Post Sat Nov 08, 2008 3:48 am

Pen testing as an individual

I just started a penetration testing company called Bandit Defense. The website is and has a lot of information on services that I offer. Does anyone here have experience doing freelance penetration testing as an individual, rather than working for a company?

I would prefer to start with working with small businesses and organizations rather than big companies (though those would be welcome too), and I'm looking for some concrete ideas on marketing my skills. What type of small businesses are normally in the market for pen tests, and is this market very big?

I read the thread on here about how much to charge for pen tests already, but is there any more advice you all can bring to that?

For some background, I've been working with computers, mostly doing database-driven website development, for about 8 years now, and security has always been a hobby. I have Offensive Security Certified Professional (OSCP) and Offensive Security Wireless Professional (OSWP) certifications, and I have a lot of experience pen testing in a home-lab environment and informally with some friends. I've been published in 2600 Magazine.