Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: The business/marketing of pen-testing.

from [Davi Ottenheimer] Network Security [Permanent Link]
Subject: Re: The business/marketing of pen-testing.
Date: Wed, 03 Nov 2004 16:55:57 -0800 
The best approach is to network and make connections, or find a place with 
people who want to hear your pitch. Attend local ISSA, ISACA, ISC2, etc. events 
and try to spend time talking with folks who are looking for someone to perform 
an external assessment. You could also do related contract engagements (e.g. 
network roll-outs, system upgrades, software enhancements, etc.) and make 
contact with as many people as possible to sell your security expertise. Just 
like any professional trying to build a practice, there are many online guides 
and books that deal directly with how to build your network of references and 
create a compelling sales pitch.

Hope that helps,

Davi


Aaron Drew <ripper@internode.on.net> 11/02/04 03:02AM >>>

Thanks for all the great responses. From the responses I've received it is now 
painstakingly obvious that I need to start with the small fish and offer 
fairly simple services (basic vuln-testing/pen-testing). I should probably 
have elaborated a little more however on my question.

The area I am most stuck on is *how* to approach potential customers. 
Networking is good and well once a foot is in the door but how have 
individuals as yourselves achieved that big 'first break'? Cold calling? Door 
to door? Stumbling onto a vulnerable system and throwing the evidence in 
their face? The much-condoned scare tactic method?

I've tried suiting up and walking into businesses offering a free test of 
their network. I've tried calling businesses that I *know* have wide-open 
wireless networks and explaining that anyone could read their emails. So far, 
all of them have shown no interest - even when I've pointed out what data I 
could conceivable capture given enough time. Do I really need to go in there 
with something like an email sent from the owner to his wife?

I'm certain I could do a good job for cheap - even if a little unrefined in my 
initial procedures. I am just lost as to how to convince a market that 
doesn't *want* to see that they need security services.
************************************************************************************************
The contents of this email and any attachments are confidential.
It is intended for the named recipient(s) only.
If you have received this email in error please notify the system manager or  
the 
sender immediately and do not disclose the contents to anyone or make copies.

This email was scanned for viruses, vandals and malicious content.
via mail3.westmarine.com
*************************************************************************************************
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Vigilante security Scanner, Ralph H. Chapman
Next by Date:  Re: Vigilante security Scanner, sonoro
Previous by Thread:  Re: The business/marketing of pen-testing., Aaron Drew
Next by Thread:  Re: The business/marketing of pen-testing., kingpang
Indexes:  [Date] [Thread] [Top] [All Lists]