8 min read · Written by Grant Rayner on 22 Mar 2023
Share by emailIn the last article, I discussed how you get from where you are now to being an independent security professional. I covered three start points: government service roles, security consulting roles and corporate security roles.
The question is, what are you actually learning through these roles? More importantly, how is what you’re learning preparing you for a successful future as an independent security professional?
If you’re working as a consultant in a security consulting company, you will be building your professional skills and experience. These skills and experiences are the fundamental qualities of a good consultant. However, in this process, how effectively are you setting yourself up for success as an independent security professional?
You should be looking to achieve the following during your time in a security consulting company:
The key is to make the most out of your time in a security consulting company. To do so, you’ll need to take an organised process to engineering your experience.
In this article, I’ll explain a few ways you can do just that.
I’ll start with the most important thing you can do, which is to build your project experience.
When working for a security consulting company, a key objective is to build project experience. The best way to build project experience is to get involved in as many short duration projects as possible. A short duration project is a project that can be delivered in a few days to a week. Rack up as many projects as you possibly can in your first year or so. Don’t be too picky about the types of projects you select. Get involved with anything and everything.
The reality is that you probably won’t get too much choice regarding which projects are allocated to you. Don’t let that bother you at the start. Instead, focus on volume. Just keep racking up projects. Again, short is good because you’ll get more project exposure.
Don’t be afraid of the occasional complex project. Complex projects are a great way to learn about different locations and fields of security. One of the more memorable projects I was involved with in my first few years involved coordinating security and emergency response for a regional music awards event. I wouldn’t say event security is one of my specialities, but that experience helped me build my skills in that area and helped to round out my professional skills more generally.
One piece of advice is not to specialise at this early stage of your consulting career. The diversity of work you‘re doing now will add depth to your skills and experience. Over time, as you develop a more refined sense of your areas of interest, you can start specialising in a particular type of project. If you want, you can volunteer for more projects in that area.
Another benefit of taking on as many projects as possible is that you’ll be building your experience relating to working with different types of clients and in different locations.
Of course, you’ll need to capture this experience. I’ll explain how to do that shortly.
As you’re building your project experience, you should also consciously build your experience working with different industries. You can take two approaches here. First, you could generalise by working with as many industries as possible. Second, you could specialise by focusing on a specific industry.
If you wanted to specialise, I recommend you take a hybrid approach by working with any and all industries first, then honing in on a specific industry after a couple of years. Early specialisation may prove to be limiting, particularly if you don’t have a full understanding of the industries with which you’re working.
From my own perspective, I made the decision to generalise across industries based on the types of services I’m providing. For example, any large organisation from any industry can benefit from conducting crisis simulation exercises, which is one of my key practice areas. On the other hand, I’ve done quite a bit of work with the maritime industry over the years, but I’ve chosen not to specialise in that area.
While all industries are different, there are a few industries that require specialised domain knowledge. The maritime industry, where you would deal with the security of ports and ships, is a good example. The aviation industry is another example, where you’ll need to advise on the security of airports and aircraft.
I’ll be getting into market strategies in later articles, but one of the risks of industry specialisation is that you’ll be entering a contested space. If you’re in a country, it’s likely you’ll find there are already well-established consultants servicing these industries. You’ll need to decide whether your service offering is sufficient to unseat the incumbents. If you’ve spent many years as a corporate security role in those industries, specialisation may be an obvious choice. Again, however, just be conscious of the fact that you’ll be limiting your experience and potential utility.
There’s a huge amount of value in building your experience in operating in different countries in your region. There are several reasons why building country experience is a good idea:
Overall, I can’t think of many reasons why you wouldn’t want to develop international experience.
When I look at my own portfolio of work, over 80% of revenue is earned outside of the country where I reside. Here’s a snapshot of just a few of the more interesting places I’ve worked:
All of these projects were extremely interesting, and I still draw on these experiences today.
During your time in a security consulting company, volunteer for as many international assignments as you can. As with industry experience, try not to specialise too early by focusing on a single country. Instead, just get yourself to as many different countries as possible.
One point to bear in mind is that many projects are short and sharp. While you’ve technically delivered a project in a country, the reality is that you probably only spent time in a business hotel and at your client’s office. As a result, you’re not really learning that much about the country.
My recommendation is to always try to extend each trip by a few days. Take the opportunity to explore the city. If you can, get to other parts of the country. Meet local security vendors and build your professional network. Assess the security of a few hotels while you’re there. Overall, just get a feel for the place.
I adopt this approach with every project. The client pays for flights, as well as accommodation and meals during the project period. When I extend the trip, I just need to pay for the additional accommodation and meals.
A final point on international experience is that one of the options available to you is to specialise in a specific country. Within my region, I know people who are based in South Korea, Indonesia, Myanmar and other locations who are specialists in those countries. They took the risk to set up operations and are now the go to specialists for organisations looking for security support in those countries. While I no longer live in my home country, I’ve chosen not to specialise in any particular country. My reasoning is largely personal—I want to travel to as many places as possible. I am focused on a region (the Asia Pacific) but I have worked in other regions, including the Middle East.
Within every region, there will be a number of hot spots where clients will require ongoing support. Typically, these are the higher-risk locations. Within Asia, Pakistan is a hot spot, though not many companies operate there. Indonesia was a hot spot from 1998 to around 2008. South Korea has been an ongoing concern for many years due to the risk of armed conflict with North Korea. Taiwan is a recent concern. I’ve gone out of my way to develop my experience in these countries because I know there’s demand in these areas.
So far, I’ve covered different approaches to developing your project, industry and location experience. How can you capture this experience in a meaningful way?
Probably the most important thing you can do when you start out in security consulting is to maintain a project log of all the work you’re doing. In your project log, include the following information:
If you like, you can also include pricing information for reference.
As you start to plan what direction you want to take with your own company, you can tally up these projects to get a sense of the industries, locations and types of projects where you’ve built up the most experience. By recording the days, you’ll be able to quantify exactly how much experience you have in each area.
Whenever you need to explain your experience to a client in a proposal or briefing, you can refer back to this data and provide an accurate statement of your previous project experience.
For example, you might be able to say that you’ve delivered 12 projects in Thailand. Or 12 projects in Thailand delivering crisis management training. Or that you’ve conducted five hotel risk assessments in Bangladesh. Or 18 intrusion tests for companies in the banking industry.
Once you’ve set up your own company as an independent security professional, be sure to continue this log.
A key point to note: all of your experience counts. While your company may only be a week old, that doesn’t invalidate your many years of experience in other companies and in other roles. Of course, you can’t attribute prior work to your current company. For example, you can’t say your company has worked with a specific client in a specific location if you did that work while you were with a previous company. But you can say you (as an individual) have that experience.
As you start out in security consulting, consciously develop your experience. Experience will enable you to provide unique insights to your clients. Experience will also enable you to be more efficient in project delivery, helping to maximise your margins.
While you’re working for a larger security consulting company, volunteer for as many different projects as possible. Avoid specialising too early. Instead, build a broad base of experience first and then decide how you might want to specialise, based on your interests and aptitude.
Continue these approaches when you’re working as an independent security professional. When competing with larger security consulting companies, your key—and really your only—competitive advantage is your experience. Your greater level experience combined with your lower fees (because of your low overheads) will allow you to be competitive.