Cross-company collaboration

["Erin Carroll" <amoeba () amoebazone com>]

List members,

The recent thread from Adriel on verifying your security providers jogged a
thought that's been at the back of my mind for a bit: Have you ever worked
or collaborated with another pen-test company on projects? How did it work
out? What prompted the collaboration effort? How did you manage the
relationship with "the competition" and was it a successful engagement
(financial or otherwise)? How did you find/choose who to work with?

There are quite a number of quality "boutique" pen-test companies out there;
small staff of experts (or even one-man shows) in a particular field of
expertise/market focus. Given that pen-testing encompasses such a wide range
of subject matter, it's almost impossible for a company under a certain size
to have the in-house resources for every type of expertise. While I know
that me & the guys in my own company are damned good at what we do, there
are areas where we try to bring in outside expertise in areas where we don't
have the business demand to justify fleshing out that skill set with
additional staff. 

I'm curious as to how common collaboration is and what your thoughts on it
are.

--
Erin Carroll
Moderator, SecurityFocus pen-test mailing list
"I cannot brain today, I have the dumb"




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------