No love here for IT and InfoSec Consulting/Advisory?

JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
As of late I've been receiving interest in, and have started to take more of an interest in information security consulting/advisory roles. I realized that I don't recall seeing much if any discussion about it here, and I'm actually surprised by that.

For anyone not familiar, the Big Four accounting firms (PwC, KPMG, Ernst & Young, Deloitte) have IT/InfoSec consulting/advisory teams where they have Associates that basically travel weekly to their clients locations and work there, solving various issues, creating strategies, etc. The length of travel varies by firm and position/project with typical travel being either fly out and come back M/W, M/Th, or M/F. Other well known firms with these jobs are Accenture, Booz & Company, IBM Global Business Services, and Infosys. These jobs typically start out in the low to mid $100s, plus annual bonus in the tens of thousands, and you move from Associate to Senior Associate, Manager, Senior Manager, Director and Partner positions.

The combination of my degree in business from a well known school, along with my experience at one of the nations largest financial firm, and the CISSP certification, have garnered me some attention recently from some of Big Four accounting firms. I had an executive recruiter contact me for some cybersecurity consulting positions with Deloitte paying over $150k, but would require 100% travel (M-F) and I just can't do that right now with not only having three small children, but living where we have zero help. So I politely declined as the timing isn't right.

Yesterday I got contacted by a KPMG recruiter who is very interested in me for some IAM, and strategy & governance consulting positions they have opening up. I have a phone interview with him today. I would definitely be interested if any of the positions have a M-W travel requirement, MAYBE a M-Th as I would only go three days without seeing my family. From what I was told I can work from anywhere with an airport, so at least I would be able to work from home when not traveling. Also yesterday I found out a girl who works next to me got a job as a PwC HR generalist and will be doing recruiting, so we also connected on LinkedIn and she will be reaching out to me once she gets established. These types of jobs really fit my interests. I love to solve problems and I love variety in my work, and traveling around to different places. I'd ideally not like to be away from family more than three nights so finding the right opportunities can be a challenge.

So is there anyone else here who has had or currently has an interest in the consulting/advisory world?
Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up:​ OSCP
Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework

Comments

  • zxbanezxbane Member Posts: 740 ■■■■□□□□□□
    JoJo,

    That is a very interesting situation and an employment situation that would be appealing to many. I found myself in a similar situation with a government agency but the idea of traveling that often, being away from family, not being able to settle into a routine and living out of a hotel/suitcase is just something that doesn't appeal to me. I know that the pay would be great but I am a very regimented person, I love fitness, workout daily, have a infant child etc So the travel and constant being on the go isn't something I want.

    However, if you can handle that lifestyle I am sure you would get a ton of great experience, obviously earn a significant salary and live extremely comfortably. Plus I'm sure in time the travel would slow once you reached a higher level and more stability would set in. I say if you can handle that type of living then go for it!
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    zxbane wrote: »
    JoJo,

    That is a very interesting situation and an employment situation that would be appealing to many. I found myself in a similar situation with a government agency but the idea of traveling that often, being away from family, not being able to settle into a routine and living out of a hotel/suitcase is just something that doesn't appeal to me. I know that the pay would be great but I am a very regimented person, I love fitness, workout daily, have a infant child etc So the travel and constant being on the go isn't something I want.

    However, if you can handle that lifestyle I am sure you would get a ton of great experience, obviously earn a significant salary and live extremely comfortably. Plus I'm sure in time the travel would slow once you reached a higher level and more stability would set in. I say if you can handle that type of living then go for it!

    Yea I assumed it would be very appealing to some of the folks here but I don't think I've ever seen it mentioned.

    As for family and traveling, I don't like being away from my family, however I would be willing to be away for 2, maybe 3 nights as long as I am off weekends and ideally can work from home the other days I'm not traveling. That does narrow down the particular opportunities but there are definitely some that meet that requirement. It's a trade off that I'd have to make to provide an amazing quality of life for my family. I'd ideally like to have my kids attend college and be debt free (very much unlike myself).
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • zxbanezxbane Member Posts: 740 ■■■■□□□□□□
    Very noble motives for sure, the tradeoff will certainly help improve the quality of life for your family and the opportunities you are able to provide them! I really am thankful I was able to utilize the GI bill after seeing how stressful student loans can be for many people.
  • Tom ServoTom Servo Member Posts: 104 ■■□□□□□□□□
    I did information security consulting for one of the Big 4 for about a year. I was traveling Monday through Thursday typically, and the pay was certainly not in the low to mid 100's (I was mid/upper 70s). If you get in as a Manager or Director you will make low to mid 100s. The billable requirements are a pain, projects are typically poorly budgeted, mandatory training/pto/proposals all cut into your utilization. Typically you point out problems, but don't get to actually assist in the remediation (at least that was my experience). Feel free to shoot me PM if you have specific questions or want additional info.
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    I actually looked into this, but I didn't like the lifestyle. I could be wrong as I haven't investigated enough yet. Nice thread
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Tom Servo wrote: »
    I did information security consulting for one of the Big 4 for about a year. I was traveling Monday through Thursday typically, and the pay was certainly not in the low to mid 100's (I was mid/upper 70s). If you get in as a Manager or Director you will make low to mid 100s. The billable requirements are a pain, projects are typically poorly budgeted, mandatory training/pto/proposals all cut into your utilization. Typically you point out problems, but don't get to actually assist in the remediation (at least that was my experience). Feel free to shoot me PM if you have specific questions or want additional info.

    Thanks for the insight! I'll be sure to PM you to pick your brain.

    I had had my phone interview and it went fairly well. I did have to tell the guy that my current salary has no bearing on what I would want for the job as he tried telling me they could do a 10-15% increase from where I'm at. I told him I'd want market rate for a Sr Associate (what I'd come in at), so right around six figures. He said he'd try when it got to that point. Unfortunately he emailed me about two hours later and said my employer has a no poach contract with them so he had to drop contact but that I could apply directly and they'd have to call and get permission to speak with me. I declined as I'm not actively looking.

    Next Spring I'll be getting in touch with my soon to be PwC contact.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    Thanks for posting a thread about this. I've been trying to look for security consulting firms in my city for a while. My cousin used to work for PWC and told me to check them out but I don't qualify for any of the positions that they have.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • chanakyajupudichanakyajupudi Member Posts: 712
    I just got an interview for a role that starts in Feb - 2015 . A graduate role though. Interesting work though. In New Zealand.
    Work In Progress - RHCA [ ] Certified Cloud Security Professional [ ] GMON/GWAPT if Work Study is accepted [ ]
    http://adarsh.amazonwebservices.ninja


  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    @JoJoCal19 - very timely thread. I was just about to start a thread about this exact topic. Over the past 6 months, I have become very interested in advisory services at several of the big 4 and a few specialized consultancies. I have a few professioanal collegues that work at these firms and the type of work is very appealing to me. I have been randomly applying to several jobs one of the big 4 where I got a reference but so far no response.
  • pinkydapimppinkydapimp Member Posts: 732 ■■■■■□□□□□
    So for these type roles, how much training do they provide? Do you typically stick to a specific area of security? Do you work in a team? I get interest from these type of roles as well though i am on the sales engineering side currently which is similar in a lot of ways. Ive always been curious about them as well.
  • NovaHaxNovaHax Member Posts: 502 ■■■■□□□□□□
    I am a senior security consultant for a very successful InfoSec consulting firm. Been doing it for about a year.

    Addressing a few points/questions that have been discussed here...

    Pros:
    1. You get an unparalleled amount of experience in the industry. I hit a new client with a completely new environment every 2-3 weeks. My knowledge of the industry as a whole, has grown significantly faster in consulting than it ever did in the support world.
    2. Networking - Since you are constantly moving from one client to the next, the networking potential is great.
    3. Work from home a large amount of the time (this may vary from company to company, but a lot of infosec consulting firms follow this model).
    4. Pay is definitely comfortable
    5. Training & Cons - Consulting companies want you to be the best. Obviously, clients hire you because you know things or can do things that their people don't or can't. So there is almost always a very healthy budget for training, certifications and conventions.

    Cons:
    1. Unpredictable Workload - The work for this type of job seriously varies. Sometimes you will have no clients and just be working on personal projects. Other times, you will have so much work that you don't know where to start. It can definitely be exhausting at times and you really have to love the work to not get burned out.

    Neutral:
    1. Travel - This can be a positive or a negative depending on who you are. If you are interested in traveling...you can do it this way without having to pay for it. Plus...you'll rack up frequently flyer miles and hotel points that allow you to pretty much travel for free on personal time too. Of course, for people with families, this can be less than desirable. This also depends on the type of work you do and where you are located. I personally don't travel a ton, because I live in an area that draws a lot of local clients (Washington DC) and we also do a fair amount of external work (external penetration tests and vulnerability assessments that can be performed easily from home with a solid internet connection).
  • pinkydapimppinkydapimp Member Posts: 732 ■■■■■□□□□□
    NovaHax wrote: »
    I am a senior security consultant for a very successful InfoSec consulting firm. Been doing it for about a year.

    Addressing a few points/questions that have been discussed here...

    Pros:
    1. You get an unparalleled amount of experience in the industry. I hit a new client with a completely new environment every 2-3 weeks. My knowledge of the industry as a whole, has grown significantly faster in consulting than it ever did in the support world.
    2. Networking - Since you are constantly moving from one client to the next, the networking potential is great.
    3. Work from home a large amount of the time (this may vary from company to company, but a lot of infosec consulting firms follow this model).
    4. Pay is definitely comfortable
    5. Training & Cons - Consulting companies want you to be the best. Obviously, clients hire you because you know things or can do things that their people don't or can't. So there is almost always a very healthy budget for training, certifications and conventions.

    Cons:
    1. Unpredictable Workload - The work for this type of job seriously varies. Sometimes you will have no clients and just be working on personal projects. Other times, you will have so much work that you don't know where to start. It can definitely be exhausting at times and you really have to love the work to not get burned out.

    Neutral:
    1. Travel - This can be a positive or a negative depending on who you are. If you are interested in traveling...you can do it this way without having to pay for it. Plus...you'll rack up frequently flyer miles and hotel points that allow you to pretty much travel for free on personal time too. Of course, for people with families, this can be less than desirable. This also depends on the type of work you do and where you are located. I personally don't travel a ton, because I live in an area that draws a lot of local clients (Washington DC) and we also do a fair amount of external work (external penetration tests and vulnerability assessments that can be performed easily from home with a solid internet connection).
    what were you doing prior to this role?
  • NovaHaxNovaHax Member Posts: 502 ■■■■□□□□□□
  • WigglytuffWigglytuff Registered Users Posts: 4 ■□□□□□□□□□
    I am currently looking into working for a Big4 in the cybersecurity field and would much appreciate advice from folks currently working in that arena.
Sign In or Register to comment.