Penetration Testing mailing list archives
Re: Economic situation impact on independent consultants
From: Parity <pty.err () gmail com>
Date: Tue, 14 Apr 2009 03:18:11 -0700
I work directly with clients as well as via subcontracting arrangements. My observations: The main business drivers in this market of ours are (a) compliance mandates and (b) loss avoidance. Well, compliance is still mandatory, and loss avoidance has, if anything, become more important to enterprise customers in the current economic environment. In spite of the fact that the primary business drivers remain in full effect, the overall volume of new applications and ventures subject to risk management and compliance regimes has gone down as a result of decreased IT investment. Yeah, enterprises still need to assess the important stuff, but there's not as much important stuff coming online for the time being. The other thing I've observed is that the market for security labor is loosening up. Consultancies are able to take on junior staff at a discount due to the lack of jobs available elsewhere in IT. If you depend mostly on subcontracting to stay busy, get ready for a long winter. Healthy firms are going to add full-time staff while labor is cheap, and they will /not/ leave salaried staff on the bench to hire an expensive contractor, no matter how uniquely qualified you might be. pty On Fri, Apr 10, 2009 at 4:56 PM, Victor DaViking <analogviking () yahoo com> wrote:
Hi list, I'm writing this time with a personal question. Being an independent consultant myself, I've noticed a major drop in terms of assessment opportunities for what's 2009 so far. I'd dare to credit that change to the "world financial crisis", ergo I've been wondering how everyone else is living/experiencing these current times. Personally, when talking about opportunities, I go for source code reviews and penetration testing exercises. I try to avoid projects related to IT, forensics, standards (PCI, SOX, ..); so I wouldn't know if there's been any change on those fields. Companies get hit, so they cut costs. They lay off people, and get rid of their security budget? Maybe partially and keep just assessment related to security Standards? or not even that? I guess this means the "black market" grows, meaning that.. given the right contacts, assessment availability is a matter of ethics? Do you find your deals through intermediary consulting firms or do you deal with clients directly? That should also help. Or just maybe it's tough luck and I need to refresh some contacts. If that's the case, and you tend to have projects, contact me, I'm interested! ;) Thanks for your time. -AV Add your security company/project/blog to the penetration testing project! http://www.penetrationtests.com/ ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Economic situation impact on independent consultants Victor DaViking (Apr 14)
- Re: Economic situation impact on independent consultants Parity (Apr 14)
- Re: Economic situation impact on independent consultants Adriel T. Desautels (Apr 14)