The other day I was reading a blog post by a company I respect, Monsoon, on how they have approached sharing of product strategy guidance for free and it got me thinking about our approach at Acumen.

Like Monsoon, we are in the services industry where our customers pay us for (and hopefully are happy with) our work product namely security certification services (consulting and evaluation). However apart from these we also provide guidance on certification strategy and latest developments in the certification world. Being a new company we tend to share more openly in order to exhibit our depth of experience within the certification world. This has led us to create some pretty useful whitepapers on Suite B and FIPS 140-Next both of which are freely available on our website.

However reading the Monsoon blog got me thinking. Would it make sense for Acumen to create such high quality content and provide it for free even once we have established ourselves as a premier company in the certification world? Or for example, how much information should we provide when someone we haven’t worked with previously comes to us asking questions about what FIPS 140 is or what’s required for Common Criteria?

The answer I keep coming back to is, YES we should more openly share such information. We should not be the gatekeepers to an arcane set of requirements. Believe me, we can provide that service but really anybody can download a couple documents and read them. Where our value lies is our many years of experience both applying certifications requirements to products for testing and working hand-in-hand with product developers to find the fastest, most efficient, and most cost effective path to product certification. In fact our job will be easier if our customers are knowledgeable about the requirements and updates and changes that have been happening. Knowing the rules of the standard is table stakes, however, it’s the effective application of these rules that can be the difference between scoping a set of platforms for testing on two FIPS 140 certificates and scoping those same set of platforms on 5 or 7 certificates.

So, whether we have previously worked with you or not, if you have a government certification related question (or really just feel like chatting), give us a call. We’d love to get on the phone with you or sit down for a cup of coffee and chat. I mean, why pay for the cow when you can get the milk for free?