Re: Economic situation impact on independent consultants

[Parity <pty.err () gmail com>]

I work directly with clients as well as via subcontracting
arrangements.  My observations:

The main business drivers in this market of ours are (a) compliance
mandates and (b) loss avoidance.  Well, compliance is still mandatory,
and loss avoidance has, if anything, become more important to
enterprise customers in the current economic environment.

In spite of the fact that the primary business drivers remain in full
effect, the overall volume of new applications and ventures subject to
risk management and compliance regimes has gone down as a result of
decreased IT investment.  Yeah, enterprises still need to assess the
important stuff, but there's not as much important stuff coming online
for the time being.

The other thing I've observed is that the market for security labor is
loosening up.  Consultancies are able to take on junior staff at a
discount due to the lack of jobs available elsewhere in IT.

If you depend mostly on subcontracting to stay busy, get ready for a
long winter.  Healthy firms are going to add full-time staff while
labor is cheap, and they will /not/ leave salaried staff on the bench
to hire an expensive contractor, no matter how uniquely qualified you
might be.

pty

On Fri, Apr 10, 2009 at 4:56 PM, Victor DaViking <analogviking () yahoo com> wrote:
> Hi list,
>
> I'm writing this time with a personal question. Being an independent consultant myself, I've noticed a major drop in 
> terms of assessment opportunities for what's 2009 so far. I'd dare to credit that change to the "world financial 
> crisis", ergo I've been wondering how everyone else is living/experiencing these current times.
>
> Personally, when talking about opportunities, I go for source code reviews and penetration testing exercises. I try 
> to avoid projects related to IT, forensics, standards (PCI, SOX, ..); so I wouldn't know if there's been any change 
> on those fields.
>
> Companies get hit, so they cut costs. They lay off people, and get rid of their security budget? Maybe partially and 
> keep just assessment related to security Standards? or not even that? I guess this means the "black market" grows, 
> meaning that.. given the right contacts, assessment availability is a matter of ethics?
>
> Do you find your deals through intermediary consulting firms or do you deal with clients directly? That should also 
> help.
>
> Or just maybe it's tough luck and I need to refresh some contacts. If that's the case, and you tend to have projects, 
> contact me, I'm interested! ;)
>
> Thanks for your time.
> -AV
>
> Add your security company/project/blog to the penetration testing project!
> http://www.penetrationtests.com/
>
>
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: InfoSec Institute
>
> Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class.
> Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
> Penetration Tester exams, taught by an expert with years of real pen testing experience.
>
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------