Business Strategy Skill

Purpose

Guides strategic business development, market positioning, and revenue optimization for cybersecurity consulting services, with emphasis on consultative selling, transparency, and practical security expertise.

Rules

Market Positioning (MUST)

MUST:

• Position Hack23 as transparent security experts (not FUD-based vendors)

• Emphasize 30+ years of hands-on experience

• Highlight public ISMS as unique competitive advantage

• Showcase open-source contributions as proof of expertise

• Focus on developer-friendly DevSecOps approach

MUST NOT:

• Use fear, uncertainty, doubt (FUD) tactics

• Make unsubstantiated security claims

• Oversell or over-promise capabilities

• Compete on price alone without value differentiation

Consultative Selling Approach

MUST:

1. Discovery Phase

   • Understand client's business objectives
   • Identify security pain points and gaps
   • Map security needs to business outcomes
   • Assess current security maturity

2. Solution Design

   • Align security controls with business goals
   • Reference ISMS policies for credibility
   • Provide practical, implementable recommendations
   • Estimate realistic timelines and costs

3. Value Communication

   • Quantify risk reduction in business terms
   • Show ROI of security investments
   • Reference similar client successes (case studies)
   • Demonstrate expertise through technical depth

4. Partnership Approach

   • Position as security partner, not vendor
   • Offer ongoing support and guidance
   • Share knowledge through documentation
   • Build long-term relationships

Target Markets & Personas

Primary Markets:

• Swedish organizations (GDPR, NIS2, ISO 27001 focus)

• Mid-market companies (50-500 employees)

• Tech startups needing security foundations

• Regulated industries (finance, healthcare, government)

Key Decision Makers:

• CTO/CIO: Technical depth, architecture alignment

• CISO: Compliance frameworks, risk management

• CEO/CFO: Business outcomes, ROI, efficiency

• Engineering Leaders: DevSecOps integration, tooling

Service Portfolio

Core Services:

1. ISMS Implementation

   • ISO 27001:2022 compliance
   • Gap analysis and remediation
   • Policy development and documentation
   • Internal audit preparation

2. Security Architecture Review

   • Threat modeling and risk assessment
   • Defense-in-depth design
   • Cloud security (AWS focus)
   • Application security review

3. DevSecOps Integration

   • CI/CD security automation
   • Infrastructure as Code security
   • Container security
   • Security testing integration

4. Compliance Support

   • GDPR compliance assessment
   • NIS2 readiness evaluation
   • CIS Controls implementation
   • NIST CSF alignment

5. Security Training

   • Secure development practices
   • Security awareness programs
   • Hands-on technical workshops
   • Executive security briefings

Partnership Strategy

Technology Partners:

• AWS: Cloud infrastructure expertise

• GitHub: DevSecOps platform integration

• Security Tool Vendors: SAST, DAST, SCA tools

Channel Partners:

• Management consulting firms (security add-on services)

• IT service providers (security capabilities)

• System integrators (security architecture)

Referral Network:

• Legal firms (GDPR compliance clients)

• Accounting firms (audit preparation clients)

• Business consultants (growth-stage startups)

Sales Enablement Materials

MUST MAINTAIN:

1. Case Studies

   • Client industry and size
   • Initial challenge/pain point
   • Solution implemented
   • Measurable outcomes
   • Client testimonial

2. Service Descriptions

   • Clear scope and deliverables
   • Typical engagement duration
   • Prerequisites and dependencies
   • Pricing guidance (ranges)

3. Technical Assets

   • Architecture diagrams
   • Security assessment templates
   • Sample ISMS policies
   • Threat model examples

4. Competitive Positioning

   • Differentiation matrix
   • Unique value propositions
   • Competitor comparison (fair, factual)

5. ROI Calculators

   • Risk reduction quantification
   • Compliance cost avoidance
   • Efficiency gains
   • Incident prevention savings

Revenue Model

Service Pricing:

• Hourly Consulting: Premium rate for expertise

• Fixed-Price Projects: Defined scope and deliverables

• Retainer Agreements: Ongoing support and advisory

• Training Programs: Per-participant or per-session

Value-Based Pricing:

• Align pricing with business value delivered

• Consider client budget and industry norms

• Offer tiered service packages

• Provide flexible engagement models

Metrics & KPIs

MUST TRACK:

Pipeline Metrics:

• Lead generation sources
• Conversion rates by stage
• Average deal size
• Sales cycle length
• Win/loss analysis

Revenue Metrics:

• Monthly Recurring Revenue (MRR)
• Annual Contract Value (ACV)
• Revenue growth rate
• Customer acquisition cost (CAC)
• Customer lifetime value (CLV)

Client Success Metrics:

• Client retention rate
• Net Promoter Score (NPS)
• Upsell/cross-sell rates
• Reference/referral rates
• Project completion rate

Compliance-Driven Selling

Key Compliance Drivers:

1. ISO 27001

   • Required for enterprise buyers
   • Public sector procurement
   • Partner requirements

2. GDPR

   • EU market entry requirement
   • Data privacy compliance
   • Breach notification obligations

3. NIS2

   • Critical infrastructure sectors
   • Supply chain security
   • Incident reporting requirements

4. Industry-Specific

   • PCI DSS (payment processing)
   • HIPAA (healthcare)
   • SOC 2 (SaaS providers)

Thought Leadership

MUST:

• Publish technical blog posts on security topics

• Share ISMS policies and documentation openly

• Contribute to open-source security projects

• Speak at security conferences and meetups

• Participate in industry working groups

Content Topics:

• DevSecOps best practices

• Compliance automation

• Practical threat modeling

• Security architecture patterns

• ISMS implementation lessons learned

Examples

Elevator Pitch Template

Hack23 helps [TARGET COMPANIES] achieve [BUSINESS OUTCOME] by [SECURITY SOLUTION] using our transparent, practical approach to cybersecurity, backed by 30+ years of experience and a public ISMS that proves our commitment to security excellence.

Example: "Hack23 helps Swedish tech companies achieve compliance and build security trust by implementing practical ISO 27001 ISMS frameworks using our transparent, open-source approach, backed by 30+ years of hands-on security experience."

Value Proposition by Persona

For CTOs: "Integrate security seamlessly into your development pipeline with DevSecOps patterns that don't slow down innovation."

For CISOs: "Achieve compliance faster with proven ISMS frameworks, threat models, and security architectures you can reference and customize."

For CEOs: "Reduce business risk and build customer trust with transparent security practices that differentiate you in the market."

Case Study Template

[Client Industry] Security Transformation

Client: [Size, Industry, Location] Challenge: [Specific pain point or requirement] Solution: [Services delivered] Outcomes:

• [Measurable result 1]
• [Measurable result 2]
• [Business impact]

"[Client quote about experience and value]"

Related Policies

• Hack23 ISMS-PUBLIC - Security framework

• ISO 27001 SKILL - Compliance framework

• Security Architecture SKILL - Technical depth

Related Documentation

• business-development-specialist Agent

• marketing-specialist Agent

Tools

• CRM: Track leads, opportunities, and client interactions

• LinkedIn Sales Navigator: Prospect identification

• PandaDoc/DocuSign: Proposal and contract management

• HubSpot/Salesforce: Marketing automation and pipeline management