Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The business/marketing of pen-testing.

From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa () pacbell net>
Date: Tue, 02 Nov 2004 06:59:00 -0800
Small companies care about security. They just get sold on the "you need a CISCO and then you are safe".
RSA and other vendors are beginning to package their items in small firm bundles. 

kingpang () gmail com wrote:


In-Reply-To: <EA182BB3B632994AA3617BA6449634B69DAE0E () vetweb vermeertexas com>

Hi Aaron, Jeff and Randy,

I have a similar initiative to Aaron, but the difficulty I am facing (and probably Aaron too) is how to generate Sales. 
Security is different from other software solutions in a way that there is no easy-to-measure ROI.  The ROSI (Return on 
Security Investment) is an rather abstract approximation. (see 
http://www.microsoft.com/technet/security/guidance/secrisk/default.mspx for more information)

If we talk about target market, for small companies, they probably don't care about security.  For mid-size companies, 
they usually prefer training their developers to implement (easy) security features.  For large company, why would they 
trust our new and small company?

In my opinion, security is more about education.  Maybe it is worth starting up a computer security school instead.




--
http://www.sbslinks.com/really.htm
http://www.msmvps.com/bradley
https://www.ecora.com/ecora/jump/pm99.asp
Previous By Date Next
Previous By Thread Next

Current thread: