6 min read · Written by Grant Rayner on 15 Mar 2023
Share by emailThe majority of people entering the security consulting field start somewhere else. Many will start their careers in government, in either the military, police or an intelligence agency. Some people will start in junior roles in a corporate security team, working their way up to national, regional or global roles.
However, you won’t gain the necessary skills to be a security consultant in government roles. Corporate roles are slightly better, but even then you won’t gain the diversity of experience necessary to be a good consultant (you’ll only learn how one organisation does things). You also won’t get necessary skills by doing a course, diploma or degree. You certainly can’t get away with spending a few hours on YouTube (disappointing, I know).
The baseline for success in any professional field will always be a high level of applied experience in that field. If you come from government or corporate roles, you’ll have the accumulated experience over your career to date. Some of that experience may be applicable to security consulting. But a lot won’t be applicable at all. You’ll need to be able to ‘gap up’ your experience.
In this article, I’ll explain how to get from where you are now to being a successful independent security professional. I’ll cover career paths for people currently in government service, corporate security roles and security consulting roles. I’ll also share my thoughts on how these roles can contribute to your success as an independent security professional.
A large number of security professionals will have started their careers in the police, military or an intelligence service. However, having spent a little over 13 years in the military myself, I can tell you that it doesn’t necessarily prepare you for work as an independent security consultant.
You’ll learn valuable skills in government service, but you won’t have the full skill set necessary to assure success in the field of security consulting.
One advantage of your service background is that, rightly or wrongly, it will automatically give you a degree of credibility as a security consultant. It will also provide a common point of reference when dealing with other security professionals with similar backgrounds. People with military and police backgrounds tend to be known quantities for other people with military and police backgrounds.
Over time, as you build up your commercial experience, it will matter less and less what you did in your service career. You’ll probably end up only mentioning it in passing before sharing the details of your commercial experience.
While you’ll probably be confident of your capabilities when you exit government service, you’ll need to have a high degree of self awareness to recognise that there’s still a lot you don’t know.
Here’s a snapshot of the types of things I struggled with initially (and am still learning about):
So, if you’re currently in a government role and considering starting out as an independent security professional, you’ll need to be honest with yourself and accept that there’s a lot you don’t know. You can acquire this knowledge, but there will still be a learning curve. It will be to your long-term advantage to work in a security consulting company before you step out by yourself.
If you’re stepping out of the government service, the best thing you can do is get a job with one of the major security consulting companies. Don’t mess about with job applications. Instead, find an ex-colleague who is now at a senior level in a security consulting company and ask their help to get you a job. Focus on getting a foothold in the industry. From there, you can move onwards and upwards.
Try to work for one of the major global security consulting firms. These firms will have access to a wide range of clients and projects, providing you the opportunity to rapidly expand your skills and experience. They’ll also provide you with a pedigree of sorts.
Once you’ve got yourself a role in a security consulting company, don’t kick back. You’ll need to take a deliberate approach to build your professional experience. Here’s a few ways you can do that:
I’ll expand on how you can develop your experience in a structured way in the next article.
Above all, don’t be afraid to experiment and try new things.
You’re going to make mistakes during this time. The good news is that it’s unlikely that any one mistake will be catastrophic. These mistakes will be how you’ll learn and improve. The things you learn now will be invaluable once you set out on your own.
Let’s look at corporate security roles.
The other career path to become and independent security professional is to gain experience in corporate security roles within large organisations.
If you’re coming out of a government security role, corporate security is an ideal bridge into the corporate sector. Similarly, if you’re in a security consulting company, there’s no harm in spending a few years in a corporate security role.
One of the benefits of working in a corporate role are that you’ll learn how organisations work. You’ll learn what capabilities they maintain in-house and what capabilities they’re willing to bring in from security consulting companies. You’ll also get a sense of their priorities and needs.
You have two options here. You can apply for corporate roles directly and become an employee. Alternatively, you can take an embedded role, where you fill a corporate position but are on the payroll of a security consulting company. One of the advantages of embedded roles is that they are short term (from a few months to a few years). You might be able to undertake several embedded roles with different companies, building a diverse set of experiences.
The main downside of corporate security roles, you won’t necessarily learn the skills you’ll need to be an independent security consultant. Your experience will also be relatively narrow. If you’re working in an organisation, you’ll learn how that organisation does things. You’ll rarely get an opportunity to learn how other organisations do things. As such, you’ll lack the diversity of experience essential to being an effective consultant.
If you’ve only had experience in corporate security roles, you may also struggle going out into business yourself. If you’re used to the routine of a large organisation, you may find that going out alone lacks structure. You may also find the fact that you’re no longer receiving a regular pay cheque to be stressful, particularly if you have a family to support.
If you’re currently in a corporate security role and you have aspirations to become an independent security professional, my advice is to apply for a role in a security consulting company. Spend two to three years as a security consultant before you set out alone. Use this time to test the waters. If you decide it’s not for you, you can always go back to a corporate security role.
While you’re in your corporate security role, pay attention to the work your company does with security consulting firms. Make time to read through the proposals security companies send your organisation. Attend meetings with security consulting companies and get to meet the senior managers and directors of those companies.
In practice, it’s not uncommon for people in the security industry to move between consulting and corporate roles. I’ve been in several embedded corporate roles as head of global security and as a regional security manager, and I’ve benefited immensely from both experiences. I’d also like to believe that these organisations also benefited from my consulting experience.
The most important thing you can do along the road to being an independent security professional is to build your experience. In a perfect world, you would do this across corporate security and security consulting roles. You (and your clients) will benefit from you having a diverse range of experiences across industries and locations.
In the next article, I’ll share some thoughts on how you can deliberately build your experience to set yourself up for a successful transition to a career as an independent security professional.