5 min read · Written by Grant Rayner on 29 Mar 2023
Share by emailIn my previous article, I discussed how you can engineer your experience while working for a security consulting company, to set yourself up for success when you become an independent security professional.
Developing your experience is just one aspect of your preparations. Another key aspect is building your reputation. It doesn’t matter how much experience you have if people don’t know you exist, or don’t believe you have the necessary capabilities to deliver the work.
Your reputation is how others, specifically your clients, perceive you. As an independent security professional, having a positive reputation increases your chances of getting work. Conversely, having a negative reputation could prevent you from being considered for projects.
It’s never too early to start building your reputation. If you’re in a consulting role at a large security consulting company, you should start building your reputation the day you join.
In this article, I’ll share my perspective on how you can build your reputation as a security consultant, in preparation for starting your own business as an independent security professional.
Building a reputation in any industry typically requires a range of activities, such as obtaining industry certifications, networking at industry events, speaking at conferences, and publishing articles.
However, the security industry is somewhat unique, and it’s unclear if these activities are effective in building your reputation as a security consultant. Specifically, it’s uncertain if these activities have equal value in terms of time spent. Attending industry events may provide visibility, but it’s difficult to determine if this translates to a positive impression of you as a capable consultant that then leads to projects.
In the sections below, I’ll focus on several approaches that are relevant to the security industry. These approaches can help you prepare for transitioning from security consulting or corporate security roles to becoming an independent security professional.
Time is your most important resource. To build and maintain your reputation, you need to manage your time and energy effectively.
There are two aspects to consider here. First, focus your efforts on a target audience. While an industry event may be useful for getting your name out there, it won’t have the same impact as spending a few hours one-on-one with a potential client. Second, focus your message. If you want to establish yourself as an expert in a specific practice area, then your speaking and writing activities should be focused on that area. Your objective is to ensure that potential clients associate you with your specialities.
Delivering high quality work is the most important thing you can do early in your career as a security consultant. Your project work is the perfect showcase of your skills and experience. In some ways, everything else is just generic self-promotion.
However, the challenge with project work is that it won’t be visible to potential clients until you start engaging them in the lead up to a potential project. For example, they may learn about your experience when you meet them in person, or when you provide a proposal that lists the relevant projects you’ve delivered. Other than that, people will know next to nothing about your project experience.
Sharing some of your experiences with a broader audience can be valuable. You can share details of specific projects, as well as what you’re currently working on (of course, you should not share the name of the client or other sensitive information).
You can share this information publicly, such as in a LinkedIn or Substack post, or privately, such as in an email to potential clients. In my experience, a combination of both approaches is useful. For example, you could provide an overview of a specific project in a public post and then offer more detail in a private email. If you’re concerned about the broad reach of LinkedIn, consider using Substack or an equivalent service to reach a more focused audience.
Of course, it’s not enough to simply say you’ve delivered a project. You need to provide an interesting angle that piques people’s interest and reinforces your credibility. For example, you could provide an overview of the project and highlight something you learned that you believe others could benefit from knowing. Alternatively, you could discuss a mistake you made and what you learned from it, as this can also provide valuable insights for others.
The best time to start sharing your project experience is now, ideally while you are still in a security consulting or corporate security role.
You can be the most knowledgeable and experienced professional in your field, but if you’re hostile or unpleasant, you won’t attract any clients. Who you are as a person is just as important as your expertise and accomplishments. Let’s explore different approaches to make sure that your peers and potential clients view you in a positive light.
I’ve already spoken about the perils and pitfalls of trying to adopt a faceless corporate persona. Who you are as a person matters. Potential clients need to feel that they can trust you, and the best way to build trust is to be personable and authentic.
There are several characteristics you can adopt to set yourself apart from other consultants in your industry, such as:
Ideally, these attributes come naturally and do not need to be forced. In fact, these behaviours are what you would expect in any professional setting, although not everyone exhibits them.
While you are still in a security consulting or corporate security role, practice the above characteristics and try to be as authentic as possible in your interactions with peers and potential clients.
One final point to note on this topic is that not everyone will like you. You probably won’t like everyone either. Therefore, before you start building your reputation, carefully consider what types of people you want to get to know. As previously mentioned, focus your time and energy on the types of people you want to work with and work for.
Building your reputation will take many years. It’s a strategic investment, and you shouldn’t expect short-term results. The young security manager who learns from one of your articles today will become a regional security manager eight to ten years from now, and may potentially be a buyer of your services.
As an independent security professional, what you’re selling is a combination of what you know and who you are as a person. Develop your reputation by interacting with key people in your industry, sharing project experience, and being personable and authentic.
What’s the litmus test for a good reputation? While still at the security consulting company, clients should be asking for you by name for specific projects aligned with your expertise. In fact, clients requesting you by name will be a strong signal that you’re ready to set out alone.
I’ll be revisiting different ways to build your reputation and promote your services later in this series of articles.