Hypothetically, if my friend wanted to move from being a CISO at a large company to a consultant, what is the best way to go about it?

  • RDilling@infosec.exchange
    link
    fedilink
    arrow-up
    1
    ·
    10 months ago

    @jerry@infosec.exchange There are lots of good ideas in this thread. I have been a consulting/fractional CFO for over 20 years. My “been there done that” observations are:

    There are many ways to deliver consulting services, but usually they break down into one of two categories. Either as a fractional CxO or a consultant CxO. (Fractional basically means you have authority, but only work part time. I.e. have leadership responsibility and more control over your time). Consultant basically means you work on a project of some sort. (I.e. fix this problem)

    Then there are a couple of ways to get organized. Either as part of a firm (Accenture, etc) or set up your own firm. If you are part of a firm like Accenture they will run sales and you will get “assigned” projects. The firm typically also has a dedicated sales teams (helpful if you are not used to selling yourself)

    If you create your own firm, then you will need to network and find your own clients. Usually harder to get started, and can be intimidating. But if you are an extrovert and have a lot of contacts not that hard. (At least that is my theory, I am an introvert)

    I worked for several different consulting firms for a numbers years. And jumped to clients several times, then back again. It was helpful before I had a lot of experience and developed a network of people with whom I could network. But, the drawback is the firms take a cut of what the client is charged. And, you will get pressured to do projects you don’t like/want. So, you give up some control and $ to outsource sales/admin.

    I started my own firm several years ago and did the fractional thing. Much more rewarding as I get to pick my clients and I have more control of what I did every day. Even jumped to one client full time. (Shouldn’t have, but everyone makes mistakes. Live and learn!! Now I am re-starting.)

    My advice is, first figure out what you like/are comfortable doing vs what you do not like doing. Then, figure out the structure (other firm vs your own vs partner with others, etc) that works for you.

    Personally, I like developing people to become CFOs, CHROs, CISOs, CCO, etc. But I absolutely HATE having my day consumed with meetings. Days filled with meeting just suck the energy from me. So, I took the fractional path and created my own firm. I have no employees, but partner with others who have taken a similar path. Gives me the opportunity to screen clients, define the scope of the services I provide, define the requirements for working with me, and I get to work with people I trust. (FYI, telling CEOs you shouldn’t work with them is a surprisingly effective sales technique)