December 28th, 2006, 09:14 PM
How much $$ to charge
Hereís the scenario:
Hosting company keeps getting owned.....they re-image...they get owned....they update....they get owned... Now Iíve done lots of Vulnerability Assessments and know what to charge... However I'm not sure what to charge in this case.... Basically, Iíll be finding out (at least in theory) how they've been hacked, to do that may take setting up a honey pot....and then ill be securing the environment to ensure total safety.... Now I believe this only happening on a few servers but still....Could you guys throw some realistic numbers out there? (Key word realistic lol)
December 28th, 2006, 09:58 PM
I work on an hourly basis. I very rarely do anything for a fixed fee. Most clients want an estimate. I figure out how many hours, apply my rate, and give them the number with a detailed explanation of the work to be done and that they will be billed actual hours. If they make additional requests during the work (sometime happens) the additional work is quoted as additional hours.
Work... Some days it's just not worth chewing through the restraints...
December 28th, 2006, 10:06 PM
I always quote extra hours just encase there are unforseen glitzes
...I only bill actual hours....always looks good when you come in under quote
How people treat you is their karma- how you react is yours-Wayne Dyer
December 28th, 2006, 11:31 PM
yah, i'm figure about 175-225, i suppose i'll just have to wait for the client to define the scope.....we all know how scope creep can turn thing upside down very quickly lol.. On a side note, i called a few buddies that do exactly this, and they said A. depending on the size and B. How severe... this could easily be in the 15-50K+ range.... I mean you almost have to do a complte VA assement to ensure no other nodes have been infected... Either way it will be an interesting project.