Re: The business/marketing of pen-testing.

From: kingpang@gmail.com
Date: Thu Oct 28 2004 - 17:09:19 EDT

• Next message: Randy Golly: "RE: The business/marketing of pen-testing."
• Previous message: Matthew Wilson: "RE: An idiot question"
• Maybe in reply to: Aaron Drew: "The business/marketing of pen-testing."
• Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: The business/marketing of pen-testing."
• Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: The business/marketing of pen-testing."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Aaron, Jeff and Randy,

I have a similar initiative to Aaron, but the difficulty I am facing (and probably Aaron too) is how to generate Sales. Security is different from other software solutions in a way that there is no easy-to-measure ROI. The ROSI (Return on Security Investment) is an rather abstract approximation. (see http://www.microsoft.com/technet/security/guidance/secrisk/default.mspx for more information)

If we talk about target market, for small companies, they probably don't care about security. For mid-size companies, they usually prefer training their developers to implement (easy) security features. For large company, why would they trust our new and small company?

In my opinion, security is more about education. Maybe it is worth starting up a computer security school instead.

• Next message: Randy Golly: "RE: The business/marketing of pen-testing."
• Previous message: Matthew Wilson: "RE: An idiot question"
• Maybe in reply to: Aaron Drew: "The business/marketing of pen-testing."
• Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: The business/marketing of pen-testing."
• Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: The business/marketing of pen-testing."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:08 EDT