Hacker News new | ask | show | jobs
by j45 3192 days ago
Might this be a reason why accounting firms shouldn't be offering Cybersecurity consulting?

https://www2.deloitte.com/global/en/pages/risk/solutions/cyb...

Background: I've noticed a trend where traditional accounting firms are advertise "cybersecurity" consulting expertise and services. It is concerning. Most often they are accountants who have moved into a Cybersecurity consulting role.

I had a client a few months ago ask me to sit along with them to deal with a cyber security consultant that was being pushed on them. He didn't know up from down.

Should someone get accounting advice from a non-accountant?
2 comments
xenity7 3192 days ago
There are different types of consulting services - you could assess many parts of someone's cyber security preparedness without knowing technical details about security, as weird as that sounds.

Does management make it a priority? Is there appropriate funding? Are the correct policies in place?

And so on.

Of course, if you ignore th and technical details you will have very serious issues.

That said, you shouldn't send a super technical security expert to interview executives about their culture around cyber - the expert will find it boring/beneath them, the execs won't like the expert... etc

link
j45 3192 days ago
Agreed.. still, assessing security preparedness, risk management is the basis of drumming up sales.

The blind spot of this type of consulting sales is security is ultimately relative to a foundation of technical implementation, not just policy or process alone.

Management who prioritize funding ensuring policies are in place doesn't guarantee the technical security that is put in place is sound.

It's as much a case of knowing more than your customers, but not enough.

Maybe it's a short coming of technologists to not be more prominently be providing this more than accounting firms looking to widen their existing spectrum in the audit/process field.

Still, the question remains, should technical security implementation be designed, overseen and implemented by accounting firms?

link
nunez 3192 days ago
Deloitte is a very, very large company. They offer lots of professional services aside from accounting services (their core competency).
link
j45 3192 days ago
I am aware they are into professional services.

Many accountant-consulting firms began and keep majority of their services are finance/accounting/tax based.

Deloitte in specific has added other "consulting" unit largely in the past 10-15 years, after 150 years of primarily accounting. This is pretty common with other accounting firms too, nothing personal against Deloitte (have known folks who have worked for them).

https://en.wikipedia.org/wiki/Deloitte

link