One advantage of working for a consultancy is the constant exposure to a variety of organizations in a variety of industries. This has given the speaker an appreciation for the importance of not only understanding the challenges faced by clients in protecting their information assets, but also understanding those challenges in the context of the business in which they exist. It is never enough to simply tell a client, ""I hacked all your things, now go fix it."" Rather, the successful consultant must also help the client understand the ramifications of each finding and how to prioritize mitigation efforts given that neither time nor money are infinite.
To illustrate these points, the speaker will present several information security-related problems that have been successfully taken on by oil and gas clients. The speaker has learned that these problems are very similar to specific challenges faced by healthcare organizations, despite the fact that those industries are very unique to one another. The healthcare industry faces fiscal hurdles that energy companies generally do not, which makes it difficult for them to adapt as quickly. The speaker hopes that his analysis will help the audience learn from the experiences of other organizations in a way that will allow them to strategically align information security goals with current cyber threats more efficiently.