A few years ago I was working as an application security consultant at Accuvant LABS. I had been reading the small business and consulting writings of tptacek and patio11 on this site and elsewhere for some time before then.<p>My experience as a security consultant was mostly working with very large enterprises. The technical work was interesting for the most part, but there was a lot of mundane "process" minutia and bureaucratic scar tissue. I noticed that kickoff calls with these companies would involve myself and any other technical consultants scheduled on the engagement, sales representatives, my immediate manager, a "solutions architect", the account manager, several people from their side, etc...I also witnessed a lot of "we'll get back to you" and inefficient internal team communication happening. At the time they were billing out consultants for $10-12,000 per week, but each consultant was only typically paid about 20% of that. A lot of value was being captured by a process very clearly designed for enterprise sales funneling, whereas the technical meat of the process was receiving a relatively smaller portion of the value.<p>So I left that company and started my own consultancy, aiming to effectively streamline the logistical for a smaller absolute rate while capturing nearly all of it individually. I began by focusing on smaller clients, particularly seed stage and VC-funded tech companies. I differentiated myself by 1) setting my weekly rates at approximately half of the market norm, and 2) handling all the foregoing roles on my own. On kickoff calls I could confidently speak about the end-to-end process both technically and logistically. In particular, I prioritized getting technical cofounded on kickoff calls in one-to-one or one-to-two settings, doing technical deep dives to demonstrate value, and consolidating all the answers into a single half hour call. For the most part, this was extremely effective - founders enjoyed having a single person to speak to who could fluidly transition between both "languages" for them.<p>After the first few clients, I started asking each founder directly for a referral to other founders they knew who might need help with security. Within the first year I no longer had to do any sales; all new clients were coming in through passive referrals, and my personal compensation well eclipsed my former salary. I focused on getting early champions and repeat clients who would excessively evangelize my service. In return, the folks who sent me referrals early on have been promised a lock into the low weekly rate for the life of my consultancy, and at this point I've raised my rates enough that my pricing has nearly reached parity with the large, enterprise consultancies. However, I've entirely avoided large enterprise companies, and I keep the sales cycle to a few weeks at the most (with a few outliers here and there).<p>Now having said all of that, if I'm being fully honest with myself I feel that much of the success of my consultancy comes from being very lucky - particularly in the beginning, with respect to finding initial clients. I don't think it's at all typical to achieve a fully passive sales funnel in year one of a new consultancy. But I don't have any sense of how much that achievement is attributable to my own networking skill and business savvy (or excellent technical work) rather than to being in the right place at the right time.