Can someone expand on the differences and similarities to the cyber security practices at PwC and Deloitte as well as expand on the strengths and weaknesses of each practice? I’m having a hard time finding information outside of official websites on this and am hoping someone with real world experience can chime in.
Hi! Yes we have some real world experience on this for you. There are more similarities in this instance than differences. Both firms focus extensively on pen-testing (as you would expect) and work with some of the biggest clients, primarily banks (in the East) and tech companies (in the West). The Deloitte practice is larger and blurs with Deloitte’s huge consulting practice, which is the biggest in the world. As a result there is often sharing of resources and assets, and in many cases the teams will go to market together with offering such as “well this is your risk profile, this is how we can address the risks for you.” PwC doesn’t have a consulting service line and so the cyber security service is more standalone (although they obviously do offer lots of auxiliary services). In terms of day to day though it’ll be very much the same.
Being a part of the Big 4 also means that you will be more of a business adviser than if you worked for a boutique firm. This means that you will advise on outcomes rather than just the issue at hand. For example a Big 4 cyber partner is more likely to present to the board along with the audit partner.
Hope that helps! I think you might get some more answers coming in soon as we’ve had some technical issues with the forum in the last week or two.