Re: Starting up as a security consultant

[Matt - MRS Security <matt () mrssecurity com>]

Nick Owen wrote:
> Idowu Odigie wrote:
>   
> > Hi All!
> >
> > I will like to start up as a security consultant.  Be on my own.  I
> > have "played" (work) with linux for about 5 years now.  I have
> > installed, upgraded kernels, setup network, "played" with IPtables,
> > done some pentesting with a box, gained entrance into other systems
> > from the box, wrote some scripts with perl and python.
> >
> > But I feel there is need for a formal training or framework for me to
> > base my security consultancy on.  Any Ideas please!
> >     
>
> I would recommend taking a different approach to starting a business.
> Instead of asking the question of what training you should get that you
> can base your business on, ask what you security challenges you should
> base your business on and what certificate would support that effort.
>
> A good market will make starting out on your own much easier.  For
> example, many small businesses are moving away from managing their own
> mail server and going to Google Apps or similar services.  This creates
> different security implications and is a potential opportunity. PCI
> compliance is another potential market.  "What certs help a consultant
> get PCI work?" might be a better way to frame your thoughts.
>
> Just .02 from the entrepreneurial side...
>
> nick
>
>   
As the world slowly falls apart economically companies will slowly 
reduce service that they buy including penetration testing. However, as 
PCI is a regulatory requirement it wont be part of the cost cutting 
exercise.. Just reduced to some degree.. But that is dependent on the 
PCI QSA and the acquirer/card brand...

Couple of hints there : )


My 0.02p