Contracting is different from consulting in a number of ways.  Primarily, contracting takes me one step further into my client's business.  Instead of working outside the organisation delivering (consultancy) products to a senior security professional, contracting has me working inside the organisation delivering on behalf of that professional to their internal stakeholders.

This is a different style of work and it requires a different style of communication.  Instead of explaining complex ideas to a subject-matter expert, I am more likely to be communicating essential messages to people who are not (and usually have no wish to become) security experts. The ideas are more focussed, the language simpler, and the purpose is to achieve a result rather than to explain.  This is a valuable skill I have developed, and it benefits my consultancy work as well as being essential for successful contracting.

My most recently completed contract was a part time one, three days a week, that blended well with my continued consultancy work.  Initially a six month contract to develop a particularly detailed security policy, it became a two year contract to develop a complete suite of security policies.

♦  I developed a Policy Framework showing all the security policies the company needed needed and how they related to each other.
♦  I developed a standard policy format so all the policies would have the same look and feel to them.
♦  I then developed all the policies, 18 in total, plus associated supplements and guidance documents.
Alongside this policy work, I helped with developing the business case for a multi-year project, helped get a project back on track when it was in serious need of rescuing, and dealt with a number of other issues that arose from elsewhere within the business.

An interesting and useful variation from my normal consultancy work.