RE: The business/marketing of pen-testing.

["Jeff Gercken" <JeffG () kizan com>]

Don't use scare tactics.  Salesmen prophesizing scenarios of impending
doom and catastrophic failures have really hurt the security industry.
Rational and quantitative risk analysis is what businesses need.
Everyone has vulnerabilities and most know it.  You should position
yourself as the guy who will enumerate them and assign priority.  

Also, if you are asked, be open in your methods and tools.  Be part
teacher and you will be rewarded with trust and loyalty.

Anyhow, just my $.02
-Jeff

-----Original Message-----
From: Aaron Drew [mailto:ripper () internode on net] 
Sent: Sunday, October 24, 2004 6:20 PM
To: pen-test () securityfocus com
Subject: The business/marketing of pen-testing.

I've had an interest in computer security for some time and I'm now
looking at 
starting a business around it. There are *no* other such businesses in
my 
area but because of this, I'm not sure how to sell my services to
potential 
customers or even what my target market should be (small, medium, or big

business).

Anyone have any suggestions as to where I could start looking for
information 
on this side of things?


------------------------------------------------------------------------------
Internet Security Systems. - Keeping You Ahead of the Threat

When business losses are measured in seconds, Internet threats must be stopped before they impact your network. To 
learn how Internet Security Systems keeps organizations ahead of the threat with preemptive intrusion prevention, 
download the new whitepaper, Defining the Rules of Preemptive Protection, and end your reliance on reactive security 
technology.

http://www.securityfocus.com/sponsor/ISS_pen-test_041001
-------------------------------------------------------------------------------