We have a couple consultants (I use consulants and contractors synonymously in this post) in this week to do some work for us on implementing a piece of technology that we have not had the time nor expertise (the expertise recently left us) to get it done ourselves.
Two issues I have with using consultants to get work done.
1) Consultants should be used when a team is lacking expertise, but I am dubious whether they are useful when a team is lacking in time. Consultants cannot just come in and know how to build systems the way you build them, or fit right into your environment or network or business processes. To me, it seems consultants are best when directing an existing staff member through something new; not when they are doing the work and the staff are too busy to help or absorb knowledge. This indicates a need for more staff, not consultants to triage and bandage. (To note, we are hiring, but getting absolutely nothing for resumes.)
2) Consultants are notorious for ignoring security. “Aw, just make it a domain/local admin and it’ll work fine,” is a common response. When left in a vacuum to make their own decisions, they too often ignore security ramifications. I’m not entirely surprised. Staffers under the gun for a deadline will likely also get things done and think about security later, but consultants seem to be under more pressure to get things done quickly and stop billing the customer!