[debeers]

I run one-man security consulting business. Pays well enough to live comfortably and provides enough free time to work on side-projects.

Six months ago I started transitioning from service to product oriented approach with online vulnerability scanning service https://getroot.sh aimed at network administrators and webmasters.

I have another product targeted at penetration testers in works, to be released in couple of months.

[Covzire]

How long did it take to get your first client and do you have any advice for someone who would want to become a security consultant without having a large network of business contacts?

[debeers]

Initially I advertised among friends and former co-workers that I knew needed this kind of service for their own infrastructure. They became my first customers pretty much right away, but my first organic users came couple months later. I marketed primarily by writing articles on LinkedIn.

For the second part of the question - I'd say do some original research and publish it. Hang out where other security people are. Still, the easiest way is to build street cred and professional network while you work for someone else.