Security Architect. Technical Auditor. Speaker. Author: Humanising Security I specialise in organisational and operational security. I help people do better. “The rising tide raises all ships” ~ Ancient proverb Donor: Infosec.exchange :donor: #Infosec #CISSP #TOGAF #SABSA #COBIT #CITP #MBCS #Iaas #Cybersecurity #SIGINT #OSINT #SecOps #OpSec #Blueteam #Philosophy #ADHD #Privacy #DRM #MediaPreservation #History #Geopolitics GNU Terry Pratchett
@jerry@infosec.exchange So your ’friend’… I’d start off at a reputable consultancy firm and go from there.
I’d done it for years and CISO, CTO etc. is highly sought after for vCTO, vCISO services, but also the wider skill set as it applies to projects and transition/transformation work.
After that, it should be relatively easy to distance yourself from the firm, but many stayed on books as our consultants, for a slightly higher rate, while doing their own thing.
I know one guy took two or three large contracts a year in locations he wanted to go on vacation to, he basically lived out of his suitcase and lived the ‘gap year’ life while acting as one of our international consultants.