.

How normally do you work?

<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Wed Apr 29, 2009 4:57 pm

How normally do you work?

I always had the same question, you guys that work in pen testing, do you work normally by contract or permanent? Are you normally a consultant?
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Wed Apr 29, 2009 5:14 pm

Re: How normally do you work?

I am a permanent consultant.  I work for a consulting company how does pentesting.  All of our engagements are contractual.  Some end after the initial test has been completed, some include an annual / semi-annual review. 
~~~~~~~~~~~~~~
Ketchup
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Thu Apr 30, 2009 8:15 am

Re: How normally do you work?

I have done a little at my day job (permantent), and more as contract and sub-contract. Since there isn't much in my day job I have been going by word of mouth getting gigs in the evening. Nice thing is I can sell the night attacking as a benefit and usually charge more for it. :)
twitter.com/timmedin | http://blog.securitywhole.com
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Thu Apr 30, 2009 8:56 am

Re: How normally do you work?

That's good.

How do you charge by hours or by complete job?
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Thu Apr 30, 2009 9:47 am

Re: How normally do you work?

I would not recommend pricing the complete job.  What we typically do is provide our hourly rates and offer and estimate to complete the based on the scope.  If the scope creeps (and it often does), you can revise the estimate.  I find that clients are usually fine with additional fees when you let them know ahead of time that you are going to exceed budget and why.  This is one area where you cannot skimp on the communication and contractual documents.  What you don't want to do is even come close to exceeding budget without prior communication with the client.
~~~~~~~~~~~~~~
Ketchup
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Thu Apr 30, 2009 9:50 am

Re: How normally do you work?

I always considered this kind of the communication with the client A GOOD PRACTICE, so there is not surprice for them.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Thu Apr 30, 2009 2:42 pm

Re: How normally do you work?

I usually do the entire job. Any deviations require additional hours and I inform them of that. A clearly defined scope helps both sides understand this. If they add additional items then everyone knows it is a deviation.
twitter.com/timmedin | http://blog.securitywhole.com

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software