Re: Pen Test vendors

[Jeff Howlett <howlettj () MEREDITH EDU>]

We used a company by the name of Secure Solve to do a pen test and full
security audit and in my 15+ years have not worked with a better consultant
from top to bottom.  The communication and effort was second to none and the
final output was both detailed and understandable to non-technical
executives.  The depth of the knowledge in security and hacking of the
primary engineer on the project was downright frightening.  For the first
time in years I felt like I got more than my monies worth on a tech
consultant.



The other thing I liked was that they are vendor agnostic.  In past pen test
experiences I felt that the other companies were basically another layer of
sales for the major security/hardware vendors.  Secure Solve pointed out our
deficiencies and advised us on different products that would fix the problem
and did not push any vendor's solution.



If you have any questions feel free to contact me.



www.Securesolve.com





Jeff





____________________
Jeffrey R. Howlett
Chief Information Officer
Meredith College
3800 Hillsborough Street
Raleigh, NC 27607
Phone: (919) 760-8828
Fax:      (919) 760-2325



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Anand S Malwade
Sent: Friday, January 09, 2009 11:05 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Pen Test vendors





Hello All,



We want to conduct an independent Penetration Testing to evaluate the
effectiveness of our controls. Can anyone recommend a good Vendor that you
may have worked with in the past that really know their stuff and exploit
vulnerabilities discovered?  There are many rookies out there who just print
Nessus or Nmap scan output which we can do ourselves.



Thanks,

Anand



Anand Malwade

Information Security Officer,

Seton Hall University