Business Potential of lone wolf InfoSec Consultant

SnooperSnooper Member Posts: 29 ■□□□□□□□□□
We all know that that there has been a spurt of demand cyber security technologies, processes and people. Obviously the need of cyber security must be on minds of most of Small and Medium Business owners. But I am wondering how feasible it is for an experienced Cyber Security consultant to be successful in having one's own business as compared to a job? Is there a good demand yet, at least in big metro cities or is the cyber security assessments and audits still dominated by big well known corps big big budgets?
Has anyone tried setting up a constancy business firsthand?

Comments

  • TheFORCETheFORCE Senior Member Member Posts: 2,298 ■■■■■■■■□□
    Snooper wrote: »
    We all know that that there has been a spurt of demand cyber security technologies, processes and people. Obviously the need of cyber security must be on minds of most of Small and Medium Business owners. But I am wondering how feasible it is for an experienced Cyber Security consultant to be successful in having one's own business as compared to a job? Is there a good demand yet, at least in big metro cities or is the cyber security assessments and audits still dominated by big well known corps big big budgets?
    Has anyone tried setting up a constancy business firsthand?

    I'd say small business owners worry of a Cyber doesnt even cross their mind. And those who do, small MSP's snatch them up before any lone consultant does.
  • TechGromitTechGromit GSEC, GCIH, GREM, Ontario, NY Member Posts: 2,051 ■■■■■■■■□□
    Yes, I believe it's possible, however you need to build yourself a reputation in the field to get any real work. Take SANS instructors for example, a good many of them have consulting businesses where they make considerable more money than teaching. One instructor told me he makes over 500k a year consulting and about a 1/5 of that teaching SANS courses. He works alone, and has plenty of business. I would take a wild guess and say a good portion of his business comes from former students. After all who you gonna call when you need a consultant, some random guy out of the phone book? Or someone who has an industry reputation? In short, if you became a SANS instructor or taught on the side somewhere else, in a few years business will come to you with little effort on your part.
    Still searching for the corner in a round room.
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■□□□
    The hardest part is getting the clients. At least for ppl like me, who are very technical but are often clueless in sales and negotiations. It's really hard.

    I recently researched a resource called upwork that is supposed to connect clients and ppl like us without much of a middleman such as MSP/MSSP with their salespeople, accounting and management expenses.

    I was really stunned by the misery the folks over there live and money they get. There was a guy, with a considerable amount of certs, including CISSP, who requests something like $150/hour. Does he get what he asks? Nope. I checked his successful contract history and, amazingly enough, he did some DMARC configuring work for someone for fckn $20. Twenty! He agreed to this work and performed it! For $20!

    It's easy enough to configure DMARC when you know what you are doing, but $20? If you do that you have to do things right from the first attempt in order not to break things and this requires careful planning and researching the client, their infrastructure, etc. For damn twenty!
  • DojiscalperDojiscalper Member Posts: 266 ■■■□□□□□□□
    Yeah lots of people on those sites will do work for $5/hr, makes me wonder if anyone ever picks someone who works for a reasonable US price when its remote work.

    I use the sites for local field service work and do make money. I'm just getting started finding my own clients and just as mentioned its hard to get clients and 70-90% of the work is sales and the rest is technical and is true in just about any business endeavor. Some of what I consult is security for small businesses. My focus is getting small businesses away from their bad practices, ie sticky notes full of passwords on monitors among other things. Myself I'm not at the level that I'd be consulting for a company larger than say 100 users, but there's plenty of 1 to 100 user companies that need a lot of IT services and the MSP's out there do get them, but they also lose them all the time, you just have to be part of the market share.
Sign In or Register to comment.