Starting a Security Consultancy for SMEs: Need Advice on Niche, Pricing, and More

0
0
Asked By TechWhiz482 On

We're two experienced sysadmins with over 15 years in the field, and we're tired of the salary caps and the inability to implement best practices in our current roles. We have a background in infrastructure and security, specifically with Entra, Intune, Defender, Exchange, SCCM, and Ubiquiti, and we're certified in AZ-900, SC-900, and PRINCE2. We've mostly worked in schools and enterprises, and now we're looking to go independent.

Our initial service offerings include:
- M365 Secure Starter (MFA, Conditional Access, compliance, Defender baselines)
- Cyber Essentials and CE+ readiness and remediation
- Azure cost optimization and licensing audits
- Wireless upgrade plans

We want to deliver outcomes similar to managed service providers, but without the upselling. Our target clients are UK SMEs with 25 to 400 employees, particularly in legal, healthcare, charities, and professional services. We're contemplating a model where we conduct a fixed-price audit, follow up with remediation, and provide light ongoing policy maintenance.

Now, we have a few questions:
1. Is our niche focused enough for UK SMEs, or should we narrow down further?
2. What pricing strategies are working best for you—day rates versus fixed scopes?
3. What are the best channels to find our first five clients? Should we look at MSP partnerships, IASME bodies, LinkedIn, or referrals?
4. What essential contracts or insurance do we need for a small security consultancy?
5. Any tips for getting Cyber Essentials certification as a readiness partner?
6. Finally, what are the biggest pitfalls you think we should avoid in our first year?

2 Answers

Answered By SecurityGuru23 On

You're definitely on the right track with focusing on M365 and Cyber Essentials! SMEs, especially in sectors like legal and healthcare, are under pressure to meet these standards and often lack the in-house talent. Fixed pricing is generally preferred by SMEs over day rates because it gives them a clear idea of costs. For your first clients, referrals and LinkedIn may yield the best results. Don’t forget to nail down your professional indemnity and cyber liability insurance before signing any clients. Good communication with certifying bodies is key for Cyber Essentials—document everything and over-communicate!

TechWhiz482 -

Thanks for the insight! I appreciate the tips on pricing and communication.

Answered By UserExperienceGenius On

Starting your own consultancy sounds exciting, but be ready for some challenges. Many folks think running a business means doing only the fun parts, but you’ll end up wearing a lot of hats—from finding clients to handling invoices. It's important to have a solid business plan in place and at least a couple of clients secured before you fully commit. It might take a while to establish your reputation, so make sure you're prepared for some lean months at the beginning. Good luck out there!

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.