5 min read · Written by Grant Rayner on 26 Apr 2023
Share by emailAs you prepare to leave full-time employment and start your own business, it’s important to maintain positive relationships with your former employer and colleagues. In fact, if you handle the transition correctly, you may even be able to continue working with them in a new capacity. In this article, I’ll share some advice on how to make an amicable departure, while setting yourself up for success as an independent security professional.
As an independent security professional, it’s critically important to maintain high ethical standards. The security industry is a small world, and your reputation can make or break your business. If you fall off the path, word will get around. So, before you exit your current organisation, take the time to consider how your actions may impact your professional reputation in the long term.
To ensure an amicable departure that maintains positive relationships and minimises legal risks, follow these guidelines:
Before you do pull the pin, carefully read through your employment contract and pay particular attention to clauses related to non-compete, non-solicitation, and confidentiality. Understand the terms and conditions you agreed to when you joined the company, and ensure you adhere to them after your departure.
Provide your employer with the required notice period, as stipulated in your employment contract or company policy. Doing so demonstrates professionalism and respect.
Inform your manager or supervisor of your intentions in advance of your notice period, and explain your reasons for leaving in a clear and respectful manner. Avoid bad-mouthing the company, its employees, or its clients. Instead, focus on the new opportunities you’re pursuing as an independent consultant.
Make an effort to finish your existing projects or, if that’s not possible, ensure a seamless transition for your colleagues who will be taking over your responsibilities. Prepare thorough documentation and provide any necessary training or guidance to your team members.
Keep any sensitive company information, trade secrets, or client data confidential, even after leaving the company. Breaching confidentiality agreements can not only lead to legal consequences but also severely damage your professional reputation.
It should go without saying that one of the most basic requirements of any security professional is to be able to maintain confidentiality.
If you have a non-solicitation clause in your contract, make sure you don’t approach your former company’s clients for the period specified in the contract after leaving. Violating these agreements could result in legal action, harm your relationship with your previous employer, and damage your professional reputation in the industry. It’s bad form.
Of course, some clients may decide that they want to continue to work with you after you leave your current organisation. I’ll discuss some of the more practical aspects of solicitation below.
Don’t take client reports or internal documents from your current company. Most companies have information security controls in place to identify the exfiltration of data, so there’s a good chance you’ll get caught. Plus, there’s no benefit to recycling the work of other companies. Instead, use your knowledge and experience to create something entirely new.
Stay connected with your former colleagues and maintain a strong professional network. You never know how valuable these connections may be for future business opportunities or collaborations.
Be cautious about what you post on social media when departing from a company. Avoid making negative comments or sharing confidential information that could damage your former employer’s reputation or your own.
In addition to these guidelines, there are a few other important factors to consider as you prepare to transition to an independent security professional.
First and foremost, poaching clients from your old company and bringing them to your new venture is not a viable option. Doing so could result in legal action, even if you think you could conceal such activity. Remember that people in the client organisation will likely have relationships with people in your old company, so word is likely to get out.
However, if you have done a good job in your existing consulting company, it is almost inevitable that some of your clients will want to follow you to your new venture. In this scenario, it’s crucial to manage the process in a professional manner that does not expose you to risk.
Ideally, your old clients will come to your new venture because you are offering something new and unique that your old company does not provide. While this may not create a significant conflict, it is possible that your old company may follow their definition of solicitation strictly. Therefore, it’s essential to be careful in situations where your former clients request the same services you provided to them while working at your previous company. That’s a boundary you should not cross.
Before leaving your existing company, it’s important to reach out to all of your clients to let them know. For example, you could send an email in your last week that avoids providing specific information regarding your planned venture and offers no alternative contact information, not even a personal email address. If you have strong relationships with your existing clients, they should already have your personal contact details.
A few weeks after leaving the company, you can send your clients an email letting them know that you have set up a new company and providing the new contact details. You can also share the URL for your new website in this email. However, avoid providing any specific information about products or services or making it explicit that you are looking for work. Think of it as a general announcement that you are in business rather than an email designed to generate new work.
If you work in a corporate security role, it may seem like a safe option to rely on your relationships within the company to provide consulting services for them after you leave. However, this approach is rarely successful in the long term, as I’ve seen with several people I know. Although it may make sense to have some contracts with your old employer, your priority should be to quickly diversify your revenue stream so that you can build a more resilient business. I’ll address revenue diversification in detail in future articles.
If you’re working for a security consulting company, you could also offer your services as a subcontractor. However, it’s important to look for your own clients and not rely on subcontract work for more than 25% of your revenue stream. Doing so can put your business at risk if the situation changes.
In both of these examples, success depends heavily on the relationships you have with specific people in these organisations. However, these relationships can change over time. Additionally, if the contract is independently reviewed, perhaps by someone in the organisation who doesn’t know you, there is a risk of accusations of favouritism. Such accusations may result in your contract being opened up for competitive tender, with no guarantee that you’ll retain the work after that process.
In short, when you leave your current organisation, focus on building a healthy client base and avoid relying on the support of your previous organisation. While it may seem like a safe option at first, depending on your old company for business can be risky in the long term.
Recent articles have focused on preparing for the transition from working for an organisation to working for yourself as an independent security professional.
From next week, I’m going to focus on designing your business.