One-Person Consulting Firms? How Are These Possible

The trend I've been noticing lately is the rise of 1-man or 1-woman consulting firms. Now at the monthly security group meetings one loses count of how many people are working as independent consultants. Yet, when they present their services to you it's a very long list like that below. So how is this possible for one person to do? Are they just reselling services from bigger firms, or is their really a workable system to providing all these services as a InfoSec Consultant
[The below services I've noticed most consultants provide]
[The below services I've noticed most consultants provide]
CYBERSECURITY ASSESSMENTS
Vulnerability Assessment Services
Penetration Testing Services
Social Engineering Assessments
Security Architecture Review & Design
FEDERAL SERVICES
Risk Management Framework (RMF) Support
Security Assessment and Authorization
FISMA Certification
FedRAMP Compliance
NIST 800-53 Assessment Services
Continuous Monitoring
Vulnerability Analysis and Penetration Testing
Security Policy and Procedures Documentation
Security Staff Augmentation
HEALTHCARE ASSESSMENTS
HIPAA / HITECH Readiness Assessment
PRIVACY ASSESSMENTS
Domestic and Cross-border
CLOUD SECURITY ASSESSMENTS
Cloud Security Services; FedRAMP Compliance
SOC EXAMINATIONS
THIRD PARTY RISK
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
Tagged:
Comments
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP
Many vendors you can become an affiliate, or as they often call it, "partner", where when you sell their products or services, you get a discount in the price and a commission, depending on the level of partnership, which often depends on the sales you've made; get more sales, get a better tier of partnership which results in a better discount and/or a higher commission. My best friend has started a side consultant as a collaboration/VoIP SME. Because he is certified at the top level as a Cisco Collaboration professional, he managed to get Cisco Premier partnership.