Hey Everyone,

I have my CEH and I am ready to put my own shingle up. I have consulted my lawyer (with a retainer just incase) for the proper contracts, etc... . My question is what the proper amount to charge a customer? If i  understand correctly, the fees should vary directly with the size of network/company. But, what is a good starting point? Flat rate or per hour with a minimum set hours? I have tried to research what other security companies charge in my area but, I have not found any ( I called various companies posing as a company owner concerned with network security) and didn't find anyone in the valley to "hack" my company. Can anyone offer me some $$ wisdom?

I think a far better idea than cold calling companies or asking for price ranges on a message board would be to get a job in the industry. Not only will this give you an idea of how to structure your fee's it will offer (if you take advantage of it) a proper business mindset and insight into the other side of penetration testing.

Just having a certification does not necessarily mean you can go off and start pen testing companies. There are many elements to going off on your own, business development/operation is a quintessential skill. How do you plan on obtaining customers? Do you know people, or do you plan on cold calling? If you plan on cold calling your failure rate will be relatively high, especially if your name is not known. This is where getting a job in the industry and taking advantage of the contacts you make over a year or so comes into play. Aside from that, what Chrisg might charge will be different from what I charge, or what Kev or Don charges. Everyone has a different set of skills and experience that warrants a higher rate. I can tell you how much I charge but it does not do you any good. I'm not a CEH and most likely never will be. I have a single certification, but I've got degrees to include a masters in Information Assurance. On top of that I have years of experience in doing this, tried and true methodologies and a nice sheet of people who have given me quotes saying "He's awesome, hire him!" All of these elements allow me to charge more for what I do.

You really need to have a lot of experience to go off on your own.  For instance, you're asked to do a pentest of small business with a network of 4 to 6 hundred boxes with various OSs. The next day you're asked to pentest a larger company with 4 to 6 thousand all windows boxes. Do you have an ideas how much time this could take? You cant just go in by the hour with no end in site. When you quote you need to do it on a flat rate, at least in my experience. The flat rate can have contingencies in it of course, but a business needs to have some idea of the cost. So the best advice is see if you can work with an established company for a while and get some experience. Then go off on your own. If on the other hand you are marketing yourself to very small accounting or legal firms, you can go in with an hourly rate with an estimate of how many hours you think  it will take. If you are interested in working small jobs like that you can charge a little more (10 to 20%) than what a network or software specialist would charge per hour in your area to go in and work on site with similar firms.

Thanks everyone for all your imput. All responses have been very solid  and I will follow it. Thanks again!