RE: The business/marketing of pen-testing.

From: Jeff Gercken (JeffG@kizan.com)
Date: Tue Oct 26 2004 - 14:52:07 EDT


Don't use scare tactics. Salesmen prophesizing scenarios of impending
doom and catastrophic failures have really hurt the security industry.
Rational and quantitative risk analysis is what businesses need.
Everyone has vulnerabilities and most know it. You should position
yourself as the guy who will enumerate them and assign priority.

Also, if you are asked, be open in your methods and tools. Be part
teacher and you will be rewarded with trust and loyalty.

Anyhow, just my $.02
-Jeff

-----Original Message-----
From: Aaron Drew [mailto:ripper@internode.on.net]
Sent: Sunday, October 24, 2004 6:20 PM
To: pen-test@securityfocus.com
Subject: The business/marketing of pen-testing.

I've had an interest in computer security for some time and I'm now
looking at
starting a business around it. There are *no* other such businesses in
my
area but because of this, I'm not sure how to sell my services to
potential
customers or even what my target market should be (small, medium, or big

business).

Anyone have any suggestions as to where I could start looking for
information
on this side of things?

------------------------------------------------------------------------------
Internet Security Systems. - Keeping You Ahead of the Threat

When business losses are measured in seconds, Internet threats must be stopped before they impact your network. To learn how Internet Security Systems keeps organizations ahead of the threat with preemptive intrusion prevention, download the new whitepaper, Defining the Rules of Preemptive Protection, and end your reliance on reactive security technology.

http://www.securityfocus.com/sponsor/ISS_pen-test_041001
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:07 EDT