Cybersecurity Consulting: A unique start.

Last Updated: 2024 February 19th Back to my Main page Twitter Email me: contact[at]ohcoz[dot]com


Recently, I received an intriguing email, which initially sparked skepticism— was I being phished?

This led me to wonder how my email was discovered and whether the concern was genuine. I composed a brief, yet inquisitive reply. A few hours later, I received a follow-up email, enriching the narrative with a company name and more context.

Hacking? Reading The Situation

Given plenty of information about the challenge at hand, I shifted my focus towards evaluating if my skills aligned with the presented issue and how I might address it. It quickly became evident that the challenge was less technical and more about effective communication. The company was looking for someone with a security-focused mindset and a risk-aware perspective to alleviate their worries- and quickly. Despite not having decades of experience, I felt sufficiently confident in my abilities to proceed to the next steps.

Crash Course in Becoming a Cybersecurity Consultant

Engaging with the client via video call, I realized the importance of presenting a professional demeanor. Despite the nagging feeling of impostor syndrome due to my lack of formal consulting experience, I recognized the value of my role as the "tech guy" within my family and my informal advisory position in friends' early-stage startups. I've been "consulting" informally for years, but that is still well earned experience in approaching a problem, applying my knowledge and perspective to arrive at the best solution. After consulting a couple people who do freelance and consult much more frequently about logistical and legal aspects, I outlined the engagement terms in a concise two-page statement of work- which resembled the terms of engagement a Pentester would use in their engagements. While its legal bindingness was uncertain, it helped reassure me in the regards that I was acting ethically to the best of my ability.

Outcome & Reflections

Well unfortunately, this isn't the ending you're expecting. But I would say it definitely is a happy one. The client preferred on-site assistance, which was logistically challenging due to my location across the country. However, I was able to connect them with a local colleague that I felt would do just as good of a job, if not better. I completely understand their reasoning and from what I've heard after the fact, it went really well. That being said, I still feel like this was a win in my book for a number of reasons. I grew my understanding and perspective on what cybersecurity consulting at the small and medium business level could look like. Although I know opportunities of people randomly emailing my old college email account won't come frequently enough for me to start a business and quit my day job, it's definitely piqued my interest in consulting to some extent. I made a new connection both professionally and strengthened the bond with the peer that ultimately completed the work.

Key Insights:

As someone who values learning from experiences, here are my primary takeaways:

  1. Cybersecurity Literacy: There's a great and urgent need for cybersecurity literacy among small and medium-sized businesses.
  2. Random Emails: Sometimes it is a phishing email, but sometimes it's a hastily written email by a operations employee who's looking for answers and a peace of mind during a stressful challenge.
  3. Our Potential and Responsibility to do good: Cybersecurity is a field of never-ending problems and I love that challenge. Let's go out of our way to make the world and internet a better, safer place for all.

If you would like to hire me as a cybersecurity consultant, I would be more than happy to jump on a short 30 minute video call to discuss! Contact me at: contact[at]ohcoz[dot]com