for service delivery, which are significantly worse than they, realistically, ought to be
In addition to the mentioned issues, work environments, which operate under such conditions, most often, set unrealistic goals and dead lines, which add up to the already topped stress level bars of service delivery.
Overall, such work environments usually quickly result with stressed out/burned out workforce, which leads to its high fluctuation, which, in turn, damages the company, in the long term.
In order to address all of the issues, mentioned above, Lighthouse IT Security was founded (Aug 2020). In short, Lighthouse IT Security focuses on providing penetration testing services of high-quality, delivered by a Senior Technical IT Security Consultant.
To address the issue of having to keep the knowledge/skills/competences up-to-date, with this rapidly evolving field, companies react differently. Most of them assign between 0% and 5% of total work time to this activity (in its various forms). Companies with more awareness and understanding, of the matter, assign between 20% and 25%. Practice has shown that, in order to be able to deliver meaningful services (i.e. of high-quality), in this rapidly changing field, even assigning 25%, of total work time, is not enough.
Lighthouse IT Security heavily focuses on continuous learning (50%), through self-study, courses/certification and various projects, in order to be able to deliver meaningful/high-quality services, to its clients (50%).
To address the issue of dealing with poorly sold projects, each project is being approached and evaluated individually. Once an agreement is made, which benefits both sides, each project is separately being prepared for, which ensures that preconditions for delivering a high-quality service are met. Once a project is delivered and finished, a break is made, in order to recuperate/avoid burning out, instead of rushing straight into another project (exceptions are made in Q4).
Another goal, of addressing the mentioned consultancy issues, is to provide long-term competitiveness on the EU market, through continuous focused improvement, the result of which, as already mentioned, is to offer and deliver high-quality-level penetration testing services.
The company’s long term goal is to offer and deliver specialized premium-level penetration testing services, on a global scale.