http://drm.disqus.com/https://danielmiessler.com/about/enSat, 17 Dec 2005 10:24:29 -0000http://https://danielmiessler.com/blog/the-dilution-of-pentesting#comment-11143843<p>Penetration Testing is already seen as a commodity. Work plans that were $50,000 4 years ago are now awareded for $12,000. CFO's don't care. To make matters worse, you might be asked for a Risk Assessment, and be underbid by two guys a laptop and Nessus performing a Vulnerability Assessment and taking advantage of uneducated consumers.</p>Alex HuttonSat, 17 Dec 2005 10:24:29 -0000http://https://danielmiessler.com/blog/the-dilution-of-pentesting#comment-11143841<p>Good points. :)</p>DanielWed, 14 Dec 2005 10:02:24 -0000http://https://danielmiessler.com/blog/the-dilution-of-pentesting#comment-11143839<p>Won't experience continue to separate the men from the boys? Maybe this will help the very best to service more customers more efficiently, and reduce customer costs.</p><p>Besides, someone wrote that information security is not a permanent cashcow. When new o/s technologies arrive on the scene, much of the status quo will become obsolete. Nothing stays the same forever, except maybe for the idiocy. Since those new technologies will probably also protect users from themselves, perhaps even idiocy will be diluted as well.</p>RobWed, 14 Dec 2005 09:38:13 -0000http://https://danielmiessler.com/blog/the-dilution-of-pentesting#comment-11143837<p>I think you've just found the line between Analysts and Engineers.</p><p>A growing trend in security is to lower the costs of it. Companies are starting to hire one or two Engineers and leave the rest of the work to Analysts. Like the System Admin and Operator scenario.</p><p>Sorry to spam the hell out of your blog today =)</p>DaveTue, 13 Dec 2005 18:09:06 -0000