Creating an infosec career from responsibilties

I have a job that is like being responsible for camera systems in a hotel chain with 500 locations. No degrees, certs, or infosec skills. Yet, I can create a partial infosec job based on new responsibilities. Feels like I have an option to start at the top, work my way down. If company goes under, it would be nice to be able to become an infosec consultant based on my responsibilities and skills developed at that job. I think I could carve out a personal brand in a niche industry. I have a lot of low-level skills from years in software development. The end goal would be to be a freelance/independent infosec consultant who worked in the niche industry for different companies. Has anyone created an infosec career this way?

Find more posts tagged with

Comments

McxRisley

I think we need some more details to decide whether or not this is a viable option. Just going off of what you have said here, I don't think anyone is going to recommend becoming an infosec consultant based off of just being responsible for camera systems. There's a hell of a lot more that goes into being an actual infosec consultant who is worth the money than just having been responsible for camera systems...

bhoops

McxRisley wrote: »

I think we need some more details to decide whether or not this is a viable option. Just going off of what you have said here, I don't think anyone is going to recommend becoming an infosec consultant based off of just being responsible for camera systems. There's a hell of a lot more that goes into being an actual infosec consultant who is worth the money than just having been responsible for camera systems...

It's not camera systems, and I am asking more about the process than my personal situation. Let's say I am talking about banks. I start off at a small bank taking care of the teller's machines. Later another bank hires me, and they have 500 branches. They want me to take care of the teller machines. I start making sure the teller machines wont get hacked. I develop skills making sure teller machines don't get hacked. My bank goes under. I start shopping myself to other banks saying, "I developed some security skills at this bank, let me do this to help you...", or whatever the pitch and service are. What I did not do, is get a job as a low-level infosec guy at a big bank, then work my way up as an infosec guy. I was a technical person that moved in to infosec at a higher level, then developed the skills to match the responsibilities. I am asking if other people have feedback on taking this route.

McxRisley

Ah I overlooked the "like being responsible" part. You could possibly make a career for yourself this way BUT I think you will find it a very difficult path just because of the already enormous amount of already well known consultant companies out there that have made a name for themselves. You would need more than a previous job to add to your credibility as consultant to make it as a consultant. I too have thought of starting my own consulting company but my problem is different than yours, I don't live in a metropolitan area and the businesses and corporations here either A) Don't realize the need for infosec nor do they care about it or

They cant afford it. Now granted this is just something I had thought of doing in my spare time and not as my job because I already have a job in infosec. There are a lot of hurdles to overcome also just to even get started as a consultant.

bhoops

McxRisley wrote: »

Ah I overlooked the "like being responsible" part. You could possibly make a career for yourself this way BUT I think you will find it a very difficult path just because of the already enormous amount of already well known consultant companies out there that have made a name for themselves. You would need more than a previous job to add to your credibility as consultant to make it as a consultant. I too have thought of starting my own consulting company but my problem is different than yours, I don't live in a metropolitan area and the businesses and corporations here either A) Don't realize the need for infosec nor do they care about it or They cant afford it. Now granted this is just something I had thought of doing in my spare time and not as my job because I already have a job in infosec. There are a lot of hurdles to overcome also just to even get started as a consultant.

You may want to divide what you can offer in to "on-site" and "remote" services. After an initial face-to-face meeting, some companies might be willing to allow "remote" work to be done. My view of infosec, versus something like NodeJS development, is that every single company in the world needs it. if they don't know they need it, maybe that is the first hurdle to overcome. Big companies charge big bucks because they are big companies, if you are small, you can charge small. I've heard getting companies to trust you is the hardest part, in a niche industry, they would likely have heard of you, even if you can't name your other clients. I worked for a very small "elite" company that successfully competed with very large companies, mostly through reputation and nimbleness. My view of large companies is, the more they charge, the more I could charge. There is also the possibly of sometimes working for a large company as a consultant, especially if you own a niche. Competing with a large infosec company as a "general infosec guy" would probably be a mistake, as just having a lower price would not be a great business plan.

McxRisley

bhoops wrote: »

You may want to divide what you can offer in to "on-site" and "remote" services. After an initial face-to-face meeting, some companies might be willing to allow "remote" work to be done. My view of infosec, versus something like NodeJS development, is that every single company in the world needs it. if they don't know they need it, maybe that is the first hurdle to overcome. Big companies charge big bucks because they are big companies, if you are small, you can charge small. I've heard getting companies to trust you is the hardest part, in a niche industry, they would likely have heard of you, even if you can't name your other clients. I worked for a very small "elite" company that successfully competed with very large companies, mostly through reputation and nimbleness. My view of large companies is, the more they charge, the more I could charge. There is also the possibly of sometimes working for a large company as a consultant, especially if you own a niche. Competing with a large infosec company as a "general infosec guy" would probably be a mistake, as just having a lower price would not be a great business plan.

Yes, all good info that I am well aware of and only adds to the reasons why I haven't attempted it yet. Also, I wouldn't make anywhere near what I make now as a consultant (lower six figures), at least not in this area and I have no desire to move away ever again lol. Like I said it was only a thought but with my background and previous clients from the area I asked a few of them about their thoughts on hiring a consultant and what I stated above basically sums up their thoughts.

tedjames

A colleague went to work in IT at a company. Along the way, he realized that he had an interest in security. He also noticed that his company had no security department. This was in 2005, mind you. He spoke with his boss about it and was allowed to start putting in a few hours per week into developing a security program. Eventually, he was made head of security and now has a team. Think about something like this for your current company. Sounds like you're already dealing with physical security. Create a business plan around developing that into a full-on security program, with your boss' approval, of course. I can't speak for self-employment, but this could lead to bigger things.

Quick Links

All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of