+ Reply to Thread
Results 1 to 7 of 7
  1. Member
    Join Date
    Jul 2013
    Posts
    41
    #1

    Default Creating an infosec career from responsibilties

    I have a job that is like being responsible for camera systems in a hotel chain with 500 locations. No degrees, certs, or infosec skills. Yet, I can create a partial infosec job based on new responsibilities. Feels like I have an option to start at the top, work my way down. If company goes under, it would be nice to be able to become an infosec consultant based on my responsibilities and skills developed at that job. I think I could carve out a personal brand in a niche industry. I have a lot of low-level skills from years in software development. The end goal would be to be a freelance/independent infosec consultant who worked in the niche industry for different companies. Has anyone created an infosec career this way?
    Reply With Quote Quote  

  2. SS
  3. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    407

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CPT+, CASP, CSAE, CNSP, CNVP, C|EH, OSCP, Splunk Certified Admin
    #2
    I think we need some more details to decide whether or not this is a viable option. Just going off of what you have said here, I don't think anyone is going to recommend becoming an infosec consultant based off of just being responsible for camera systems. There's a hell of a lot more that goes into being an actual infosec consultant who is worth the money than just having been responsible for camera systems...
    Reply With Quote Quote  

  4. Member
    Join Date
    Jul 2013
    Posts
    41
    #3
    Quote Originally Posted by McxRisley View Post
    I think we need some more details to decide whether or not this is a viable option. Just going off of what you have said here, I don't think anyone is going to recommend becoming an infosec consultant based off of just being responsible for camera systems. There's a hell of a lot more that goes into being an actual infosec consultant who is worth the money than just having been responsible for camera systems...
    It's not camera systems, and I am asking more about the process than my personal situation. Let's say I am talking about banks. I start off at a small bank taking care of the teller's machines. Later another bank hires me, and they have 500 branches. They want me to take care of the teller machines. I start making sure the teller machines wont get hacked. I develop skills making sure teller machines don't get hacked. My bank goes under. I start shopping myself to other banks saying, "I developed some security skills at this bank, let me do this to help you...", or whatever the pitch and service are. What I did not do, is get a job as a low-level infosec guy at a big bank, then work my way up as an infosec guy. I was a technical person that moved in to infosec at a higher level, then developed the skills to match the responsibilities. I am asking if other people have feedback on taking this route.
    Reply With Quote Quote  

  5. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    407

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CPT+, CASP, CSAE, CNSP, CNVP, C|EH, OSCP, Splunk Certified Admin
    #4
    Ah I overlooked the "like being responsible" part. You could possibly make a career for yourself this way BUT I think you will find it a very difficult path just because of the already enormous amount of already well known consultant companies out there that have made a name for themselves. You would need more than a previous job to add to your credibility as consultant to make it as a consultant. I too have thought of starting my own consulting company but my problem is different than yours, I don't live in a metropolitan area and the businesses and corporations here either A) Don't realize the need for infosec nor do they care about it or B) They cant afford it. Now granted this is just something I had thought of doing in my spare time and not as my job because I already have a job in infosec. There are a lot of hurdles to overcome also just to even get started as a consultant.
    Reply With Quote Quote  

  6. Member
    Join Date
    Jul 2013
    Posts
    41
    #5
    Quote Originally Posted by McxRisley View Post
    Ah I overlooked the "like being responsible" part. You could possibly make a career for yourself this way BUT I think you will find it a very difficult path just because of the already enormous amount of already well known consultant companies out there that have made a name for themselves. You would need more than a previous job to add to your credibility as consultant to make it as a consultant. I too have thought of starting my own consulting company but my problem is different than yours, I don't live in a metropolitan area and the businesses and corporations here either A) Don't realize the need for infosec nor do they care about it or B) They cant afford it. Now granted this is just something I had thought of doing in my spare time and not as my job because I already have a job in infosec. There are a lot of hurdles to overcome also just to even get started as a consultant.
    You may want to divide what you can offer in to "on-site" and "remote" services. After an initial face-to-face meeting, some companies might be willing to allow "remote" work to be done. My view of infosec, versus something like NodeJS development, is that every single company in the world needs it. if they don't know they need it, maybe that is the first hurdle to overcome. Big companies charge big bucks because they are big companies, if you are small, you can charge small. I've heard getting companies to trust you is the hardest part, in a niche industry, they would likely have heard of you, even if you can't name your other clients. I worked for a very small "elite" company that successfully competed with very large companies, mostly through reputation and nimbleness. My view of large companies is, the more they charge, the more I could charge. There is also the possibly of sometimes working for a large company as a consultant, especially if you own a niche. Competing with a large infosec company as a "general infosec guy" would probably be a mistake, as just having a lower price would not be a great business plan.
    Reply With Quote Quote  

  7. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    407

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CPT+, CASP, CSAE, CNSP, CNVP, C|EH, OSCP, Splunk Certified Admin
    #6
    Quote Originally Posted by bhoops View Post
    You may want to divide what you can offer in to "on-site" and "remote" services. After an initial face-to-face meeting, some companies might be willing to allow "remote" work to be done. My view of infosec, versus something like NodeJS development, is that every single company in the world needs it. if they don't know they need it, maybe that is the first hurdle to overcome. Big companies charge big bucks because they are big companies, if you are small, you can charge small. I've heard getting companies to trust you is the hardest part, in a niche industry, they would likely have heard of you, even if you can't name your other clients. I worked for a very small "elite" company that successfully competed with very large companies, mostly through reputation and nimbleness. My view of large companies is, the more they charge, the more I could charge. There is also the possibly of sometimes working for a large company as a consultant, especially if you own a niche. Competing with a large infosec company as a "general infosec guy" would probably be a mistake, as just having a lower price would not be a great business plan.
    Yes, all good info that I am well aware of and only adds to the reasons why I haven't attempted it yet. Also, I wouldn't make anywhere near what I make now as a consultant (lower six figures), at least not in this area and I have no desire to move away ever again lol. Like I said it was only a thought but with my background and previous clients from the area I asked a few of them about their thoughts on hiring a consultant and what I stated above basically sums up their thoughts.
    Reply With Quote Quote  

  8. Scruffy-looking nerfherdr tedjames's Avatar
    Join Date
    Jan 2014
    Location
    Surf City, TX
    Posts
    829

    Certifications
    SSCP, Security+, eJPT +4
    #7
    A colleague went to work in IT at a company. Along the way, he realized that he had an interest in security. He also noticed that his company had no security department. This was in 2005, mind you. He spoke with his boss about it and was allowed to start putting in a few hours per week into developing a security program. Eventually, he was made head of security and now has a team. Think about something like this for your current company. Sounds like you're already dealing with physical security. Create a business plan around developing that into a full-on security program, with your boss' approval, of course. I can't speak for self-employment, but this could lead to bigger things.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks