Re: Cross-company collaboration

[Tonnerre Lombard <tonnerre.lombard () sygroup ch>]

Salut, Erin,

On Fri, Jul 17, 2009 at 04:47:41PM -0700, Erin Carroll wrote:
> The recent thread from Adriel on verifying your security providers jogged a
> thought that's been at the back of my mind for a bit: Have you ever worked
> or collaborated with another pen-test company on projects? How did it work
> out? What prompted the collaboration effort? How did you manage the
> relationship with "the competition" and was it a successful engagement
> (financial or otherwise)? How did you find/choose who to work with?

Well, one time when a customer wanted an application which required a very
high level of securing they actually went as far as to order two companies
(us and The Others™) to take care of it. Initially, we were both not too
thrilled.

As it turned out though, we were the crypto freaks and had a strong grasp
on technical security while the other company was focussing mainly on
organizational security, so we let them take care of that part of the job
and hacked away peacefully.

(But usually companies just want one "security provider".)

Kind regards,

                                Tonnerre
-- 
SyGroup GmbH
Tonnerre Lombard

Solutions Systematiques
Tel:+41 61 333 80 33            Güterstrasse 86
Fax:+41 61 383 14 67            4053 Basel
Web:www.sygroup.ch              tonnerre.lombard () sygroup ch

Attachment: signature.asc
Description: Digital signature