Hi All,

My company is looking to use a consulting firm for some security work we need to have done (I have too much work to do!) some security reviews and a couple of pen tests out at some sites. My CFO is all about using a "big 4" firm (PWC, E&Y, D&T, KPMG) which I have never worked with before (but he signs the checks so I need to at least investigate). So, are they any better then the smaller firms (ISS, Black hat etc...) or a bunch of accountants? We have had some of their guys in for presentations and they have lots of nice powerpoints and talk a good game, but how do they shape up in practice?

Thanks.