Is Consulting More Risky than having a “Job” ?

Is consulting risky – specifically is it more risky than having a full time job?

The conventional wisdom says “yes” – and is absolutely wrong! Maybe it was “once upon a time but it isn’t now.”

If you have a job and lose it, you are unemployed – it’s binary: “job” or “no job.” And unfortunately people lose their jobs, especially during difficult times.

Consultants typically have multiple clients. If you lose a client, you still have others. Typical consultants have 3-6 clients per year. If one client doesn’t have any work for you, perhaps they “fire” you, go out of business, or are having a difficult time, you still have work from other clients.

More Articles

October 23, 2024

The Cost of Inaction

There is obviously a cost to do something. If I go on vacation for example, it's going to cost me time and money. If I go out to dinner tonight - there is certainly a cost as well.

Think of some of the things you have done in the past that have had great results, maybe even lifechanging results. If you hadn't done them, there would have been an enormous "Cost of Inaction" or COI.

For example, if I hadn't gotten married and had kids, my life would be much different now. Certainly far less rich and wonderful.The cost of inaction would have been immense.

A bit over thirty years ago, I left corporate life to become a consultant. It's worked out extremely well, with lots of world travel which I love, the ability to choose exciting work and I've had some great projects and continue to, and freedom the likes of which doesn't exist with a job. And the money has been great.

What if I hadn't left my great job at HP in 1990? The cost of inaction would have been IMMENSE!

Often people delay, sometimes forever, doing something because the time isn't right or they are not ready. There is never a perfect time for many things are some things you may never be perfectly ready for.

Think of the cost of inaction! And then move forwards.

March 15, 2024

International Travel paid by Work: How to Make it Happen!

I love to travel, especially internationally, and greatly prefer to have work pay for it. I've been able to make this happen both as an employee and as a consultant.

If having your job or a client fly you to say Paris or Sydney or similar, and then taking a few days off while you're there sounds like a great thing, here are a few techniques that have worked for me and others!Business travel can and should be combined with please whenever possible!

Last year among other places I got to Copenhagen, London, Krakow, The Azores, The Canary Islands, Amsterdam, Barcelona, Bahrain, Qatar, Munich, and more. Don't get me wrong, I worked my butt off, and also enjoyed myself, very often with a few days off!

Don't get me wrong, I worked my butt off, and also enjoyed myself, very often with a few days off!

#BusinessTravel #WorkTravel #Travel

March 15, 2024

Detection Oriented Security Architecture, with Kevin Fiscus

Detection Oriented Security Architecture

Risk can be defined as the likelihood that a threat exploits and vulnerability causing harm. To reduce risk, at least one factor in that definition must be reduced. There is little that can be done, in most cases, to reduce the threat leaving us with vulnerabilities and harm.

Security programs and security professionals have spend decades attempting to substantially reduce risk associated with vulnerabilities without significant success. As a result, we are left with attempting to reduce harm.

According the recent Ponemon Institute Cost of a Data Breach studies, one of the biggest factors in determining breach cost is dwell time: the amount of time an attacker is present in the network before detection, therefore reducing dwell time can significantly reduce breach cost and thus reduce overall risk.

The obvious goals therefore becomes to detect and respond to attacks as quickly as possible. This goal has resulted in myriad technologies that focus on "detection and response" such as EDR, ITDR, NDR, XDR, and SOAR. Unfortunately, if we achieved the goal of rapid detection and immediate response, we would actually be making our security worse and giving the attacker a significant advantage.

In this webinar we will discuss why automated detection and response is a concept that will always fail and we will discuss what a truly detection oriented security architecture would look like.

#detectionEngineering #infosec #blueteam

November 28, 2022

Consulting: Can You Get Clients from LinkedIn ?

Do people ever just find consultant's profiles on LinkedIn and hire them?

Not "can you connect with people and as soon as they accept your connection hassle them!"
I know people attempt this constantly (and it is very annoying).

It's possible but not common. Remember the most likely clients for consultants are people they've worked with before. Referrals are also very common.

But it is possible that clients will find you online and approach you directly - although for most it's uncommon, unless ... You have some incredibly specialized skills.