Read an Excerpt

Global Security Consulting

How to Build a Thriving International Practice

Mountain Lake Press

PART I: Establishing Your Global Security Consultancy Note from the Field

Note from the Field

Undisclosed Location, Afghanistan – 0515 hours local time

It's an early morning in Afghanistan. I'm writing this from inside my pod – essentially a shipping container with a bunk bed – along the Pakistan border. I will be meeting one of my colleagues at 0600 to go for a short mountain hike inside the fence line while it's still relatively quiet. Like many Americans, my work has brought me to this part of the world several times over the years, both as a government representative and on behalf of the large defense companies operating under lucrative U.S. government security contracts.

When you work inside the Beltway encircling Washington, D.C., you quickly discover that opportunities to travel to Iraq, Afghanistan and the like are quite the norm. Some people take on these assignments for the substantial hazard pay. But the majority of us do it for patriotism and support of the mission. SMI, my company, keeps me busy, but I try to do an occasional TDY, or temporary duty, to a war zone. I believe it's important to contribute whenever I can, especially when so many brave men and women in uniform are making much greater sacrifices every single day.

Chapter 1: What Is a Global Security Consultant?

Economic results are earned only by leadership, not by mere competence.

— Peter Drucker

So, you've made the decision to parlay your international security experience into a revenue-generating business venture. You want to sell your skills to those who need it, and you're fully committed to becoming the next big thing in the security industry. But before you start thinking about how you can cash in on your anticipated success, let's examine this particular discipline in detail. There's much more to security consulting than hanging out a shingle.

The first question you'll need to answer is: What type of security consulting are you going to offer?

Webster's Dictionary defines "consultant" as "one who gives professional advice or service." It also defines "security" as "measures taken to guard against espionage or sabotage, crime, attack or escape."

In other words, the discipline contains important distinctions, so you'd be well advised to choose a specialty. I advise you not to attempt to be a universal security expert, as many vain consultants essentially claim.

Even the word "consulting" can mean numerous activities. For many Harvard MBA types, for example, a consultant means someone who works for McKinsey & Company and dispenses advice to Fortune 500 CEOs. Equally prominent names such as Boston Consulting Group, Deloitte, and Bain also conjure up images of young, strategic management experts wearing expensive Tom Ford suits, crisscrossing the globe in business class while racking up outrageous hourly fees. These companies have constituted the gold standard in consulting firms over the past hundred years, but global security consulting is a different endeavor altogether – different even from what's known as strategic management consulting. This isn't to say that the business management models employed by the top firms aren't applicable – on the contrary. I encourage you to study these organizations and incorporate their best ideas into your daily operations. That's what we've done at SMI, and I've found many of the business methodologies from these traditional management firms to be valuable. For readers with a military background, you might have encountered the strategic teachings of Sun Tzu, Clausewitz, Machiavelli, Thucydides and other great masters of war. These studies will serve you well in your new business venture.

But before you try to transform yourself from police officer to strategic visionary for new product development at GE, remember Clint Eastwood's self-advice from the movie Magnum Force: A man's got to know his limitations. In other words, stick to what you know best in the field of security and make your mark there. Companies such as Kroll, Control Risks and G4S have grown from security startups into major global brands by sticking to what they know best: security. Avoid trying to do it all. There are riches in niches.

What are the niches?

In my experience, the global security consulting business can encompass the following services:

+ Physical security: The traditional gates/guards/guns analogy associated with perimeter security, monitoring of CCTV cameras and access control systems

+ Physical security assessments: Conducting security surveys to determine risks and vulnerabilities of a physical infrastructure and associated assets, as well as providing response guidelines in the event of emergency

+ Information technology security: Performing tests to ensure that an individual's or organization's computer network is secure from cyber intrusions such as hacking, malicious software or viruses

+ Investigations: Making systematic inquiries of a person, product or organization to determine or expose potential risks or uncover background information

+ Risk management and due diligence: Slightly different from investigations, risk management and due diligence involving financial and investment assessments

+ Training: Delivering security-related information sessions or materials to prepare clients for avoiding and responding to threats

+ Emergency preparedness and crisis-response planning: Reviewing, revising and creating all-hazards response, business continuity or mitigation response and recovery plans

+ Executive protection: Providing physical security such as bodyguards or protected transport (e.g., armored vehicles)

+ Security products: Creating and distributing security-related equipment or materials for resale.

+ General security consulting: Offering advice for various security situations or potential security situations that might present themselves to an individual or organization

Many professionals pay their annual membership fees to security-based organizations and get certified in every possible security field they can. It never ceases to amaze me how IT professionals can take a three-day continuing-education course in, say, Terrorism 101 and suddenly feel compelled to market themselves as counterterrorism experts. Every time someone tells me they're in counterterrorism, my first question is always, "Really? So how many terrorists have you actually been face-to-face with in your life?" In my experience, less than 10 percent of these experts have ever amassed real operational or analytical experience with counterterrorism. Some think following cable news on the subject, coupled with taking a few classes, qualifies them as an authority. Such people are a liability to the profession and can become dangerous to their clients.

The way to separate yourself from this crowd, and make money as a security consultant, is to plow a niche and develop as much expertise in it as you can. Better yet, create a new market altogether. For this, I recommend reading the book Blue Ocean Strategy by W. Chan Kim and Renée Mauborgne. Only when you have created a solid company, with employees possessing an array of critical skills, should you present your security services as all-encompassing.

You might argue, "Why can't I just claim to do everything and subcontract out all of the work to someone else when necessary?"

It might be a common approach in other fields, but in the security business, again, you must consider whether you're creating a danger to your client. This isn't like construction, where it might not matter if you've never used a hammer, as long as you hire someone who knows what to do with one. Never forget that in this business a lack of skills or experience could cost lives.

If you maintain a Rolodex of skilled security colleagues, my advice is to refer prospective clients to trusted professionals whenever you or your company can't furnish the required skills. You can always request a finder's fee from those you refer, and if your colleagues are ethical and legitimate, they'll no doubt return the favor.

Moreover, by being straight with prospective clients, you can gain their trust and respect, which no doubt will lead to keeping the job and receiving future business. If you find that you don't have the expertise requested by a prospective client, try this:

Mr. (Prospective Client), I appreciate your considering me to perform this task for you. Although I am familiar with this service, my real expertise lies in (another service). So, to ensure that you will receive exactly what you are looking for, I refer you to (Company X), run by a colleague who is a top professional in this field.

Please keep in mind it would be easy for me to say yes, I can do what you are asking, subcontract the work to my colleague then add my markup. But I am committed to maintaining an ethical reputation. If cost is important to you, I want to make sure you get the best service for the lowest price. If cost is not an immediate concern, and you would like me to oversee the project, I would be happy to subcontract the service to my colleague while continuing to be your primary point of contact and ensuring quality control, but with your full knowledge and consent.

I know such a response flies in the face of that entrepreneurial mantra Fake It Till You Make It, but in my experience, playing it straight has allowed me to keep about half of the jobs I've been offered. Of the half I didn't win, I typically received, about half of the time, some form of compensation, either a finder's fee from the client or reciprocal work from the contractor. So, by maintaining my ethics, I've lost money only on 25 percent of the jobs I wasn't fully qualified to perform.

Again, you might say, "Good contracts are hard to come by, so you should never turn anything away." Maybe so, but I'd rather decline to take on clients I can't serve properly and maintain my reputation than have a client label me incompetent or endangering someone.

Never forget: In this line of work, life-and-death situations can appear with frightening speed. Only top-of-the-line training and experience can handle them properly.

Here's another possibility: If you're adept at project management, meaning you're highly organized, you fully understand the client's needs, and you understand how the job will get done, you could label yourself as a security consultant who specializes in project management. This could be even more marketable if you focus on a particular region of the world and maintain a high level of language skills, cultural understanding and up-to-the-minute knowledge of the local situation.

Thinking Ahead

You must constantly be looking to the future in terms of geopolitical realities, trends and opportunities. Many security consultants fail to understand this simple rule. They repeatedly bog down trying to recycle old security assessment reports or training courses they utilized years before, during their law-enforcement, military or intelligence careers, naively assuming if it worked in Country X in 1994 then it surely will work in Country Y now.

This type of business model is weak and will inevitably cost your client money. Moreover, boilerplate reports are obvious and amateurish. Neglecting the future and ignoring specific geographical or regional concerns will prevent your company's growth. If you can identify threats and vulnerabilities as they are unfolding – or, better still, before they happen – you'll greatly increase your chances for success.

How, then, do you think ahead and prepare yourself to catch the next great business opportunity? As management guru Peter Drucker once stated:

Before an executive can think of tackling the future, he must be able ... to dispose of the challenges of today in less time and with great impact and permanence. For this he needs a systematic approach.

Drucker's point was that you can't allow yourself to become trapped in the day-to-day administrivia – paperwork and pointless meetings – that saps the energy of so many consultants. Likewise, try not to dwell on the problems of yesterday, unless those problems can provide insight into current or future challenges. Don't confuse activity with productivity. If you want to be paid to look busy, work for the government. But if you want to improve your client's security and make money in the process, then produce results – and produce them now. The best way to accomplish this is through an established, written process intended to allow your business to run efficiently without you – at least temporarily.

Numerous business books, from the E-Myth series to the controversial Rich Dad series, can help you automate your business, so your money works for you instead of you working for your money. This is much harder than it sounds, however. Streamlining your day-to-day activities so you can walk away for a month or more without the business missing a step is, for most, a daunting challenge – possibly even an unrealistic expectation. Most consultants, particularly one-man shops, are forced to shut down their operations when they go on even a brief holiday. But such a capacity is essential if you want to generate multiple streams of income simultaneously and if you want to be able to sell your business in the future.

Producing Results Is What Produces Income

In global security consulting, as in similar professions, you make your money by persuading clients to pay you for advice. Therefore, your clients determine how much money you'll make each year – not the other way around. Many consultants think they'll make a certain amount, boasting, "This year, I'm going to make US$650,000 in salary." To which I always respond, "Why $650,000 and not $750,000? Why not $1.65 million?"

There's nothing wrong with setting a goal; I'm a big believer in goal setting. Just recognize that a goal is only a starting point. This is particularly true when you consult in the global arena. You're not selling widgets at a fixed price to a targeted demographic. In this field, you'll be dealing with persistent and pervasive uncertainties. Your revenue will often be uncertain at the start of the year. But it's also virtually unlimited. You need to believe that.

You obtain financial results by exploiting the problems your clients bring to you, not by solving their problems. Resources, to produce results, must be allocated to opportunities rather than to problems. Your real value to your clients is neither your security methodology nor the years of experience you have. More often than not, real value means asking the question: What is it worth to my clients to make their headaches go away quickly? That should be your key methodology as a global consultant, not your trademarked theory on "Assessing Political risk in Africa during Unfair Elections," or your "10-Step Process to Ensure Perimeter Security."

When the stuff hits the fan, I want my clients to say, "Get me Luke Bencie on the phone right now!" Because, let's face it, nobody will be saying, "Get me a consultant who specializes in the geopolitical security theory of Africa!" or "Quick, I need a process to ensure that the perimeter around my house is safe!"

It isn't the number of clients you have that will make you rich. It's their quality and how much they rely on you. To achieve this status, you'll need to make your services invaluable. This is even more difficult than it sounds, although if you can achieve it – and bear it mind it's an ongoing process – you'll be on your way to growing a successful consultancy.

Lessons from Brazil

When I first opened my company, I received a request from a prospective client to provide recommendations for secure transportation in Brazil. The client was traveling to Rio de Janeiro and wanted to hire an armored car with an experienced bilingual driver to take his people around for the week for business meetings, meals and sightseeing.

My wife, who is from São Paulo and had previously worked as both an officer in the Civil Police and as a regional security director for a Fortune 500 company, had compiled a Rolodex of such service providers. She sent off a few emails and made some calls on my behalf to her contacts. In short order, we had lined up an armored sedan with an experienced driver.

Based on that information, I informed my client we would be happy to act as their security facilitator and make all the logistical arrangements with the armored car company in Brazil for a nominal service fee. I also communicated with the company (they had minimal English speakers and poor phone lines) to ensure everything was provided on time, and I handled the invoicing (which included currency conversion and wire transfer of payments).

As I mentioned earlier, it's always important to inform your client when you're using subcontractors and incorporate that detail into your written agreement. You never want to claim that the vehicles or personnel you're outsourcing are your own. One reason: If there's an accident, it's better the client recognizes that liability will be held by the company providing the direct service and owning the vehicles. A smart lawyer will ensure that you – the facilitator – are protected.

In my example above, everything went smoothly. The client's needs were met, and they were impressed and grateful for the service we provided. Just as important, I had created a new market for my startup security consultancy. Since that time, we have provided dozens of security services a year in Brazil for high-profile clientele. We also were heavily involved with security for the 2014 FIFA World Cup, and we'll be helping with security for the 2016 Olympic Games in Rio. With a full-time office in São Paulo since 2011, the SMI Brazil Security Division is now a recognized brand name there, as well as in the United States, among corporate security directors. It shows that you never know how your business will evolve.

---

Excerpted from Global Security Consulting by Luke Bencie. Copyright © 2014 Luke Bencie. Excerpted by permission of Mountain Lake Press.
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

---