Andrew- What's your goal, and what's the level of expertise you already have in-house? A simple in-house vulnerability scan is a completely different animal from a full-on penetration test. On the other hand, if you can't fly through the first, you're likely wasting money on the second. Odds are, if whoever handles your tech is reasonably security minded then you're looking at something at the lower end of that scale but not at the absolute bottom. You don't want to engage a quality penetration tester unless 1) you've got the basics covered or 2) you're looking to embark on a long term consultative engagement to address security comprehensively over a series of testing encounters. (Unless, of course, you're dealing with a compliance framework that requires periodic penetration testing - but usually people working the check list parrot back the requirement when asking for referrals.) -Neal Priestly Free Range Technologist On Mon, Jul 4, 2011 at 5:27 PM, <andrew at stakeholderscapital.com> wrote: > ** Be sure to fill out the survey/skills inventory in the member's area. > ** If you did, we all thank you. > > > We would like to get estimates from firms who try to hack through security. > > If you do this, please contact me. > > Thanks, > Andrew > Sent from my BlackBerry® smartphone, powered by CREDO Mobile. > _______________________________________________ > Hidden-discuss mailing list - home page: http://www.hidden-tech.net > Hidden-discuss at lists.hidden-tech.net > > You are receiving this because you are on the Hidden-Tech Discussion list. > If you would like to change your list preferences, Go to the Members > page on the Hidden Tech Web site. > http://www.hidden-tech.net/members > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20110705/eace3cda/attachment.html