My software engineering and sysadmin background overlapped a lot with security, and I found flaws and recommended security solutions at every company... so I pivoted my career to full time security engineering for multiple companies. I eventually saw enough massive oversights and targeted attacks to operate as though any person or system that lacks strong accountability for their every action is compromised.

Most companies can not afford to meet this kind of zeroish-trust threat model, so I moved to roles in fintech companies where they -must- think this way as they are highly targeted.

I realized though the highest value I provided to employers in addressing security problems happens in the first few weeks, then spot check pentests and advice a few hours a month after that while I build tooling. I also got tired of writing internal-only security tooling and practices I knew so many companies really need. I concluded the only assured way for me to be able to open source my tools and practices and get them refined by collaboration and exposure with a lot more organizations was to start a company with that mission.

I founded Distrust and my full time employer at the time graciously agreed to be my first part time retainer client. Turns out, many companies want pentesting and full stack security consulting retainers where someone can integrate into their team and help architect practical solutions unique to each company. Even companies with their own security teams benefit from a part timer with a perspective on security problems and solutions at many other companies with similar threat models.

Word of mouth has kept my schedule full enough to raise rates and justify building a small team last year. Best career choice I ever made.