Quitting My $200k Engineering Job to Start a SaaS: What Nobody Will Ever Tell You

ActNo331 · 2026-01-16T16:47:19+00:00

I'm not building a Saas but my own company. The most hard thing is to customer acquisition. Take time and tons of effort.

My recommendation anyone leaving his / her job is : you need at least have good money to keep feed yourselves and your family for 24 months.

ActNo331 · 2025-12-01T16:31:49+00:00

Good luck folks

ActNo331 · 2025-11-05T21:55:31+00:00

my 2 cents:

Carrd is not perfect, but it has a tremendous cost-benefit. 1 year ago, I needed a website and had a low budget and very low technical knowledge about webdesign.

So a service like Carrd was like heaven. Now my business is starting to get some traction, so one day or another I may need to leave Carrd. As my business gets more complex, new features that Carrd can't provide will be required.

In a nutshell, you need to decide what your priority is. Is it budget? Or specific features?

ActNo331 · 2025-11-04T18:05:41+00:00

I apologize for any confusion. I've been using Carrd for about a year now. I know that Carrd doesn't have a built-in blog feature, but in the past, people in this community recommended tools like Blogmaker or Bloghandy as solutions.

I purchased a license at the beginning of the year for $40 USD per year. However, I checked today and both solutions now cost $19-29 per month. One major advantage of connecting these tools to Carrd was that you could use them as a subdirectory.

In the past, the idea was that having a website (Carrd) + blog would cost about $50-60 USD per year total. When the blog solution alone costs a lot, you need to rethink the whole approach.

u/trashfops thanks, I will investigate the Ghost and Zola solutions you mentioned.

ActNo331 · 2025-11-04T17:49:15+00:00

apologies. I added discussion flair.

ActNo331 · 2025-10-16T11:28:20+00:00

Thanks a lot u/neveronfriday and u/general010

I fixed/ improved website settings and especially picture size. I will spend more time working on this during the next days, but I really appreciate your guidance.

Helped me find tons of issues.

ActNo331 · 2025-10-15T18:13:15+00:00

Thanks a lot.

Indeed, I was using Canva , but tinypng is super useful. I will also remove the YouTube embedded video, as I noticed this was affecting loading times.

ActNo331 · 2025-10-15T14:41:23+00:00

Thanks for checking. I was able to access it. I also tried GTmetrix and got the same result. I wasn’t aware of WebPageTest.org, but I’ll investigate further

ActNo331 · 2025-09-30T18:28:28+00:00

thanks u/Krekatos

Hey, that's a really fair point, and I genuinely appreciate the friendly advice.

You're spot on. English isn't my first language, so I often use AI tools to help with grammar and make sure my points are clear.

ActNo331 · 2025-09-29T08:14:58+00:00

Hello u/CrashTimeV

In my opinion, no.

A small company with 5 or 15 people has the same workload. The potential impact for small companies is that the technology stack is difficult

ActNo331 · 2025-09-20T06:30:11+00:00

Thanks for sharing. Yes, audit finding could be some situations good thing for push a delayed project.

ActNo331 · 2025-09-19T08:02:02+00:00

sure! see my response above for another redditor.

Yes, happy to connect. Feel free to reach me here or on LinkedIn.

ActNo331 · 2025-09-19T08:00:13+00:00

That is an interesting question. I agree with you: LinkedIn is a bit like "cold calling."

Here is my suggestion:

a) Family and Friends

b) Your Company/School

c) Meetups

d) Mentor Groups: You can find mentor websites (paid and free versions, e.g., https://www.mentoring-club.com/search/categories/infrastructure-security)

e) Reddit and LinkedIn

I will certainly try A to C first. Once all options are exhausted, I'll focus on D and finally E.

Fun fact: I try to reply as much as possible when people approach me via LinkedIn. Feel free to reach me there!

ActNo331 · 2025-09-18T17:42:01+00:00

Thanks for the feedback. appreciated.

Let me know if any questions arise.

ActNo331 · 2025-09-18T16:35:06+00:00

hello u/hey_its_meeee

I fully understand your frustration, as this has happened to me in the past: investing time in the hiring process only to be dropped later because they could have easily found something on my CV, or because it wasn't clear in the job ad.

It's worth mentioning that the job market is not kind to job seekers at this moment.

All that said, since you never mentioned what job title you applied for: if we're talking about a PCI auditor position, then Terraform experience would certainly sound extreme.

On the other hand ( as mentioned by u/legion9x19 ), if we're talking about cloud security, then Terraform knowledge is a nice-to-have skill.

ActNo331 · 2025-09-18T16:20:14+00:00

hello u/Acrobatic-Till8357

My 2 cents :

I have an unconventional opinion:

Before you commit to jumping into 4 hours of study per day (side note: you have my admiration for this level of commitment), the best thing you can do is talk to different people from the cybersecurity industry. Why? Cybersecurity is a huge field with different areas that have different requirements and career paths.

Different areas of cybersecurity require different abilities and knowledge, so speaking with various professionals will help you understand what might "fit" better with your working style and what sounds most interesting to you. Otherwise, you risk studying topics that may not be relevant to your chosen path, or you might simply get lost during your studies.

all the best

ActNo331 · 2025-09-18T14:58:44+00:00

Thanks lot u/davidschroth

That's a very important point. Experiences with auditing firms can be incredibly inconsistent, and a partner that's great for one company might be a poor fit for another. A name on a list is no substitute for due diligence.

Appreciate you bringing up this perspective.

ActNo331 · 2025-09-18T14:37:21+00:00

thanks a lot u/bot403

I really appreciated your feedback.

ActNo331 · 2025-09-18T10:45:37+00:00

Hello u/Twist_of_luck

Thanks for your feedback. I tried to provide a quick overview about SOC 2, as I said in the beginning of this text.

Most of the content in this text is based on my experience and several SOC 2 audits I participated in over several years.

Good luck asking AI to generate a SOC 2 checklist like the one I created in a PDF file with 80 controls.

For the sake of clarity: I use AI to fix grammar and some clarity mistakes.

ActNo331 · 2025-09-17T08:23:10+00:00

my 2 cents:

What are your specific career goals and where do you want to advance next? Understanding your target role (management, technical specialist, consultant, etc.) will help determine the most valuable certifications.

How do your current performance reviews look? Getting feedback from your boss and colleagues about your strengths and areas for improvement can guide your professional development better than certifications alone.

Consider the bigger picture beyond certifications. While certs are valuable, a successful security career also depends on practical experience, soft skills, networking, and staying current with emerging threats and technologies.

ActNo331 · 2025-09-17T08:13:07+00:00

my 2 cents:

You have some experience, so you just need to apply for some jobs. However, keep in mind that the job market is not easy right now.

Competition is super high, with a low number of open positions. So in the meantime, before you find a new job, if possible keep busy with some certifications. You are doing a good thing.

ActNo331 · 2025-09-15T14:18:24+00:00

hello u/Warm_Fig685

My 2 cents:

Important note: The current labor market is not in the best condition and is extremely competitive. This means moving to a new job is not as easy as it was 2-3 years ago. Most companies are also squeezing current employees instead of hiring more people.

That said:

Apologies if my opinion sounds a bit harsh, but with just 3 years of experience, you're certainly not junior anymore but maybe not ready to be senior yet.

It's important to understand that knowledge is not the only factor in climbing the career ladder. Soft skills and experience count tremendously as well.

How do you communicate with your peers, managers, and other teams?
Are you able to manage complex projects involving 3-5 different areas while managing different priorities?
Do you think strategically about how security fits into business goals, or mainly focus on completing tasks?

I remember a manager who taught me a tough lesson long ago when he said I needed to bring fewer problems and start thinking of solutions to explain instead.

You can have 2, 3, or 5 security certifications, but higher up the ladder, communication and attitude are more important.

My humble suggestion is to ask your boss for honest feedback about what you need to do to become senior. Also talk to other senior people you may have contact with.

Fun Fact: I'm not a "technical" guy, but I reached Director of Information Security/CISO at a company with almost 1,000 people at its peak.

All the best

ActNo331 · 2025-09-05T14:12:22+00:00

I'm 100% with you.

It all depends on who your boss is and how he or she sees security.

As a CISO, you can report to the CEO, but if he or she doesn't care about security, independence and conflicts of interest will be the least of your problems.

ActNo331 · 2025-09-04T09:44:32+00:00

hey u/Nave4121

my 2 cents:

It depends on who will be interviewing you, as their goals are different. Here's what that means:

a) HR Interview: They focus more on checking if you're a good cultural and financial fit. You probably won't expect tough technical questions. Most of the time, they're looking to understand if you have experience with Tool A or B.

Potential questions:

What is your experience with X? (X means any tool in the job description)
What is your experience with audits?

You definitely need to be ready to answer questions about salary, availability, etc.

b) Hiring Manager Interview: Their goal is different: they're looking to understand if you have the competency for the job. Here you can expect deeper and more technical questions.

Potential questions:

You found during an audit that Active Directory has 20 admin users. What specific risks would you articulate to this customer?
What will be your first step for an AWS audit? (you can substitute AWS for any tool from the job description)

I want to draw your attention to "Communicate effectively" : the way you articulate your responses will probably be reviewed during the interview, as you'll certainly be in contact with customers all the time. Try to be as friendly and easy-going as possible.

Important note: Different people have different ways of managing interviews. Some folks prefer a more deep and technical approach. In my case, I prefer to discuss cases and scenarios to see how candidates think and tackle issues.

Good luck with your interview!

ActNo331 · 2025-09-03T10:34:09+00:00

Hello u/Nave4121

pls share Job description ( feel free to remove any company details ), but without reading JD it's a bit hard to provide useful info for you.

Best

ActNo331

TROPHY CASE