An IT admin cohort used a Cisco employee, who was moonlighting, to help configure and manage firewalls. This person was located overseas and trusted by my colleague, but concerns about availability and liability turned me off the idea.
Have any of you ever risked using "that person" who a friend recommended?
Depends. If it was a one off setup kind of deal, then I don't particularly see the harm. However, as you said, if there are availability concerns, then probably not worth it. I usually wouldn't go the moonlight route for something that is going to need upkeep.
Liability can be solved with a contract... You ARE using a contract for everything, right?