Getting Started in Infosec Consulting
A beginners and beyond guide
Last updated
A beginners and beyond guide
Last updated
Ted Demopulos's book Getting Started in Infosec Consulting: A Beginners and Beyond guide is packed with loads and loads of real world wisdom that is often hard to come by. It is 179 pages long and has 6 chapters featuring a brief case study at the end of the first 5. The font is fairly large and the spacing is also fairly large, making it easy to read.
The book takes the reader through the processes of creating, building, and maintaining a small consulting practice. It never gets in the weeds however, preferring to keep a high level approach and focus on the key ideas instead of the minutiae of the discussion.
While the title of the book implies it is only about infosec consulting, this is a misnomer. The book is much more about consulting in general and how to 'be' an expert. It teaches the reader about many ways to build a personal brand and gain the perspective of a qualified expert in the eyes of others. It also discusses general negotiation strategy and effective business practices.
Chapter one focuses on defining and discussing terms such as expert and consulting. It also looks into the advantages and disadvantages of consulting, consulting models, consulting types, and other considerations.
Chapter 2 discusses the more technical information in the book, such as corporations, LLCs and processing and receiving payments. It also introduces essential business concepts such as upselling and sales.
The third chapter covers generating revenue by getting work (clients). The 11 ways outlined in the chapter to get clients are as follows:
Have clients come to you
Direct outreach to people you know
Direct outreach to people you don't know
Referrals
Volunteering
Speaking
Writing
Networking
Trade associations
Advertising
Referral/subcontracting arrangements.
Chapter 4 covers pricing strategies and key negotiations tactics such as building trust and taking your time.
Chapter 5 covers many different ways to increase your personal brand awareness and have people view you as an expert. It gives advice on speaking and on how to create a website among other things.
Chapter 6 serves as a conclusion to the book and covers topics such as how to keep yourself current. It gives suggestions from having a home lab, to writing a book or blog. Lastly it covers exit strategies and options on where to go after you begin to find success as a consultant.
Ted Demopolos's book Getting Started in Infosec Consulting: A Beginners and Beyond guide was a quick and easy read that while not really technical or in depth, did a wonderful job at transferring the real world wisdom gained through years and years of experience to the viewer.
The concepts discussed are extremely practical and applicable to almost anyone. The book contains many great tips and actionable items. Examples of these tips on how to build a personal brand are doing speaking engagements with the local rotary club or creating a Blog. It was also enlightening to read the case studies of other people at the end of each chapter The tone of the writer is personable and friendly and when combined with the larger font and word spacing it makes for an enjoyable experience. The chapters are split well and contain the amount of content that is good for about one reading session.
I thoroughly enjoyed the book and would recommend it to just about anyone that is looking to take their career to the next level past what is possible with just technical abilities. It is for more people then just InfoSec consultants. It really helped me lay the path to get from where I am now, to the in demand expert I want to be. It gave me a large part of the inspiration and motivation to do the book review your reading and a lot of the other content I have in the pipeline.
There were a couple of profound takeaways I had from reading Getting Started in Infosec Consulting.
The first of these is that If I want to be an expert, I need to be an expert. This means standing up for myself in negotiations among other things. As an example, charging what I believe my work to be worth and sticking to it instead of lowering prices. It also means willing to lose deals that are not in my best interest to win. Most importantly though, being the expert means being confident and speaking with authority on matters in which I am indeed an expert. The difference between me and someone viewed as more of an 'expert' is often simply due to brand recognition and awareness, more people know of them, they may not actually be more knowledgeable or more skilled regarding the subject matter.
The second key takeaway Is the true importance of networking. Clients and work should come to you, this is accomplished more often than not though word of mouth. Being an active part of the community and establishing and maintaining friendships is as important as any other form of career development or technical skill that could be learned.
At the end of the day, you could be the best person in the world at what you do, but if no one knows who you are or what you do, it doesn't matter.
