In my previous career, I used to joke that a Consultant is a person who writes great big reports that nobody reads. Now that I am a consultant …. its not so funny! The question is, however, is if it is true?
More is usually better. An extra ice cream scoop or a third encore from an awesome band is readily enjoyed. But what about a consultant’s report. Does an executive want to have to read and digest 100 pages of material in order to take action on my recommendations? I am guessing NOT. And if they do read all 100 pages of material is it because they are is passionate about the material or is it because they are not blindly ready to go ahead with the recommendations. In most cases it is the latter.
So building that perfect report is a science of giving recommendations that are uniquely suited to the problem at hand in the most concise manner possible. There has to be enough content to support the recommendations and there has to be enough content to satisfy the client that I know what I am talking about; meaning the recommendations are based on solid principles and analysis.
The test for the report is asking myself after every paragraph, why my client should be reading this. If it is so they gain knowledge to understand the recommendations then it stays. If it is just to make them a bit smarter about security in general, or for me to feel better about how much I charged them, it will probably go deep into an appendix somewhere.
rbl