Best Way to Start Your Own Security Consulting/ Penetration Testing Company
Page 1 of 4 123 ... LastLast
Results 1 to 10 of 32

Thread: Best Way to Start Your Own Security Consulting/ Penetration Testing Company

  1. #1
    Member
    Join Date
    Jun 2006
    Posts
    43

    Talking Best Way to Start Your Own Security Consulting/ Penetration Testing Company

    I know most of all the security professionals on the boards here have come across this idea to start up their own business and stop working for the evil corporate empires. Well, I'm at this stage in my career and I think I've had about enough of people who know security buzz words and not a thing about security. They all think having a firewall, antivirus, IDS, IPS and all the rest of the technologies means that you are secure. They know nothing....

    I have come across this idea after being in the security field for about 5 years and I've seen how these companies and especially financial companies deal with security and I can't take it anymore. All they do is reactive and they do not proactively fix security issues. So I have gathered many friends and former coworkers and I have decided to try to start up this business.

    What I wanted to know from all of you is, has anyone had the experience of starting this type of business and what did they did to start and get customers and any other insights or recommendations would be appreciated. thanks
    Share on Google+

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    well...not to be negative or anything

    but

    what makes you feel you can convince customers about thier security issues...if you cant convince your current employer that they have existing security issues????

    from experience.....you will have to be a pretty good sales person to start with...

    and next....I would want to see a gazillion letters behind your name (valid security certs)....something like MsMittens or TheHorse.

    and you would have to have some business sense...I have seen far too many "geeks" with no understanding of business process or procedures.....

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer
    Share on Google+

  3. #3
    Member
    Join Date
    Jun 2006
    Posts
    43
    Well Morganlefay the current job I've been in for about 6 months and during that time span I have been able to start security meetings with upper management, starting a SIMs project and get funding "cisco mars", Changed many security policies and procedures, IDS logging, started and got funding for ePolicy, router acl/config tracking and many others. I have made a significant difference where I am now but, I really want to work for myself and stop all the politics and just get the job done.

    I do have a good amount of security certs and the schooling to back it up not to mention working for fortune 500 companies. I have plenty in that sense for references and credentials. I'm just wondering if anyone has the experience of starting their own consulting firm.
    Share on Google+

  4. #4
    Member
    Join Date
    Jun 2006
    Posts
    43
    Yesterday I even got one of the execs to go with me to the Intrusion Defense conference at the marriot being held by information security magazine.
    Share on Google+

  5. #5
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Well

    I have my own consulting business....not security based...although security is part of it.

    You have to be able to convince your prospective customer that they want\need your services...hence................be a good sales person....

    What my customers like is I document what I did........so if I happen to fall off the face of the earth....there is some documentation for the next person

    MHO...as always

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer
    Share on Google+

  6. #6
    Member
    Join Date
    Jun 2006
    Posts
    43
    That's good for you, that you decided to go on your own. I want to really do the same. It just seems like these big companies for i.e. Citigroup are downsizing or cutting jobs. Have you ever done the penetration testing for your consulting firm? I just hired a outside penetest company for our yearly test for 36k for 2 weeks. This is what makes me think its worth it. Not to mention its enjoyable at least for me. I really enjoy snooping around systems and figuring out how to exploit and break them (ethically oh course).
    Share on Google+

  7. #7
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Not to be discouraging or anything...but from some of your previous posts...

    Personally I dont think you experience to compete with the pentesters you just hired


    MHO as always

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer
    Share on Google+

  8. #8
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Consulting's about relationships. Start by building a relationship with the pentesting outfit you just hired. Be patient and stay in touch with them when that contract ends. Maybe you can freelance on the side for awhile first.

    You start your own outfit and you're going up against the likes of IBM and NovaCoast and dozens of others.
    “Everybody is ignorant, only on different subjects.” — Will Rogers
    Share on Google+

  9. #9
    T3h Ch3F
    Join Date
    Sep 2001
    Posts
    716

    !!!!!!!!!!!!!!!!

    Originally posted here by morganlefay
    Not to be discouraging or anything...but from some of your previous posts...

    Personally I dont think you experience to compete with the pentesters you just hired


    MHO as always

    MLF

    Although I agree with ML's statement regarding the experience level of a self proclaimed NetSecExpert (Net needs to work in the field a bit longer to earn the Nick.) I feel that "in theory" it is not impossible for a layman with the dollars and the vision to establish a new company by assembling the key players (experts). After all many companies have become Fortune 500 from the sheer talent they have selected as their backbone.



    EDIT!!!!!!!!!!!!!!!!!!!!!

    NetSecExpert I just wasted brain cells reading your last 6 posts.............and you want to strike out on your own!!! Ya k man.................and christopher Reeves is gonna come "running" back from the dead and snort Kryptonite to get high.

    Hahahahaha I am such an a$$hole.


    Click/..........................tik...............tik...........tik..........Misfire!

    Change your User name to something less assuming.

    Get some good religion from Bad Religion.
    Share on Google+

  10. #10
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    I feel that "in theory" it is not impossible for a layman with the dollars and the vision to establish a new company by assembling the key players (experts). After all many companies have become Fortune 500 from the sheer talent they have selected as their backbone.

    You are absolutly right Galdron.....

    To achive great things...involves great risk.......or something like that

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides