5 Years of Running an OSINT Business… What’s it Like?
Note: This post is a bit different and is more of a personal reflection on the last five years running a business in the OSINT space. Hopefully you enjoy this more personal insight, let me know!
Today marks the 5th anniversary of me submitting the documentation to legally incorporate Perspective Intelligence. Originally named AaronCTI Limited as I was very creative and didn’t really think it through all that much… But I wanted to reflect on the last five years, how the business has slowly (very slowly!) developed into my (more than) full-time job, and what the future is looking like. Mostly because I think a lot of people are considering the route of self-employment in the wake of a rubbish job market in cyber, but also because there’s this beautiful notion of flexibility, freedom and the ability to go your own way (Go your own waaayyyyy). But how does that feel from where I sit, five years older, five years more grey hairs and on the bright side, more than five kilos lighter.
So what caused me to say no thanks to permanent work, relative job security and company benefits? Well, largely I think death by a thousand cuts in the corporate world, and an unrelenting desire to at some point try and be my own boss – Which is something that I’d never really been able to shake, along with the desire to develop and do things in my own way. I can’t overly stress that last point enough. In the corporate environment, I forever felt frustrated and that the job was made harder because of erroneous bureaucracy, death by project managers and ghost budgets for tooling or analysts that seemingly never came to fruition.
I also wanted to dip my toe in the water first, treating it as a side hustle and doing some OSINT investigations here and there for a few different clients on an ongoing basis. This was largely the first 2.5 years of Perspective Intelligence, but during that time I had worked with some great clients, been involved in different projects, focuses and some interesting jobs (and admittedly, some utterly bizarre ones). That initial period let me start to figure out “business stuff” like accounting, expenses, getting over the fear of sending an invoice for work done and to slowly get more comfortable with the idea that this is something I could do, I just didn’t have the client book or income to replace a salary yet.
The Move to Full-Time
So around 2.5 years ago now, I was able to take the leap from working a “real job” to suddenly being employed by myself, thanks to landing a contract role that would see Perspective Intelligence become a service-based business to an end client. Exciting! It was also at this stage that I’d started to consider what today I call ThreatLens® seriously. With the ability to now focus on servicing clients through the business, I was able to also focus on what the business could become. This has subsequently been the driving force for the last couple of years.
Contract work can be a mixed bag, though, at least in the UK in my experience so far. It’s great that you can find flexible working arrangements that suit you, are well paid and can be performed as contracted out services (we have this utterly stupid law called IR35 in the UK which effectively means you can be taxed to oblivion as a contractor “disguised” as an employee, without any of the benefits of being an employee). I’ve worked with some amazing people, teams and clients in the last couple of years, I’ve learned a lot by osmosis just by being around people in different environments and working on projects, and it’s all things that have enabled me to come back to Perspective Intelligence full of ideas or ways I can improve upon what I’ve been doing, and also enabled me to feel more comfortable with being uncomfortable with things.
But, and there is a really big but, it is far from easy, stable or reliable. Projects can end, companies can change direction, clients can be a terrible fit or companies can need to cut budgets – As a contractor you can be out on your lonesome with almost no notice. It’s imperative to plan and budget accordingly and to be strategic in your business decisions to ensure you don’t run out of money before the month is over.
The Sorry State of the UK Cyber Jobs Market & Building a Business
I was out of contract work for several months earlier this year.
It was incredibly stressful. We’d just remortgaged on to a much bigger rate meaning our payments were a lot higher, and suddenly I had no indication of if I’d be able to keep up payments beyond the runway I had set aside. Remortgaging also meant that I’d actually moved a significant amount of cash out of the company to increase our equity in our home, because in that moment, it was a smart move. One week later, I needed to find some work.
I frantically applied for contract roles, went to a job fair specifically for cybersecurity, kept updating my record in Notion, updated my CV repeatedly. I saw next to no interest in 50+ applications in total. I’d never seen the job market quite that bad and I truly hope it’s not like that ever again, not just for myself but for all the people I see regularly on LinkedIn who are looking for a new opportunity due to lay offs, restructures or the need for a change. What does that have to do with Perspective Intelligence? Well, I was able to ride the storm by the skin of my teeth thanks to some regular clients keeping me busy, and this just reinforced why running a business should be more than you exchanging your time for money (like in a full time job or as a contractor), as market forces can suddenly leave you very upended, and in the current economic climate, it feels like we have more downs than ups.
So what does that even mean? Well, for me I think it means that the business needs to be able to operate and function without the need for contract work. In order to do that, you need products and services. One of the things that I’ve been involved in this year is Kase Scenarios, following the investment made last year to become a part owner of that business. Our focus on this partnership is to continue to develop Kase by incorporating the practical, narrative-driven stories and scenarios the company is fundamentally designed around, to move into OSINT workshops and training whether live online, on-demand or in-person. It’s been a slow process but we’re really excited about where we can go with this and hopefully soon something more formal to shout about.
The other thing that I’ve spent a lot of time working on is ThreatLens.
Starting out as an idea for a monthly intelligence reporting service, ThreatLens has evolved and grown and today is a fully-featured Attack Surface Intelligence platform. What does that mean you may ask? Well, ultimately the goal of ThreatLens is to identify all the things that sit outside of the clients internal network for potential security threats. By using OSINT we can identify potential issues, analyse them for potential risk, severity and likelihood of exploitation before we provide the customer with a report that gives them everything they need to focus on issues that matter to them. No fluff, no irrelevant data points, just intelligence that enables business-decisions to protect them from cyber attacks.
How does it work? Well as an intelligence analyst I’m pretty stubborn on the fact that anything that looks particularly risky must be analysed by a human first and foremost, and all reporting should also be written by a human, with appropriate analysis, context and recommendations. That being said, over the last couple of years whilst thinking about how to build this out, I have spent a lot of time and effort on identifying ways and means to enable automation for OSINT collection and at large scale (e.g. Nearly 300 different sources across deep/dark web as I write this). Of course, I also have to jump on the AI hype train so it does leverage agentic analysis to help infer potential threats. I particularly like the way we have this working with potential phishing pages and brand infringement. But the ultimate analysis comes down to a human.
I don’t want to be salesy here so will park the ThreatLens talk, but what I hope this demonstrates is that in order to build a “real” business that can hopefully employ people, create jobs and keep organisations secure, there needs to be some fundamentals in place to enable that. This has been an education and a slog at times, and I question my sanity more than I ever thought I would. But at this moment today, I think we’re in a position now where things like potential funding rounds, data partnerships and increased contributions to the OSINT community at large can all be made possible. I think that’s exciting.
The OSINT Industry Today
The last section is a combination of anguish, terror and sadness with a sprinkle of optimism, right? Well that is kind of the reality of being your own boss. No day is ever boring, particularly in this space. You can go from a conversation with a peer to thinking how to answer a problem they raised within hours nowadays, and then there’s big developments in the data space or ways to enumerate on things that have enabled incredible success stories. I gave a presentation earlier this year at the Internet Intelligence and Investigations Conference about leveraging data breach information to identify child predators in real life, in minutes. These kind of developments are only made possible by advancements in technology and some of the incredible minds that we’re fortunate to have as members of the wider OSINT community. Truly inspiring things seem to happen all the time, and it’s a joy to see.
I think it’s also clear that the demand for OSINT and intelligence in general has never been higher, at least within the private sector. Combination of world events, the increased risks from cybercrime and an Internet-led economy has brought OSINT to the forefront in the last few years. The UK still feels like it lags behind the US a fair distance, but the tide is turning, albeit slowly.
In a business context, this is obviously a good thing. The opportunities and customer base are growing and we can support and help people in a much more nuanced and specific way than ever before. I think there are some risks too – DutchOSINTGuy Nico Dekens posted recently about the unequivocal need for analysis and actual intelligence tradecraft, and like most things he talks about with OSINT, he’s absolutely right. In both the threat intelligence and OSINT spaces, I think there’s currently a risk that people can be put into a role without understanding the core fundamentals of intelligence analysis. Maybe you’re pushed into a new role from a security operations role or vulnerability management, and suddenly you have to figure out what the hell intelligence is, and what’s actually useful to the end customer. It is paramount that as a community we continue to push and promote best practices so that those new to the field have the best chance to succeed. I’ve no doubt we will continue doing so, but I think it needs saying.
So Honest Thoughts On Running an OSINT Business?
Depending on the hour of the day, I am usually between “This is amazing!” “This is ok” or “What the hell am I doing?!”. But I wouldn’t change things. Over the last five years, Perspective Intelligence has enabled me to meet people and get involved with things that probably wouldn’t have been possible otherwise. Every day is a school day (literally… As ThreatLens gets closer to launch the idea of a day off is a cute one!) but the notion of tiny, incremental improvements step by step really do bare fruit.
Everything is long, and you have to learn that. Whatever you start, your initial idea of having it done in a week/month/six months to reach your goal will almost certainly need to shift. You bring new ideas, find a better way of doing something, question your sanity and realise the current version won’t work at all or isn’t scalable. This is normal, and that’s before you even think about sales and getting a customer onboarded. Even when they have a deadline that often seems to shift as well. If you’re considering the switch to becoming a Founder, you must get comfortable with that.
If I can offer some advice as well to those who have gotten this far – You do not need to be the first person to do a thing. If you have an idea and someone else is doing something similar, that is fine. I could very easily have not gone down the route of building ThreatLens and used a 3rd party, but I realised it wouldn’t work for me that way. I also could have seen that companies already do a bunch of things we’re trying to achieve, but I believe in what we’re building, the approach we’re taking and ultimately what it can be. Partly because I’m now so invested after thousands and thousands of hours poured into it, but also because I’ve been able to get the ideas and the approaches validated by people from entirely different walks of life and not just my mates who will tell me what I want to hear. I’ve spoken with business owners, CISOs, analysts, venture capitalists and my wife (whose patience with me for doing all of this must be commended. She’s been an absolute rock and a total star), everyone has questioned things or offered insight and validation into what we’re building. That’s a long way of saying you don’t need to be first, because whatever you build will undoubtedly have a value and unique way of achieving something. So don’t give up just because someone else exists.
The sacrifices are a lot. I work way too many hours, I often don’t have much of a weekend and it can be difficult to separate work and home life, especially when you work from home full time. I don’t think you can ever really prepare for the extent at which you may need to be attached to a desk at times, but I am hopeful that it’s now getting to the point where that tide can start to change. Not to repeat every guru other but things like exercise and going outside are really important. Taking Monty the Cyber Corgi for a walk, getting away from the desk and having some separation is vital to keeping my mental health in check. Likewise with the gym and keeping to a regular schedule and getting exercise. It really does help, and you should believe me because I am a fatty on a long journey to being less of a fatty. So you can trust it!!
I do wish that five years ago I’d taken a bit more time to better educate myself on some of the business aspects, everything from pricing to sales and marketing to admin and also building on my network. But it’s easy to say with perfect hindsight, and the journey is probably more important than the destination. But I do believe that I could have probably gotten the business side further ahead if I’d spent more time on learning and understanding those things back then, but part of this whole process is about finding your feet, your voice and what you’re trying to bring to the world.
But in 2025 as a UK-based OSINT-led business, I think that there is a lot of potential in both the products and service-led spaces. When you move out from the UK and look abroad then the opportunities increase as well. I think it’s an exciting time for the OSINT community, regardless of if you’re a Founder, an employee or a hobbyist. There’s lots going on and things seem to be evolving and professionalising.
It’s also over five years since I launched this blog, and whilst I don’t get round to writing content for it very often, I’m forever grateful and appreciative that people seem to engage and appreciate the content that I do share here. So thank you for that. Part of the reason for not updating this very often is thanks to trying to run a business, so it’s a double edged sword.
But to close off these rambling thoughts of a lunatic, I’ll leave you with these bullet points to summarise what running an OSINT business is like:
- Having a strong, supportive network will help you succeed. Not just people you could sell to, but people who can give advice, be a sounding board and won’t be afraid to question. Being able to speak to people really can speed up your thought processes and development, don’t be a silent silo.
- It’s hard work and for no guarantees, being comfortable with being uncomfortable is sometimes the default setting, but the wins and personal development are totally worth it in my opinion. That being said it’s not something you should take lightly unless you’re happy with a side hustle at best.
- You should be a combination of the “one-man Army” but also know when to outsource. This can be incredibly hard, especially if you have something that’s your baby. But ultimately you will achieve greater things partnering with people who are better than you at those specific things. Give yourself the room to breathe and focus on what you’re good at, and let your partners do the other stuff that you’re not as comfortable with.
- If you’re thinking of setting up a business because you like being an analyst and only an analyst, really think about it. If you can go contracting instead you may find that a better route. Running a business has a lot of different parts and a lot of that you probably won’t find fun or interesting. So do think it through.
- Ultimately, have fun. It’s a roller-coaster ride of emotions but I am so thankful that particularly in the last couple of years this has been my life. I’m incredibly fortunate to have such an understanding wife who has supported me non-stop on this journey, and that has made it all worth it. My hope is one day I’ll look back at Perspective Intelligence and feel super proud of what it has become. The journey is still only five years young though. So if you want to help speed that along and you’re a VC, please slide into my DMs haha!
I appreciate this blog post hasn’t really talked about OSINT in technical detail, but I hope if you’ve read the whole thing that you found it interesting. As a one-man business it’s been a journey, but ultimately it’s never a one-man business really. From clients to family to broader network contacts and friends. Self-employment can be an incredibly isolated journey, but it’s also one of the most rewarding. So thank you to everyone who’s helped Perspective Intelligence along the way over the last five years.
See you for the next five!
P.S. For anyone interested, a bit of a reading list of books I’ve found useful (affiliate links):
The Personal MBA by Josh Kaufman
The Visual MBA by Jason Barron
Building a StoryBrand by Donald Miller
Business Made Simple by Donald Miller
The Art of Being Brilliant by Andy Cope and Andy Whittaker
