Roger Adams
asked on
Pentration testing vendor advice
Hi,
We have a North American client, who`s firm has a global footprint, that has come to us for advice on Penetration Testing.
This is not our core business area and are therefore looking to recommend vendors to the client. We have a few relationships, but fear these may be dated and hence would like some advice:
- Can anyone recommend top-end, premier, 'clever' penetration testing firms? Preferable ones that operate and have experience in this geographical region? Our client is not looking for 'box tickers' or to simply meet regulatory requirements, they want their global network tested, weakest links found, exploited and pragmatic, actionable recommendations made.
- What is the going rate for this type of service?
Thanks
We have a North American client, who`s firm has a global footprint, that has come to us for advice on Penetration Testing.
This is not our core business area and are therefore looking to recommend vendors to the client. We have a few relationships, but fear these may be dated and hence would like some advice:
- Can anyone recommend top-end, premier, 'clever' penetration testing firms? Preferable ones that operate and have experience in this geographical region? Our client is not looking for 'box tickers' or to simply meet regulatory requirements, they want their global network tested, weakest links found, exploited and pragmatic, actionable recommendations made.
- What is the going rate for this type of service?
Thanks
AT&T Security Managed services team/Ernst & Young/PwC
r0cky07,
It's been a long time since I did this kind of work, but I've been through training (and some collaboration) with some of the people from: http://www.raytheon.com/
This company has been in the business for a very long time and will be able to cusomize a plan for your client.
The costs are going to be entirely dependent upon the scope of work that will be agreed to prior to the work commencing.
Raytheon and all of the other companies I worked with are used to global/remote functionality and testing - and they are insured and bonded.
In my experience, the government/military contractors stay current with the current techniques (and threats).
One of the largest companies I worked with was SAIC, but if you do a Google search for SAIC+fraud, you can make your own decision about approaching them.
It's been a long time since I did this kind of work, but I've been through training (and some collaboration) with some of the people from: http://www.raytheon.com/
This company has been in the business for a very long time and will be able to cusomize a plan for your client.
The costs are going to be entirely dependent upon the scope of work that will be agreed to prior to the work commencing.
Raytheon and all of the other companies I worked with are used to global/remote functionality and testing - and they are insured and bonded.
In my experience, the government/military contractors stay current with the current techniques (and threats).
One of the largest companies I worked with was SAIC, but if you do a Google search for SAIC+fraud, you can make your own decision about approaching them.
ASKER
Thanks for your comments guys.
I understand estimating pricing is complex. What is a the ball park pricing structure on this type of project? e.g. typical day rate, hourly rate etc?
I understand estimating pricing is complex. What is a the ball park pricing structure on this type of project? e.g. typical day rate, hourly rate etc?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Pricing varies according to the requirements including a one time or a recurring option.