So I have been in cybersecurity for 8 years a scan a consultant and have worked with major organizations. From vulnerability management and penetration testing to risk assessments, auditing, and miscellaneous different framework audit, done it all. I decided to break out of the corporate day to do day as more outsourcing and fluff services are being offered.
Im curious who else works in the cyber realm? Any tips or tricks? I have a pretty solid plan and focusing mostly on financial organizations who require annual pentesting and risk assessments, as well as strong policies. I have 2 re-occurring clients as well as a contract through an organization getting overflow work. However, this year I am looking to break out locally and really see if I can grow my consulting work ( networking at conferences, events).
Thank you!
Starting a Cybersecurity Company
byu/Neat-Source4003 inEntrepreneur
Posted by Neat-Source4003
2 Comments
Sounds like you’ve got an amazing foundation with your experience. 8 years doing hands on cybersecurity is huge. Focusing on financial organizations makes sense since compliance and risk assessments are always in demand. One tip I’ve seen work really well is combining your technical expertise with educational content. Hosting short webinars, writing actionable blog posts, or even sharing security tips on Linkedin can build local authority and attract the kinds of clients you want. Networking at conferences is great, but being seen as the expert online will make the outreach much warmer when you connect in person.
Also, consider partnering with IT firms or MSPs, they often get clients that need specialized pentesting or risk assessments but don’t have in house experts. That can be a steady growth channel while you expand your local presence.
Curious, are you planning to scale solo or eventually hire a small team?
I was planning to do the same, but more business-focused cybersecurity. Mostly because I also had experience, and I can use it as an external income (a toy project).
However, I think I need a certification (I was looking at ISC2), and it is a chore; the training is around 3 months. So, right now, I don’t have such time. Is it really needed? I think yes, but maybe I am over-exaggerating.
Anyways, I explain my plan :
* External audit (yearly audit). The costs depend on the size of the company and the scope of the audit. It is not as expensive, and it must sound, so it requires a number of customers to keep the business up running.
* Create a cybersecurity audit system (documentation, etc.). It is costly because it is usually done once per customer.
* Train IT staff. It could be done regularly.
Also, for ethical purposes, it is not right to train staff or create a system and be the same auditor.
I already run a B2B, so I can use those contacts to sell the services. However, since I sold them a different service, it also sounds unethical, or it could risk my initial business. So I planned to sell via website/SEO and hope for the best. Maybe I should do videos.