IT security consultants tend to be busy people. Given the widespread shortage of professionals with skills in many different aspects of cyber security, organizations frequently need help from outside experts.Like many others who work in information security, Kevin Beaver, did not initially set out to pursue a career in the field\u2014or to eventually become an independent IT security consultant. \u201cDuring my senior year of high school, my late mother, Linda, encouraged me to go to college and study computers. That seemed to be a growing field with lots of opportunities,\u201d Beaver says. \u201cMy mom was exactly right! My computer studies led to me pursuing this thing called computer security.\u201dFor his undergraduate college education, Beaver attended Southern College of Technology\u2014now Kennesaw State University\u2014and received a bachelor's degree in computer engineering technology. He attended graduate school at Georgia Tech and received a master's in management of technology.While in college, Beaver held part-time positions at companies including IBM, Hewlett-Packard, and Lotus Development. \u201cThese were call center\/help-desk related jobs,\u201d he says. \u201cThose roles taught me how to best deal with people and learn the technical ins and outs of the products I was supporting.\u201dIt was the IBM job that Beaver says helped him eventually find his calling as a consultant. \u201cIt was a systems engineer role at IBM,\u201d he says. \u201cIn that position, I had to write proposals, do the technical hands-on work, write reports, train users and so on. I quickly learned that being self-sufficient, disciplined, and most of all a good communicator were essential for the role as a consultant. It all just felt natural to me.\u201dThe year he graduated \u201cwas the year the World Wide Web really took off and the internet as we now know it provided a lot of opportunities for security\u2014even way back then,\u201d Beaver says. \u201cSo, the first six years of my career were focused on computers and networks, but it was a very natural transition to move into security.\u201dAfter returning to IBM as a systems engineer at a division thatfocused on K-12 computers, software and services, Beaver landed his first full-time job out of college, with a local K-12 school system. \u201cWith my new computer engineering-focused degree and six-plus years of IT work experience, I thought I knew it all,\u201d Beaver says. \u201cBut my new role as technology manager quickly put me in my place. Not only was the technology at the school system dated, we had this thing called \u2018the internet\u2019 that we wanted to connect the schools to.\u201dFor the next three and a half years, Beaver learned more than he ever dreamed he'd learn about workstations, servers, LANs, WANs and, in particular, firewalls and web browsers.That job \u201cgave me the experience I needed to start winding down my career as a regular employee and transitioning to a full-time consultant,\u201d Beaver says. His next three jobs in the late 1990s and early 2000s were as a network security consultant for a value-added reseller, an IT services director for a systems integrator, and an information security manager for a dotcom company in the business-to-business marketplace.\u201cThe role as the security consultant was amazing,\u201d Beaver says. \u201cI developed a ton of connections across the Atlanta area, many with whom I'm still connected nearly two decades later.\u201d The IT services director role was short-lived and forgettable, he says, but the dotcom role helped him get to know the inner workings of the big hosting\/collocation companies and the legal ins and outs of large online marketplaces. \u201cIt was the final kick in the pants I needed to go out on my own and be happy with that decision,\u201d Beaver says.In 2001 Beaver launched his own information security consulting firm, Principle Logic LLC, which provides a variety of security assessment and penetration testing services as well as consulting. A big part of being a successful independent consultant is being independent by nature. \u201cBy and large, I think I'm just a guy who likes to think for himself and make his own decisions,\u201d Beaver says. \u201cI was that way as a child and, apparently, you never grow out of that.\u201dThe consulting roles he has held felt right to him. \u201cI'll have to admit, it wasn't just my love for the role,\u201d he says. \u201cIt was also me working [full-time] for other companies, where I witnessed bad management literally run the businesses into the ground. So, I promised myself that I'd never work for another company again.\u201dThe \u201cemotional intelligence\u201d Beaver says he gained over the years of working for companies has helped him interact better with clients\u2014everyone from IT directors to CIOs to executives. \u201cThe people and business side of my experience is priceless,\u201d he says.Working as an independent IT security analyst has not required Beaver to return to school or get any specialized training. \u201cOutside of the inner workings of computer hardware and software that I learned a lot about in my bachelor's degree program, fortunately I timed the IT and security industries really well and learned what I needed to on the job,\u201d he says. \u201cThat's the best kind of experience anyway.\u201dLooking ahead, Beaver\u2019s plan is to continue to get better at what he does. \u201cI have a guiding principle in my goals document that says, \u2018I strive to be a knowledgeable and sought-after consultant, writer and professional speaker,\u2019\u201d he says. \u201cI focus on personal market dominance and continually work to be known in the industry as a person of value."Learning and growing is a continual process, Beaver says. \u201cI know that in order to continue competing with the big, name-brand consulting firms I have to promptly do what I promise and provide valuable deliverables, that my clients are not just \u2018satisfied\u2019 with but [that] also build loyalty,\u201d he says. \u201cThat's what keeps them coming back.\u201dMany companies are hiring independent outside consultants to act as interim CISOs, and others are using consulting firms to do the same,\u201d says Joyce Brocaglia, CEO of Alta Associates, a leading executive search firm specializing in cyber security. In addition to having a thorough understanding of technical issues, consultants aiming to provide high-level cyber security leadership need to have a good knowledge of business.\u201cGone are the days that companies are searching for CISOs [or consultants that can fill that role] based on their technical competencies alone,\u201d Brocaglia says. That role \u201cis now valued as a bridge for business enablement, so these leaders need to demonstrate collaboration and influencing skills with business stakeholders, be able to effectively and succinctly present to the board, interact with regulators and have the capability for the development of an overall risk strategy for their companies.\u201dAccording to Payscale, the median income for a security consultant is $82,476. \u201cConsulting incomes are probably harder to measure given the lack of corporate HR data,\u201d said Beaver. \u201cAs with any income, it can vary greatly depending on the value you bring to the market, the level of diversity you have in your work (e.g., consulting and writing, speaking, etc.) your productivity skills, and so on. With two different consultants doing generally the same work, their incomes could vary by hundreds of thousands of dollars." download What it takes to be a security consultantCSOA big part of being a consultant is being prepared to hustle for the work you get. \u201cThe most difficult, yet most potentially rewarding, part of being an independent consultant is generating and maintaining cash flow,\u201d Beaver says. \u201cYou hear some people say they're on a \u2018fixed income.\u2019 As a consultant, you're on no income. Every week brings new opportunities for not only doing all of my billable work but also generating new leads and landing new deals.\u201dThis is why Beaver has started saying he\u2019s in sales when people ask him what he does for a living. \u201cAt the end of the day, that's what it's all about,\u201d Beaver says. \u201cIt's selling my personality, my specific expertise, and my wisdom. Succeeding as a consultant is 100 percent dependent on the value I bring to the marketplace. This not only requires being at the top of my game with security, but also being a savvy businessman who stays on top of time management and goals in order to maximize my utilization.\u201dAbove all else, the most critical aspects of working for himself, especially when he\u2019s competing for much of the same work as the big players in the space, \u201cis to continually work to improve my deliverables and be someone who builds and maintains strong relationships with my clients, business partners, and others who can support my efforts.\u201dAnything else we missed? Head to Facebook to add comments.