How do you monetize your skills?

---

• From: pneedham1@xxxxxxxxx
• Date: 26 Oct 2006 19:05:06 -0000

---

How do you monetize these skills you have acquired? What I mean is how does a security firm find clients?

I know it is fun to do the work and their has been another post on doing a scan on a potential client and then coming to that client to help him fix his problems, which everyone here said is bad, and the legal issues. So that is out.

How do you sell something to someone if you cannot pre-qualify them, that the problem has no visible business impact.
(meaning if they have been hacked and there are no big things happening in the network, no spamserver, viruses, no downtime)

and may never be impacted.


do you do to sell something to a client if you or he doesn't know if he needs it?

and getting over the "who cares" factor that seems to be so prevalent in corporate world. and getting over the fact that a inhouse network admin or CTO so he can look bad if

I know of one company that does 750million a year in a competitive market, got broken into 3 times physically and did nothing because they didn't notice anything missing. The place is probably wired for sound better than the rolling stones recording studio.


This post may get moded or flamed for being a bit off topic but at the end of the day if you don't get paid for this, it is really just a hobby and there is nothing wrong with that.

Is everyone else doing to garner business?

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

---

• Follow-Ups:
  • Re: How do you monetize your skills?
    • From: Joseph McCray

• Prev by Date: Call for Participation - EC2ND 2006
• Next by Date: RE: Windows XP / 2K3 Default Users
• Previous by thread: Call for Participation - EC2ND 2006
• Next by thread: Re: How do you monetize your skills?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Injected, whats next ... did you ever read the NDA or the contract we signed with the client?! ... Does anyone know a way to upload a file to a server through MySQL! ... does it allow running system commands or a way to dump a file from the ... Cenzic Hailstorm finds vulnerabilities fast. ... (Pen-Test) RE: Re: Penetration Testing work effort ... Its really all what the client ... practice and secure methods then the time needed will be much less. ... to do a test on a single network device and an application. ... Cenzic Hailstorm finds vulnerabilities fast. ... (Pen-Test) Re: The legal / illegal line? ... Never _ever_ engage in anything without a signed "get of of jail letter" + an quite specific agreement stating what you are authorized to do and what the potentiel riscs are. ... Dotzero is very right in concluding that they are _not_ in any way a client until a signed agreement exsists. ... Have a standard agreement authorizing a standard but limited set of ... Cenzic Hailstorm finds vulnerabilities fast. ... (Pen-Test) RE: Re: pentest documentation ... Also with this type of documentation make sure that the client has given ... capture the output of any scanning tools you use. ... Cenzic Hailstorm finds vulnerabilities fast. ... (Pen-Test) Re: Re: Penetration Testing work effort ... I am trying to find out if anybody has developed such costing and time estimation model that can be given to the client before the project start ... Cenzic Hailstorm finds vulnerabilities fast. ... (Pen-Test)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > pen-test  > 2006-10