Got my first Meshtasic LoRa device today. Naturally there are no other nodes nearby, but the fact I have something up-and-running is great. I'm going to take it to #AtlSecCon in a few weeks to see if anyone else is there, just as an experiment.

#meshtastic #LoRa

Lost a prospect to a new competitor today. Lesson learned, but I feel no ill will towards either of them. The client was not going to be a good fit, and the competitor is basically a GRC factory that offers pentesting as well. They were a few thousand dollars cheaper than me, but the prospect was a young startup and just not my typical client size.

I did, however, appreciate how honest they were both in terms of who they selected, why, and by how much they "beat" me. I wish them well, but honestly these numbers help a lot. Competitive analysis is expensive, I don't have the budget for it, and most people ghost me when they go with someone else, so this was all golden for me.

Do I think they're going to do a great job? No, it feels like they do pentesting as a bolt-on service, nor something core. And while they boast about their roots being in the "Big 4", I don't think that's quite the flex they're making it out to be, but I can see where it will work for some folks.

As for myself, I have 2 more prospects to take their place, so I'll just be here to fit with the right client when they come along. If this was in my first year or two of operating, I would have taken it much harder. Now? No, now it's just realizing that my instincts were right. They were a referral as well, so it's not like my marketing failed, just a friend trying to do me a favour without realizing that we weren't a good match.

#entrepreneurship #businesslessons

Pricing is always a touchy subject. I have some clients who are thrilled with my pricing, others who don't question it, and then there are those that are looking to nickel-and-dime their way to get as much as they can for as little as possible.

Look, price is all relatiev. Compare me to another CREST accredited firm and I'll come in significantly less. Compare me to some kid in his mom's basement who will give you a report that's a glorified Greenbone report, then yes, I'll be more expensive.

The hardest part for me is getting people to know the difference. Some people just want to get the cheapest option and don't care about the thoroughness or the results. If you're okay with that, then I'm not a good fit. I have flexibility in my pricing, but we have to have some type of real discussion first. Sadly, I think today is the day that I close another prospect as "sale lost" due to their focus on price versus thoroughness. C'est la vie.

I've heard cyber compared to the medical field before. The argument is that botrh are constantly evolving and both cause it's practitioners to constantly learn new facts and techniques. This is accurate, but before the hubris takes over, remember one thing.

For the majority of cyber practitioners, we save livelihoods. For the majority of medical professionals, they save lives. Know the difference, and don't let your ego take over because of the similarities.

I acknowledge there are exceptions of course, but those exceptional individuals are not the ones who need this message.