Penetration Testing mailing list archives
RE: The business/marketing of pen-testing.
From: "Randy Golly" <rcgolly () vermeertexas com>
Date: Tue, 26 Oct 2004 22:02:27 -0500
Agree with Jeff's statements, you need to validate why someone needs your service. Scare tactics are the way to do it. If business's in your area are not being approached with this service yet, they need to be educated on why they need this done in the first place. If they are educated on what vulnerabilities are actually out there and how it could affect their business operations, then they will come to the right conclusions about why they need to secure their systems. Needs to come down to basic dollars and cents, not just theoretical BS, on how it could affect their productivity or customer satisfaction. If the business is big, they have been in the pen test loop and are looking at SOX compliance so need it. Smaller business don't need to stick within compliance regulations so do not have the need as much. But that is where you can come in to show why they need your services. Good luck ... Randy -----Original Message----- From: Jeff Gercken [mailto:JeffG () kizan com] Sent: Tuesday, October 26, 2004 1:52 PM To: Aaron Drew; pen-test () securityfocus com Subject: RE: The business/marketing of pen-testing. Don't use scare tactics. Salesmen prophesizing scenarios of impending doom and catastrophic failures have really hurt the security industry. Rational and quantitative risk analysis is what businesses need. Everyone has vulnerabilities and most know it. You should position yourself as the guy who will enumerate them and assign priority. Also, if you are asked, be open in your methods and tools. Be part teacher and you will be rewarded with trust and loyalty. Anyhow, just my $.02 -Jeff -----Original Message----- From: Aaron Drew [mailto:ripper () internode on net] Sent: Sunday, October 24, 2004 6:20 PM To: pen-test () securityfocus com Subject: The business/marketing of pen-testing. I've had an interest in computer security for some time and I'm now looking at starting a business around it. There are *no* other such businesses in my area but because of this, I'm not sure how to sell my services to potential customers or even what my target market should be (small, medium, or big business). Anyone have any suggestions as to where I could start looking for information on this side of things? ---------------------------------------------------------------------------- -- Internet Security Systems. - Keeping You Ahead of the Threat When business losses are measured in seconds, Internet threats must be stopped before they impact your network. To learn how Internet Security Systems keeps organizations ahead of the threat with preemptive intrusion prevention, download the new whitepaper, Defining the Rules of Preemptive Protection, and end your reliance on reactive security technology. http://www.securityfocus.com/sponsor/ISS_pen-test_041001 ---------------------------------------------------------------------------- ---
Attachment:
smime.p7s
Description:
Current thread:
- The business/marketing of pen-testing. Aaron Drew (Oct 25)
- <Possible follow-ups>
- RE: The business/marketing of pen-testing. Jeff Gercken (Oct 26)
- RE: The business/marketing of pen-testing. Randy Golly (Oct 28)