This is an automated archive.

The original was posted on /r/cybersecurity by /u/Garlic-George-420 on 2024-01-24 02:34:28+00:00.

Hey y’all,

I was wondering how realistic this idea is:

You start working at a company as a pentester, and the employer essentially subcontracts you out to other companies for pentesting work. From there, you build relationships with the different clients you’re assigned to pentest for. As you move up the ranks and build more relationships with clients that you’re subcontracted to, you start winning your own contracts and working directly with those clients (and not through your company).

From there, you keep building a client base and essentially establish your own pentesting consulting firm.

I’m obviously skipping a lot of the intermediary steps and leaving out many details for the sake of getting to the main question: Would this sort of strategy be viable?

I see 2 reasons why it wouldn’t be viable:

First: A no-compete agreement with your employer will probably get in the way of contracting with their clients directly.

Second: Why would they switch to you? The only reason they would switch would probably be something like if you offered a lower price, along with the fact that you’ve been working directly with them, and not your employer.

So, do you think this strategy is viable?

Sorry if this sounds stupid and not very precise, I’m still a student so I don’t have any professional experience in the pentesting industry, except for stuff I’ve read about the industry and stuff I’ve heard from professionals.

If there is anything that doesn’t make sense or if I left any information out then just let me know and I’ll do my best to clarify.

Thank you!