I’ve had the pleasure in my career to be on what I would call both sides of the fence of “consulting”. Security Consultant (sales) to Security Consultant (knowledge, experienced based, accredited).
First there is the Security Consultant (sales). They’re there to listen to your security concerns and advise you on some solutions and essentially sell you their product, well at least their company’s product.
The second is the Security Consultant (knowledge, experienced based, accredited) that will give you advise based on a holistic perspective and provide you with, where applicable, a much broader or specific availability of options, products, colleagues and solutions.
Both professions have their niche in the marketplace. You need to know who you’re talking with. Don’t be afraid to ask about their experience and their qualifications. It’s your peace of mind.
I’m not in any way saying there is something wrong or negative about security consultancy for sales, not at all. My advise is to know what you want as a consumer. Don’t be surprised at the variations with respect to investments, but consider the value of your project, the impact it will leave and the importance you need to place on it. Your project may not just be protecting tangible assets but the intangible assets of your employee’s skill, and knowledge and let’s not forget your skill.