Freelance Cybersecurity Trends
I recently had the pleasure of giving a presentation about freelancing and cybersecurity trends at Kennesaw State University (KSU). The students were fantastic, and we had a lot of great discussions.
If you don’t have time to watch an hour-long presentation though, I will break down the content below, focusing on four main concepts:
Freelance Forward Study
Rise in SMB Opportunity
ESG Study on CISO’s
Establishing a Cybersecurity Firm
Freelance Forward Study
The freelance industry is rapidly growing, and younger generations are reaping the benefits. The 2022 Freelance Forward study found that freelancing has hit an all-time high, “up three percent from 2021” with a whopping 39% of Americans doing some kind of freelance work. 89% of the initial percentage is made up of younger generations, with a respective 27% being Gen-Z and 29% of Millennials claiming their work “entails creating some sort of influencer style content.”
However, 51% of all freelancers provided “services such as computer, programming, marketing, IT, and business consulting.” As a consultant myself, I fall into this category, and I employ a freelance marketing consultant. 91% of freelancers believe that their best days are ahead, and as the perception of freelancing continues to shift, and opportunities multiply, freelancing is “poised for a bright future.”
Rise in SMB Freelance Opportunity With the rise in opportunity comes the rise in SMB freelance opportunity specifically. Cyber security is very often put on the back-burner for small businesses, and the statistics are staggering:
51% of SMBs lack any type of cybersecurity defense plans
75% of SMBs could not continue operating if they were hit with ransomware
36% of SMBs are “not at all concerned” about cyberattacks
These numbers are troubling enough on their own, but when put in conjunction with the fact that the average cost of a data breach in 2022 was $4.35 million, up 2.6% from 2021’s $4.24 million, they become even more so. Small businesses often do not have the skills needed to protect against cyber threats, whether it be due to a lack of skill or resources.
“60% of small companies close within 6 months after a cyberattack”
“46% of cybercrime breaches impact businesses with less than 1,000 employees”
This is where freelancers and out-sourced CISO’s come into play. They can help to bring these percentages down greatly, protecting these organizations while allowing them to focus on what they’re good at.
ESG Study on CISO’s Enterprise Strategy Group released a study on the latest statistics in the industry, with some interesting numbers pertaining to CISO’s.
73% of survey respondents said their organization employs a CISO
43% believed their CISO had been effective
5% of survey respondents say their organization employs a virtual CISO (vCISO)
The market for virtual CISO’s is growing, albeit slowly. For me, working as a vCISO allows more variety and flexibility in my workday. With the push for remote work because of COVID-19 and the shift in the workplace dynamic, we will likely see an increase in vCISO’s, as well as other virtual professions within the industry.
Establishing a Cybersecurity Firm
Now for the part many students were excited about, establishing their own cybersecurity firm. The first few things we discussed them needing to get their businesses started are as follows: business license, a separate bank account, and a domain for the website, as well as a professional email and social security accounts. When it comes to finances it is important to make sure to split all receivables. For tax purposes I told them they should consult a CPA for maximum deductions, and always make sure they are contributing to at least two types of retirement accounts.
A huge part of running your own business includes networking and, at times, partnering with others. We discussed things like white labelling, relationships with end customers, and looking into diversified offerings. It is important to start building up that LinkedIn network now, that way they will have plenty of contacts at their disposal.
We also talked about how important it is to have the right tools. First we went over the need for a business computer with plenty of horsepower and storage, as well as dual boot and virtualization. I also told them to always be sure to utilize their local lab to compute and network. Finally, there is a long list of other necessities one may run into, but I recommended having all of the following to get started out: travel accessories, office / WFH kit, VPNs, and plenty of cloud resources.
Beyond the basics, I also provided the students with some resources to continue their skill development. For practice environments I suggested offensive security proving grounds, DC404 NetKohH, and to look into the plethora of CTFs available this year. I also recommended they listen to some podcasts on the industry, namely Recorded Future, Security Weekly, and Darknet Diaries. Additionally, I recommended Help Net Security, Ars Technica - Security News, and Packetstorm as great news sources to keep on top of the latest in the industry.
While there is a lot that goes into creating their own cybersecurity firm, it is a great end goal for those who are starting their careers in freelance cybersecurity because it allows for the freedom and flexibility of making your own schedule, and I think the students were really excited about looking into it as an option.
Freelancing is becoming a much more accepted “full-time” gig for many professionals in the industry. If it continues to grow, as it has in the last few years, we are sure to see many more young professionals turning to freelancing rather than a traditional 9-5, as it will give them flexible work schedules, and the ability to work wherever, whenever. It also provides great training in the event they wish to open their own firm one day.
I am so thankful I had the opportunity to give this presentation at KSU and would like to thank Dr. Mattord and his students for having me.