Cyber Consulting in France

Looking for a new job is hard. Many people want to grow their career with one company, whereas others want to see multiple environments and always work in “project mode”.

Joining a consultancy is a great career option. But you need to choose carefully. This advice is specific to France, however most European countries follow a similar setup.

Here’s a summary of the French cyber consultancy market:

This may be useful to you if you are:

• looking for your first consultancy role
• are working at a consultancy but don’t really know the difference, or
• are coming from a foreign country (usually Algeria / Morocco / Tunisia) and have found yourself a bit stuck

Why should you listen to me?

You don’t have to. But I’ve recruited in the French market for the last 12+ years. For the last 6 years, more than 50% of my placements have been in Ile-de-France, placing cyber security professionals from ~60k EUR salaries up to CISO / VP level.

There are 3 main types of consultancies:

• Professional Services
• Large ESN Companies
• Small SSIIs

1. Professional Services Companies

These are “Big 4” type companies, including Accenture, etc.

Much of the work is long-term projects. Most win their clients on a long-term basis, i.e., running the entire digital transformation for a client, and will include multiple business units (including cyber).

You will be a true “consultant” pretty quickly, where you will work closely with the business. You will be expected to be at the top of your game, so work (and potentially workload) may be challenging.

You may work on short-term missions, but this will not be the bulk of your projects. They provide excellent training and progression. You may spend slightly longer on the bench initially, while waiting for your first project. Don't worry, that's completely normal. Just make sure you spend your time upgrading your skills.

Some companies are more flexible than others. One may offer you exactly the same type of mission (i.e., ISO 27001 implementation for local French insurance companies), whereas others may offer you the chance to broaden your skill set. Find this out when you interview.

Salaries will be good, but not the highest of the 3. They will have a global name, which will be good for your CV, especially if you are looking to work abroad. You will always have work, it is very unlikely that you will be “on the bench”.

2. Large ESN Companies

These are large IT Consultancies (Capgemini, Sopra Steria, etc.) and include companies like Orange Cyberdefense.

You will do a blend of long-term projects, and short-term missions. These companies usually charge slightly less to their clients than the Professional Services customers, so your salary offer may be lower. It’s a big global brand, and you will learn a lot.

You will work with a blend of Fortune 500 companies, and local organisations, and might also want to consider this type of company if you are looking to become a freelancer — you have the opportunity to build a good network. They provide excellent training and progression, where you will be part of a big team.

Again, you will be a true “consultant” quickly. Depending on the type of work, you may work closely with the business, or more on the operational side. The work will be challenging,

Check the utilisation rate of the team (this means how much of 100% the whole team are on missions). Some give time for training / writing whitepapers, whereas other teams are close to 100%. This may seem appealing, but it means any additional work needs to be completed in your own time.

3. Small SSIIs

There are two types of SSIIs: specialist “pure players”, and IT body shops. You want to work for the “pure players”.

Pure Players

These work in a similar way to Professional Services companies. Though they do not have the global name, they are highly-regarded in the French / European market, and will provide excellent training and long-term projects. You may work on short-term missions. The good ones keep utilisation at 80-90%, so you have time for training, writing whitepapers, etc.

Salaries at these companies vary from ESN-levels to above-Professional Services levels depending on the company.

IT Body Shops.

We don’t work with these types of companies, and you should be cautious. You will work 100% on missions, (usually) in a flat-structured business. It is hard to progress internally, you can only progress your career technically, working on missions. Some allow time for training/certifications in order to upskill their staff, but you may need to do this in your own time.

These are the types of company most likely to put you “on the bench”. They usually charge the least amount for their services, which means you will work on varied projects, sometimes working on tasks outside of your specialism. You can become a very good consultant working in these businesses, because you need to understand the “big picture”, and learn to be flexible.

Historically, these companies pay the least. However, since Covid, they have been increasing their salaries in order to attract good candidates. There is usually high attrition (staff turnover) in these companies. Make sure you do your homework and understand what you are joining before you sign the contract.

Many of these companies are also first companies for people coming from Algeria / Morocco / Tunisia. You may have joined one of these companies at a very low salary. Alternatively, if you understood the salary levels in France, you negotiated hard. But now you’re stuck because you want a salary increase when you move — but don’t understand why other (better) companies won’t pay you more.

___

With a high demand in the cyber security market, you may also be tempted to go freelance. Another great option, but make sure you know the risks and have a good network before taking the step.

Take a look at our article:

5 Steps Before Becoming a Freelancer in the Security Market

___

Whenever you’re ready, there are 2 ways I can help you:

1. If you're an Employer:

→ Read our Free Guides: 10 Step Guide To Hiring A Security Specialist and 7 Steps To Fix Your Recruitment Process.

→ Download our Free eBook, “13 free tips you can use right now to hire security talent”. This is our ultimate 27-page guide to building your security team.

→ Or speak to me directly here: Book a Security Hiring Strategy Session.

1. If you're a Candidate:

→ Read our Free Guide: How To Negotiate Salary.

→ We place security specialists across Europe. Get in touch if you are looking for another opportunity.

→ Or use our CV Rewriting Service to Fix Your CV.

___

If you liked this, please drop me a comment or get in touch. You may also be interested in our last Newsletter: Struggling To Recruit? Read This.

Thanks for reading.