2016 marks the 15th year that I have been working for myself as an independent information security consultant. People who are interested in working for themselves often ask for my thoughts on what it takes to go out - and stay out - on your own. Early on, I thought it was about business cards and marketing slicks. In fact, I spent so much time, effort, and money on company tchotchkes that I'm confident I could have earned twice as much money in my first year alone had I focused on what was truly important. I soon found out that starting my information security consulting practice wasn't about "things". Instead, I saw the value of networking and surrounding myself with successful people – people that I could learn not only about information security but, more importantly, what it takes to be successful in business.
In what ways does this apply to your career in IT and information security? Every way! If you look at the essence of what it takes to be successful in our field, it's not about being a master of the technical stuff. Anyone can learn those things. Sure, some are better than others, but at the end of the day, the technical challenges are not our real challenges. Instead, it's about being able to master emotional intelligence including, among other things, the relationships we have with people who are in a position to both help us and hurt us. The relationships you have with others has an enormous impact on how effective you can be in your job and how far you can go in your career.
You certainly don't have to work for yourself to benefit from this. Whether you work for a large corporation, a small startup, a government agency or a nonprofit, think about who you currently know and who you should get to know that can have a positive influence on your IT/security career. It might be a current executive in your own organization. It might be a fellow IT pro, auditor, or entrepreneur you meet at a security conference. It might be the parent of your child's friend who's an attorney or a doctor. It might be someone else in the information security field who you could reach out to on LinkedIn to start having a dialog with. There are a lot of people – many of which you probably haven't thought about – who can help you out in tremendous ways. Not to make money off of but to learn from and collaborate. This leads me to an important point: whenever you are reaching out and meeting new people, make sure that you are also giving to this person in some capacity. The last thing anyone wants is a user of their relationship with nothing in return.
Looking back, the first few years of starting my business I should have spent surrounding myself with people in/around IT as well as those who were in a position to coach and mentor me along to be a better business person. This would've created more opportunities for me earlier on than anything else. As recently as a few weeks ago, I interacted with a young salesman who was more concerned about whether I had a marketing brochure rather than getting to know me and understanding how I might be able to help him with his information security needs (he was hoping to sell my services to his clients). This is a common approach to one's career: have a beautiful marketing slick or website and they will come, and buy. If it were that simple, countless people would be super successful in every field. Instead, it takes persistence, year after year. Work on building and maintaining your relationships both inside and outside of your organization as that's what will help you succeed the most in your IT and security endeavors long-term.