RE: The business/marketing of pen-testing.

From: Jeff Gercken (
Date: 10/26/04

  • Next message: Renaud Deraison: "Re: Nessus question"
    Date: Tue, 26 Oct 2004 14:52:07 -0400
    To: "Aaron Drew" <>, <>

    Don't use scare tactics. Salesmen prophesizing scenarios of impending
    doom and catastrophic failures have really hurt the security industry.
    Rational and quantitative risk analysis is what businesses need.
    Everyone has vulnerabilities and most know it. You should position
    yourself as the guy who will enumerate them and assign priority.

    Also, if you are asked, be open in your methods and tools. Be part
    teacher and you will be rewarded with trust and loyalty.

    Anyhow, just my $.02

    -----Original Message-----
    From: Aaron Drew []
    Sent: Sunday, October 24, 2004 6:20 PM
    Subject: The business/marketing of pen-testing.

    I've had an interest in computer security for some time and I'm now
    looking at
    starting a business around it. There are *no* other such businesses in
    area but because of this, I'm not sure how to sell my services to
    customers or even what my target market should be (small, medium, or big


    Anyone have any suggestions as to where I could start looking for
    on this side of things?

    Internet Security Systems. - Keeping You Ahead of the Threat

    When business losses are measured in seconds, Internet threats must be stopped before they impact your network. To learn how Internet Security Systems keeps organizations ahead of the threat with preemptive intrusion prevention, download the new whitepaper, Defining the Rules of Preemptive Protection, and end your reliance on reactive security technology.

  • Next message: Renaud Deraison: "Re: Nessus question"