Towards the end of 2023 we embarked on a journey of self-discovery here at Turnkey. With a milestone birthday around the corner, we wanted to more deeply understand what had made us successful over our 20 years in business. What did our clients appreciate most about Turnkey? What about our approach did they value most? Why do clients continue to engage Turnkey over much bigger, more well-known consultancies? Our goal was to put the findings at the heart of how we do business going forward.
To guide us in this exercise, we engaged an independent facilitator, Purpose Craft. Led by Simon Clarkson, the former Chief Marketing Officer for several leading brands, Purpose Craft specialize in helping organizations understand more about themselves and the essence of their existence, their purpose. Following some internal discovery work, we gave Simon a cross section of our clients to interview as well as a couple of prospective clients whose business we would love to win. Then we sat back and crossed our fingers that he would come back with lots of nice quotes from our clients!
As subject matter experts, we have always assumed that our clients valued our technical expertise. Going into this process we fully expected that to be a key differentiator highlighted by clients. But what we found took us by surprise.
While clients recognized and valued our technical expertise, it is simply table stakes, an expectation of any specialist. What clients truly valued was our ability to understand their business and connect security initiatives to their wider goals. Where other consultancies emphasize ‘the fear factor’ for driving projects forward, we bring a more constructive approach. At Turnkey, we focus on the positive value that security delivers to a business not all the bad things that would happen if it didn’t go ahead.
More than providing insight into our reputation, Purpose Craft’s findings revealed a fundamental tension in our industry: IT security is perceived an inhibitor to growth. Businesses know it’s important, but they see it as a necessary evil, implemented and enforced at the expense of business agility. Or, as one client put it, “Security seems like a bloody-minded defensive barrier rather than an integral enabler of the organization.”
This also links to a specific challenge faced by the role of the CISO. Board members must demonstrate the alignment of their function with their wider business strategy. But many CISOs come from a traditional IT security background where the focus is on risk not opportunity. This can often be an inhibitor to their influence at board level.
The output from Simon’s work gave me pause for reflection on how the company had evolved. When I founded Turnkey in 2004, one of my observations was that security was often seen by Systems Integrators as an afterthought. Security activities were pushed to the end of a project, often rushed through to get things working before go-live. It was a ‘necessary evil’ that they would ignore for as long as possible to avoid holding back the project.
Our vision at Turnkey was to approach things differently, engaging on security topics early and providing input throughout the project lifecycle. Experience showed us this enabled a much smoother experience for everyone involved. What’s more, we understood that a security-first approach didn’t necessarily mean more work. Rather, by partnering with business users at key stages, we were able to evolve the security requirements in lock step and provide sustainable solutions that demanded less maintenance and overhead long term. Purpose Craft’s conversations with our clients validated that, 20 years on, our business-centric approach to security was still front and center of our value proposition.
The exercise not only gave us clarity in our value proposition but also helped us see a broader opportunity before us: to lead a paradigm shift in how security is perceived. Aligning security to business objectives and demonstrating how security acts as a powerful catalyst for agility, innovation, and growth is not only what sets us apart, but also a fundamental change we can bring about in our industry.
The outcome was a new purpose statement for our business: At Turnkey, our purpose is to elevate risk, security, and controls as drivers of growth.
Throughout 2025, we’ll explore and unpack our purpose and what it means for Turnkey and our industry. We’ll examine the tension at the heart of our industry and how, as security and controls professionals, we can reimagine the role of security and controls to become key business partners. Stay tuned.
