Hypothetically, if my friend wanted to move from being a CISO at a large company to a consultant, what is the best way to go about it?
@jerry@infosec.exchange Just have coffee at favorite consulting firms and start talking. Big or small, international or local. Focussed on non-profit or otherwise. Consider what skills you’d look for in a consultant and be honest with yourself. Find a firm that handles acquisitions if it’s not in your skillset or find a firm where you can learn this. Don’t be afraid to jump in.
@jerry@infosec.exchange sounds like a soul source contract with a well equipped specialist, er I mean sole source.
@jerry@infosec.exchange set up and run one of the largest mastodon instances :ablobcatnod:
@jerry@infosec.exchange Marry an accountant. Best first step.
@jerry@infosec.exchange paging @accidentalciso@infosec.exchange
@jerry@infosec.exchange have him buy an hour of rtg and i can dump my brain on him :D
@jerry@infosec.exchange I don’t know if there is a glide path for it that doesn’t start with talking about this hypothetical with a wide range of people - generally a head hunter and then a bunch of CFO/CEO/COO’s who hire consultants that fit the persons demographic skill set. I spent some time trying to figure out if I was going to go the consultant path and ended up on the same track as before but I think I easily could have stood up my own practice.
I’d tell your friend to just start talking with everyone in their network where it was reasonable to do so.
@jerry@infosec.exchange consider joining one of the big consulting firms. I expect that they would like your expertise and contacts
@jerry@infosec.exchange Seriously, buzz up @wendynather@infosec.exchange. She’s head of vCISOs at Cisco, and is honestly one of only a handful of human beings in the industry I would go work for. She knows a boatload about consulting as a CISO.
@jerry@infosec.exchange I would suggest to your friend that they think twice before doing that. Consulting is like being a CISO but you have more stakeholders to report too.
@jerry@infosec.exchange consulting as a vCISO? Or you mean moving back into some kind of SME type consulting?
@jerry@infosec.exchange
Create DumpsterFire Remediation Services, LLC.
@jerry@infosec.exchange learn how to do consulting, it’s just a different profession from what she did so far. I guess she had years of learning and experience for her current job in management. With the same amount of learning and experience she surely can excel in another field.
@jerry@infosec.exchange Independant consultant or working for someone like Accenture?
Very different routes :)
@jerry@infosec.exchange step 1 is defo start listening to the Consulting Success Podcast
https://youtube.com/playlist?list=PLvN5N188CHCQmrSIxzKfhSuntXtGhE3wd&si=-ZiGYKCJBiDG75nq