Hypothetically, if my friend wanted to move from being a CISO at a large company to a consultant, what is the best way to go about it?

  • Patrick Maddox@infosec.exchange
    link
    fedilink
    arrow-up
    1
    ·
    10 months ago

    @jerry@infosec.exchange I don’t know if there is a glide path for it that doesn’t start with talking about this hypothetical with a wide range of people - generally a head hunter and then a bunch of CFO/CEO/COO’s who hire consultants that fit the persons demographic skill set. I spent some time trying to figure out if I was going to go the consultant path and ended up on the same track as before but I think I easily could have stood up my own practice.

    I’d tell your friend to just start talking with everyone in their network where it was reasonable to do so.

  • @ui3o@chaos.social
    link
    fedilink
    arrow-up
    1
    ·
    10 months ago

    @jerry@infosec.exchange learn how to do consulting, it’s just a different profession from what she did so far. I guess she had years of learning and experience for her current job in management. With the same amount of learning and experience she surely can excel in another field.

  • Iain McLaren@infosec.exchange
    link
    fedilink
    arrow-up
    1
    ·
    10 months ago

    @jerry@infosec.exchange consider joining one of the big consulting firms. I expect that they would like your expertise and contacts

  • Bill@infosec.exchange
    link
    fedilink
    arrow-up
    1
    ·
    10 months ago

    @jerry@infosec.exchange Seriously, buzz up @wendynather@infosec.exchange. She’s head of vCISOs at Cisco, and is honestly one of only a handful of human beings in the industry I would go work for. She knows a boatload about consulting as a CISO.

  • Florencio Cano@infosec.exchange
    link
    fedilink
    arrow-up
    1
    ·
    10 months ago

    @jerry@infosec.exchange I would suggest to your friend that they think twice before doing that. Consulting is like being a CISO but you have more stakeholders to report too.

  • @jerry@infosec.exchange So your ’friend’… I’d start off at a reputable consultancy firm and go from there.

    I’d done it for years and CISO, CTO etc. is highly sought after for vCTO, vCISO services, but also the wider skill set as it applies to projects and transition/transformation work.

    After that, it should be relatively easy to distance yourself from the firm, but many stayed on books as our consultants, for a slightly higher rate, while doing their own thing.

    I know one guy took two or three large contracts a year in locations he wanted to go on vacation to, he basically lived out of his suitcase and lived the ‘gap year’ life while acting as one of our international consultants.