I’ve been helping companies as their IT security consultant for the past 15 years, have worked as part of Microsoft‘s security team and an external security consultant for the Emirates Nuclear Energy Corporation.
Now I am a cyber security consultant and have helped software companies, law firms, and banks build complex and effective information security programs to combat advanced cyber threats, acting as their Virtual CISO (CISO as a Service).
I have also helped individual lawyers, law firms, and small businesses protect themselves with the same quality a bank would get – as they get their defenses built by me. I have built defenses at banks (such as SCB in Thailand, Akbank in Turkey, and others), and government institutions (Ministry of Education in Qatar, Ministry of Minerals in Saudi Arabia).
I’ve been employed by
There are many (MANY!) cyber security consultant firms out there. But their business model is usually the following:
I do everything differently.
How much does a cyber security consultant charge?
It depends. What do you want?
The answer really can only be “it depends.” That price varies a lot based on the length of the project, its complexity, and the project itself.
The hourly rate for a cyber security consultant varies according to the project complexity and duration.
Is it just a phone consultation or an in-depth problem solving that you need? Can this consultation save the company millions by preventing a serious data security breach? In that case price doesn’t even matter. It’s all about value. Do you want that value?
Just as a hacker (or a hacking team) can work from across the globe, so can a defender build your defenses remotely.
In all cases, all the work is using a keyboard and a mouse – be it in your office or from the Maldives, if you have an expert as your cyber security consultant, the quality will be the same regardless of location.
People often say to me: “But I need a cyber security consultant near me” – to which I ask them, why? Why would you need someone to commute several hours to you, arrive sweaty and tired, and bill you for the time during their commute, when you can save money and get the same quality?
I love helping clients and hate travel just as much as you do. I have clients in Australia, USA, UK, Germany, and the United Arab Emirates – If I had to travel to see each of them every week or every month, there would be no time to work! Instead – all of them get the same quality from me, and everyone is happy.
I get this question a lot!
I am a cyber security consultant and in a way, a cyber security architect. I build defenses very well. I have been trained in offensive security by an Israeli security company – Offensive Security, at their OSCP course (my OSCP ID is 3128, which should be impressive to some people) – but I tend to focus on defense development only and work with some fantastic penetration testing companies in the US and the UK who excel in penetration testing.
Specialization is key to offering fantastic service, and that is what I do. After my work with you is complete is the best time to run a penetration test and validate everything done, I recommend that. It is a continuous improvement loop – you build good defenses, test them, improve them, test them again. Specialization is the only way to deal with continuously improving threat actors.
What is it like working with an information security consultant?
When you first start working with information security consultants both sides need to clarify their expectations.
Just knowing about your desire to protect client information is not enough. It is best to share details about your business processes, how you work with your clients, and how you collect and store their data.
Information security consultants need to know the answers to all these questions before starting working with you.
I made a life choice 15 years ago: to stay independent as a cyber security consultant and never sell a vendor’s solution due to a commission or other benefits.
Even when working for Microsoft, I still helped all companies I visited to choose the best solution, rather than pushing Microsoft-only solutions. Perhaps that’s why I left and opened my own company!
When working with me, you can always rely on my global cyber security experience, knowledge, and connections knowing I will always have your interests at heart.
That is why you will never hear me recommending just one vendor for a particular cyber security challenge. I give you the ways to choose the right one, the benefits of each, and leave the choice to you. Yes, I make much less money by not receiving a commission from these recommendations – but I keep two things intact: my integrity and the trust my customers have in me.
© 2020 All rights reserved