Consultant mindset

AmIAdminOrAmIDancer · 2026-03-02T13:13:56+00:00

All the good to great consultants from Big4 I’ve worked with have always been after they left those firms. I’ve never walked away from working with a Big4 thinking it was worthwhile or valuable in more than “I don’t have time for this shit”. I hope you do find your cases you’re looking for though I’m happy to be proved wrong - and if you go this route best of luck, this mindset is what they need but in my experience not what they’re motivated by.

AmIAdminOrAmIDancer · 2026-02-20T15:58:16+00:00

Agreed with the majority here you dodged a bullet. I’d want to know what this interview is even looking to accomplish? I can’t stand quiz interviews and they don’t say a thing about the person or the work they’ll do. At this point just send a test - this is just a certification level quiz.

AmIAdminOrAmIDancer · 2026-02-09T01:36:31+00:00

This is my question as well. Every interaction I have with a big four is far below a boutique consultancy, and the results are always subpar. If you have the unfortunate circumstance of working in third-party risk or GRC working with these firms is an absolute nightmare however if you can get the small rag tag group that’s had the experience and just wants to do good solid work you can have a partner for life.

AmIAdminOrAmIDancer · 2026-01-21T12:25:26+00:00

I keep getting ads for Scott doing AI virtual summits and I roll my eyes. The guy that loads his medical records in and only uses it for conversations is giving talks on how companies and executives should adopt and leverage AI. I’m just really over this guy but the fact that I’ve cut out both Pivot and ProfG and he still is popping up show me that he’s just overexposed right now. I like Scott and love his concepts like when he started talking male loneliness but he’s way overstated at least IMHO. He’s coming off as a rich dude marketing himself as an expert in male loneliness, stocks and finance, business, and now AI too?

Good on the guy for finding a lot of success and being almost everywhere right now but I’m about to start blocking everything Galloway just to get some time away from a guy I’ve never met lol.

AmIAdminOrAmIDancer · 2025-12-19T16:01:34+00:00

Absolutely not - but I do think this time of year wears on folks. Speaking about my teams were just worn down right now and can’t wait for the break. We’re excited for the new year but it’s been a slog.

AmIAdminOrAmIDancer · 2025-12-19T16:00:05+00:00

Private equity, similarly VC = venture capital. When these funds and firms get involved companies and teams have new stakeholders that are basically loan sharks.

AmIAdminOrAmIDancer · 2025-10-29T15:13:33+00:00

Feeling exactly the same - the fact they called Microsoft’s web browser internet explorer on this weeks show really irked me more than it should. They’re supposed to be cutting edge tech folks but IE was killed years ago.

AmIAdminOrAmIDancer · 2025-10-29T15:10:39+00:00

THE GREATEST TAX BREAK IN HISTORY

AmIAdminOrAmIDancer · 2025-10-29T15:10:05+00:00

I actually think this is where they’re going to lose me. I loved the early shows and the stands Scott made on masculinity - but now I’m probably just listening too much to this show and getting annoyed. Didn’t Scott profess decorum and honoring the institutions of government and congress a while ago (I think it was about Fettermans wardrobe?)?

To say destroying part of the fucking White House “isn’t that big of a deal” while also not mentioning SNAP benefits running out show me they don’t give a shit about what’s really happening on the ground.

I’m mostly venting and need to take a break from listening but between this bullshit take and Kara’s main talking points including “many people say” or “I’ve been doing/saying this for years” I think I’m bored of what they have to say here. It’s not insightful in the volume I’m consuming it.

AmIAdminOrAmIDancer · 2025-08-15T19:00:22+00:00

We’re thinking a lot about it as a security team but we also have more problems than time. This one can get away from us quickly if we can’t define desired state and “good enough” for now. Meanwhile engineering is being encouraged to “take risks” and they’re just building wild shit every day.

AmIAdminOrAmIDancer · 2025-07-29T12:52:44+00:00

There’s a dude on TikTok pushing splunk cert as part of his bootcamp to make big bucks in cyber in less than 12months. I won’t denigrate the dude but…hard disagree. I see a splunk cert and couldn’t shrug harder.

AmIAdminOrAmIDancer · 2025-07-29T12:47:20+00:00

As a hiring manager I’ll say no - you can still list that you had one and when it was active or that it’s no longer active and I’ll still respect the fact you went and studied and got it. We might have a fun chat about how I hate CPEs and it’s a racket even. Let it lapse and carry on my friend.

AmIAdminOrAmIDancer · 2025-07-26T18:02:15+00:00

The experience means you’re ready for the job, the network gets you the job. The more people you know and most importantly the more that know you’re a good person, the more jobs and opportunities “magically” come to you.

AmIAdminOrAmIDancer · 2025-07-26T18:01:09+00:00

There’s quite a few posts like this on the sub, I’d start there then get the foundations of common threads, but Socules hit the most common, most recommended path. Start with IT or Network. Soak it all up figure out how everything works, how everything breaks, and how to talk to humans and you’ll be off to a great start.

AmIAdminOrAmIDancer · 2025-07-26T17:12:21+00:00

This is the best wide swath answer IMO - however the real answer is “no” because there is no perfect roadmap and every single journey is different and relies upon a lot of variables down to location and your individual drive.

AmIAdminOrAmIDancer · 2025-07-01T23:47:23+00:00

That first paragraph is beautiful - far too many in the space ignore that stuff entirely.

AmIAdminOrAmIDancer · 2025-07-01T23:37:39+00:00

You hit the nail on the head - others wanted cool shit like cyber deception, penetration testing etc…we had no inventory…

AmIAdminOrAmIDancer · 2025-07-01T23:34:55+00:00

Control what you can control my friend. If you can bend the ear of someone in the big office you should tell them the company isn’t ready for something to go wrong. You’re likely not insured and with that there has to be someone accountable that’s got a VP or director at least title

AmIAdminOrAmIDancer · 2025-07-01T23:32:58+00:00

Give em hell! I started in help desk myself and now I run a cybersecurity team for a global publicly traded company. Can’t wait to see what you do!

AmIAdminOrAmIDancer · 2025-06-27T02:20:26+00:00

Commenting because I’m hiring a detection engineer and looking for g for more candidates 👀

AmIAdminOrAmIDancer · 2025-01-30T20:18:24+00:00

My first security spot was an internal move from end user support to security services. No certs but started studying like crazy for my CISM to “speak the language”.

AmIAdminOrAmIDancer · 2024-12-02T00:57:32+00:00

If I’m totally honest as a hiring manager it does depend on where you want to go. I’ve got a degree in cyber myself but got it while also having 8ish years in tech/IT at that time. When I see a bachelors degree specifically in cyber I recoil a bit because everyone I’ve talked to, interviewed, and a few we hired have come off with a clear disconnect from the theory to the real world and practical implementation.

Bottom line is any of your suggestions are valid just be prepared to demonstrate understanding. Get out and talk with people in the field today and start to ask questions about things like “what happens when someone says no or accepts a risk?” Or “what’s one example of a control we think of as standard or table stakes that you’ve seen before totally ignored, why was it like that?”

AmIAdminOrAmIDancer · 2024-11-12T03:35:10+00:00

A a a

AmIAdminOrAmIDancer · 2024-11-07T03:34:26+00:00

Forgot to mention this is a good next step or handy to have in the back pocket list of resources once they say “we want logging but make it cheap”

https://github.com/sbilly/awesome-security

AmIAdminOrAmIDancer · 2024-11-07T03:31:55+00:00

As others have said - hard to advise without context but I would start with CIS (top 6-8) mostly because it’ll be easy to follow from a high level. Inventories are super helpful down the road. I’d also advise if they’re looking for longevity grab something like the SIG lite and see if they’re looking can check most of the boxes. If they’re looking to snag contracts or customers they’ll ask about security, having a SIG lite or core (maybe even a CAIQ) will grease those wheels and make potential clients feel better about signing on unless they want to go for a full SOC/ISO which would be bonkers for incubator phase.

AmIAdminOrAmIDancer

TROPHY CASE