@jerry@infosec.exchange I don’t know if there is a glide path for it that doesn’t start with talking about this hypothetical with a wide range of people - generally a head hunter and then a bunch of CFO/CEO/COO’s who hire consultants that fit the persons demographic skill set. I spent some time trying to figure out if I was going to go the consultant path and ended up on the same track as before but I think I easily could have stood up my own practice.

I’d tell your friend to just start talking with everyone in their network where it was reasonable to do so.

@jerry@infosec.exchange

Create DumpsterFire Remediation Services, LLC.

@jerry@infosec.exchange sounds like a soul source contract with a well equipped specialist, er I mean sole source.

@jerry@infosec.exchange learn how to do consulting, it’s just a different profession from what she did so far. I guess she had years of learning and experience for her current job in management. With the same amount of learning and experience she surely can excel in another field.

@jerry@infosec.exchange have him buy an hour of rtg and i can dump my brain on him :D

@jerry@infosec.exchange consider joining one of the big consulting firms. I expect that they would like your expertise and contacts

@jerry@infosec.exchange Marry an accountant. Best first step.

@jerry@infosec.exchange set up and run one of the largest mastodon instances :ablobcatnod:

@jerry@infosec.exchange paging @accidentalciso@infosec.exchange

@jerry@infosec.exchange Seriously, buzz up @wendynather@infosec.exchange. She’s head of vCISOs at Cisco, and is honestly one of only a handful of human beings in the industry I would go work for. She knows a boatload about consulting as a CISO.

@jerry@infosec.exchange I would suggest to your friend that they think twice before doing that. Consulting is like being a CISO but you have more stakeholders to report too.

@jerry@infosec.exchange consulting as a vCISO? Or you mean moving back into some kind of SME type consulting?

@jerry@infosec.exchange Independant consultant or working for someone like Accenture?

Very different routes :)

@jerry@infosec.exchange step 1 is defo start listening to the Consulting Success Podcast

https://youtube.com/playlist?list=PLvN5N188CHCQmrSIxzKfhSuntXtGhE3wd&si=-ZiGYKCJBiDG75nq

@jerry@infosec.exchange So your ’friend’… I’d start off at a reputable consultancy firm and go from there.

I’d done it for years and CISO, CTO etc. is highly sought after for vCTO, vCISO services, but also the wider skill set as it applies to projects and transition/transformation work.

After that, it should be relatively easy to distance yourself from the firm, but many stayed on books as our consultants, for a slightly higher rate, while doing their own thing.

I know one guy took two or three large contracts a year in locations he wanted to go on vacation to, he basically lived out of his suitcase and lived the ‘gap year’ life while acting as one of our international consultants.