I’m wrapping up my second full year going solo, so it’s time for me to review and reflect on the year. I get a ton of questions about what it’s like being independent. It’s exciting to be able to replace the day job! It can be scary as well, which is why I take the time to be transparent and share my experiences.

I was really worried in the beginning, but things have gone better than I could have hoped. I’ve been regularly podcasting for nearly half a decade now, which has really helped me hone my organization and speaking skills. Particularly because I’m interviewing hundreds of people every year, often live - not just reading a script into a camera (that comes with its own, different challenges).

I doubled my income in 2025, and I have a theory on how this was possible.

Despite hundreds of hours in front of a camera, I still have a lot of room for improvement. I still struggle with ‘filler words’ (mine are “um” and “you know”). I sometimes lose track of what the guest is saying, because I’m thinking about where to take the conversation next and checking my notes. I’m clearly biased and too close to be objective, but this is what I think my formula boils down to:

1. I’m good enough on camera and as a host.

2. I carry around 25 years of domain experience, which allows me to relate to the guest, the audience, and ask intelligent follow-up questions

3. I’m organized and prepared for every event, podcast, and webcast

4. I show up

The combination of these things has resulted in getting offered more and more work, without me having to go out and solicit for it. It’s not that I’m clever and discovered the right recipe after trying different combinations. I’m organized and prepared because I have to be - my ADHD would make it impossible to stay focused and organized during a recording without and intro/outro script and a list of topics to discuss. I got good enough on camera because I forced myself to watch my own recordings and improve the lighting, the camera, what my face is doing while I’m listening, making sure I’m letting the guest do most of the talking, etc.

Number 4 is an interesting one though. I’ve often had opportunities because I was available and willing. Someone else didn’t show up and they need an alternate. A substitute. I did a good enough job as a substitute that I started landing regular gigs. I sought out criticism and advice. I started getting good feedback from clients, guests, and the audience. I made wise choices and got really lucky when seeking out co-hosts.

I think I keep getting work primarily because I make myself available. I almost always say yes and I get the job done. I’m guessing most organizations would rather work with one reliable consultant than have to bounce around between 5 or 6 that say no 50% of the time.

Do I like what I do?

So, yay! I’m making a living as a creator. I’m my own boss. I set my own hours. I can go on vacation and travel when I want. Do I like the work though? Is it sustainable?

Heck yes. I love it and couldn’t imagine going back to a corporate job.

I was watching TV the other day and all the commercials were trying to be relatable with messaging like, “haha, bosses suck, yay weekends” and “this meeting should have been an e-mail”! It occurred to me that I couldn’t remember the last time I was in a meeting that was wasting my time. I’m 100% engaged in every meeting I’m in. When I’m done, the meeting is done. This doesn’t suck.

I also travel extensively with my partner. When she travels for work, I go with her. When I travel for work, she often comes along. With the exception of in-person event work, 100% of my work can be done from anywhere I can find an Internet connection. This also doesn’t suck.

Almost all of my job requires me, an awkward introvert, to be in front of a camera, talking to people. Maybe it’s the repetition, but I’ve become comfortable with it. The days where I have to churn out two podcasts and a webinar in the same day are very, very draining. Thankfully those aren’t too common.

I’m the product now, but in a way, so are the other folks I work with. We have to get along. We have to be engaging and entertaining on camera. I’m learning some interesting skills here. Some folks can’t answer a question with less than 10 minutes of words. That’s unfortunate, as it limits the amount of content we can cover. Thanks to the prep calls we do, however, I have an opportunity to sus out that trait and plan for it when we’re live.

Some folks (particularly the Nordic variety, I’ve noticed) are very concise and efficient with words. If I don’t plan for this, the webinar will be done in 20 minutes, or the podcast interview done in 10. Managing time, questions, the flow of conversation, and keeping an eye out for audience questions is challenging, but rewarding.

So yes, I like what I do, but I’m probably overdoing it. I should probably say ‘no’ more often, but saying no makes me nervous. What if saying no makes the opportunities start drying up? What if saying no makes someone else “the guy that always shows up”?

What did I do in 2025?

Some highlights included doing live interviews at Zero Trust World, RSAC Conference, Identiverse, and Oktane. These short, 15 minute interviews are a lot of fun. After years of working with some startup folks in Armenia, I finally went there for a visit and spoke at the BSides Yerevan and CyberGEN conferences.

I was excited to speak at BSides San Francisco for the second year in a row. I went all out and customized my talk to fit the conference theme: Preparing for Dragons: Don’t Sharpen Swords. Set Traps, Gather Supplies!

I particularly loved the work I did with HD Moore, Tod Beardsly and the other folks at runZero. The vulnerability management market is so overdue for reinvention and the folks at runZero are helping to lead that movement. In fact, I’m SO passionate about vulnerability management, I had to make a reminder for myself when interviewing Tod on Enterprise Security Weekly: “don’t be an asshole, let Tod talk”.

Rob Allen from Threatlocker is always a blast to interview and has the craziest stories. My recent interview with Wendy Nather on Toxic Anthropomorphism in AI was a recent highlight as well.

Outside of CRA webcasts and podcasts, my IANS advisory calls with enterprises kept me grounded in the reality of what enterprises are actually dealing with. I also particularly enjoyed getting to create and build the Alice in Supply Chains podcast alongside Alexandre Sieira, Mariane, and the other folks at Tenchi Security. This was the first podcast I’ve built for a client from the ground up. The design was a collaboration, but I prepare, produce, edit, and deliver every episode myself. Alexandre and I have a great time recording every episode, and it has been eye-opening watching and learning the trends in the third party cyber risk space.

I honestly did so much in 2025, it would probably take me days to go through everything I did and pull out all the highlights!

Here are the numbers, if you’re interested:

Goals and Changes for 2026?

In 2025, I did a webcast from a hotel room in the Paris airport. I did two webcasts and a podcast from Armenia. I did podcasts and webcasts from Barcelona, San Diego, Toronto, Tuscaloosa, NYC, and St. Louis. I’m proud of my minimalist travel kit that makes it possible for me to deliver good quality audio and video from anywhere, but last year I did too much.

One morning, before my flight to St. Louis, I fell down a flight of stairs. My partner broke her ankle on the streets of St. Louis the next day. A week prior, we were discussing whether or not we were doing too much. We had our answer.

In 2026, I want to write more, research more, and start producing videos based off my writing (mostly think pieces, educational stuff destined for YouTube). I have a LOT of thoughts, ideas, and research to share, but I need time to mold them into something consumable. Eventually, I hope is to be able to monetize my writing and research.

I also need to get my stuff together and operate as a proper business. Since I wasn’t sure if going solo was going to work out, I didn’t initially get an LLC, logo made, business accounts, EIN, etc. This year, I’m going to do some adulting and separate business and personal. Just in the first week of January, I’ve checked off a lot of the tasks on that list.

It looks like I’ll be building another vendor podcast in 2026. I enjoy doing this work, but I’m a little worried about everything I do on camera sounding, looking, and feeling similar (same background, same dude, same brain). I’m thinking about how to make sure that each podcast I build has a unique look and feel.

I’m also trying out building training classes in 2026. Expect to see more from me on that front with Just Hacking and IANS.

Where you can find my stuff

• Hosting the Enterprise Security Weekly podcast

• Hosting the Alice in Supply Chains podcast

• The webcasts I do with CyberRisk Alliance

• Most of the advisory work I do is through IANS

• But the startup advisory work I do is direct - you can schedule something through my Calendly.