Greetings,
Introduction: This is my very first post -- please bear with me. Summary: I'm digging for "starting a new security business" perspective, and member advice / experiences.
I have (if you count starting off in the 5th grade), 19 years of technical experience (8 OTJ). I got through school and started working a few years early, and I've done everything under the sun, as much as a medium business, and a fairly good salary, can provide, but I've been treading water for a very long time. I've got to do something about being under stimulated way, way past tears.
Scope: I live in a community of 10k. The nearest communities of similar size are 30 miles in every direction. The larger market University-style cities are 1 and 1.5 hours away. Embarassingly, I've managed not to network well while I've been here, instead staying pretty much under the horizon. A lot of contacts have sat on the back burner for far too long.
A year or so ago, I started to feel out the "IT consulting" niche...flipping through the yellow pages, visiting store wallboards, looking at competition. Hordes of tech retail sales, handy-guys, installation, support, ISPs, everything but InfoSec.
So I took a
SBA kickstart; left feeling empowered, then discouraged as the excitement died. I have some ideas, but I'm threatened, e.g., by unearthing more experienced competition...and a naysayer who "nays" a lot.
While this is a small town, we have an inordinate number of businesses with IT departments. One idea is snagging the free library room, then contacting IT people for a town / region "IT security forum".
My dream is that we'd be able to discuss certain solutions, say, I want to buy NAV CE, who here has had experience with it...or a place to discuss "real threats"...or provide a group "reporting system" to report sanitized (anon) incidents to law enforment...or a mailing list where we all support each other for "area" advice.
Could this be "invitation only"? Would a NDA on meeting topics to "non-members" be appropriate?
Another idea is to write for the local papers; a weekly column, for free (they say no budget), to address the general population's concerns.
Or, simply start advertising a security consultancy, and try to take the jobs as they come. Some services...e.g., drop boxes for shreddable material or magnetic media, which I would then certify was appropriately destroyed. But a business feels the most like hanging the goods out for a thrashing.
Concerns:
1) Previous lack of networking
a) if you were contacted to meet with peers in an "area" security focus group, what would be the best approach for you, what would pique your interest / make it credible, and what would make you come back again?
2) Confidence: Doubting myself
a) My chain of supervisors have iterated that they think I still have some work to do. In contrast, I do a damn good job despite that; but like high school reputation, it's hard to shake - and after a few years, so is the impression it leaves on me - a beast all by itself. In a clean slate, aside from knowing the subject, and liking your job, what foundation best creates, and maintains, a healthy business perspective?
3) Credibility: Lack of funds to certify (SANS, CISSP)
a) Can you make a security company without certs? Does it bring in that much more business if you do? Would it be necessary for personal growth?
4) The day job. Information Security is a 24-hour business, and I can't just quit my paycheck. Who hires an evening or weekend security professional, right?
I've run on a long time. Does anyone have experience running, or working for, a fledgling IT security firm? How did you get started (trickle, deluge, ingenuity)? How did you survive? What would you feel addresses the needs of a small town, extended to outlying areas? For example, is reselling (say, NAV) worth the effort?
- Thank you very much -
Introduction: This is my very first post -- please bear with me. Summary: I'm digging for "starting a new security business" perspective, and member advice / experiences.
I have (if you count starting off in the 5th grade), 19 years of technical experience (8 OTJ). I got through school and started working a few years early, and I've done everything under the sun, as much as a medium business, and a fairly good salary, can provide, but I've been treading water for a very long time. I've got to do something about being under stimulated way, way past tears.
Scope: I live in a community of 10k. The nearest communities of similar size are 30 miles in every direction. The larger market University-style cities are 1 and 1.5 hours away. Embarassingly, I've managed not to network well while I've been here, instead staying pretty much under the horizon. A lot of contacts have sat on the back burner for far too long.
A year or so ago, I started to feel out the "IT consulting" niche...flipping through the yellow pages, visiting store wallboards, looking at competition. Hordes of tech retail sales, handy-guys, installation, support, ISPs, everything but InfoSec.
So I took a
SBA kickstart; left feeling empowered, then discouraged as the excitement died. I have some ideas, but I'm threatened, e.g., by unearthing more experienced competition...and a naysayer who "nays" a lot.While this is a small town, we have an inordinate number of businesses with IT departments. One idea is snagging the free library room, then contacting IT people for a town / region "IT security forum".
My dream is that we'd be able to discuss certain solutions, say, I want to buy NAV CE, who here has had experience with it...or a place to discuss "real threats"...or provide a group "reporting system" to report sanitized (anon) incidents to law enforment...or a mailing list where we all support each other for "area" advice.
Could this be "invitation only"? Would a NDA on meeting topics to "non-members" be appropriate?
Another idea is to write for the local papers; a weekly column, for free (they say no budget), to address the general population's concerns.
Or, simply start advertising a security consultancy, and try to take the jobs as they come. Some services...e.g., drop boxes for shreddable material or magnetic media, which I would then certify was appropriately destroyed. But a business feels the most like hanging the goods out for a thrashing.
Concerns:
1) Previous lack of networking
a) if you were contacted to meet with peers in an "area" security focus group, what would be the best approach for you, what would pique your interest / make it credible, and what would make you come back again?
2) Confidence: Doubting myself
a) My chain of supervisors have iterated that they think I still have some work to do. In contrast, I do a damn good job despite that; but like high school reputation, it's hard to shake - and after a few years, so is the impression it leaves on me - a beast all by itself. In a clean slate, aside from knowing the subject, and liking your job, what foundation best creates, and maintains, a healthy business perspective?
3) Credibility: Lack of funds to certify (SANS, CISSP)
a) Can you make a security company without certs? Does it bring in that much more business if you do? Would it be necessary for personal growth?
4) The day job. Information Security is a 24-hour business, and I can't just quit my paycheck. Who hires an evening or weekend security professional, right?
I've run on a long time. Does anyone have experience running, or working for, a fledgling IT security firm? How did you get started (trickle, deluge, ingenuity)? How did you survive? What would you feel addresses the needs of a small town, extended to outlying areas? For example, is reselling (say, NAV) worth the effort?
- Thank you very much -
![[thumbsup2]](/data/assets/smilies/thumbsup2.gif "[thumbsup2] [thumbsup2]")
________________________________________![[smile]](/data/assets/smilies/smile.gif "[smile] [smile]")
________________________________________