Dirty IT security consultant trick No. 8: "One last thing"
I hate this trick most of all. The consultant brags and brags about a particular solution, even demos its awesomeness. It is awesome. You'll take 10 of them. Then after you've convinced management to allocate the money to buy it, the consultant tells you a tiny fact that crushes all the advantages.
I've been told after signing a contract that the data storage I was shown in the demo, which I thought was part of the product, is extra. After signing a contact, I've been told the solution has a few bugs. Those bugs, it turns out, invalidated the product. I've been told, after the fact, that the solution doesn't work as well on my wider enterprise, though the consultant was very familiar with my environment. I've had consultants leave out annual service costs, mandated upgrades, and all sorts of details that tipped what I thought was a good decision to become a bad decision.
And they tell you the new information with a smile.
Dirty IT security consultant trick No. 9: Ignoring your deadline
From the outset, you tell the consultant or vendor your drop-dead date for finishing a particular implementation or project. They work with you, gain your trust, and their solution seems perfect for your company. You place your order, and all of a sudden they don't have a product, installers, or trainers that can fit your schedule. It's hurry up and wait.
You wonder how they didn't hear you repeatedly at the beginning when you asked if they could make the date expectations you were directed to meet. Their changing date forces you to make another purchase decision, eat into another budget, or reschedule a major vacation. It's never fun.
Dirty IT security consultant trick No. 10: Promoting product -- and getting kickbacks
We expect consultants to be impartial and to recommend the best solutions for our companies. Lots of consultants make extra money from their "partners" to push particular solutions. We get that. But pushing a product without telling you about the possible conflict of interest goes beyond the pale.
I remember one consultant, many years ago, who advised me on what networking equipment to buy. He didn't tell me that he was getting a vendor kickback, and after we became "friends," or so I thought, he tricked me into buying more network equipment than I could ever have used. It was enough network ports for three times the number of Ethernet runs I needed.
To this day I have memories of all that equipment, hundreds of thousands of dollars' worth, sitting unused in a backroom storage area. It was my mistake. The consultant? He bought a brand-new boat that year.