Penetration Testing Services – The myth of quality vs price in security testing
How do you judge what good looks like in penetration testing services?
It’s amazing how often we get clients questioning us on how cheap we are, meaning that the quality must suffer. Nothing could be further from the truth, let me explain. The old adage “you get what you pay for” may be true in some situations, but it is not always true of the security consulting world. The providers of penetration testing services differ in many ways.
Large Consultancies
The security consulting world is dominated by a small group of very large providers that have been able to dictate the price and delivery of security testing for way too long.
- The large consultancies are:
- Rigid in their approach
- Often provide testers with less than 2-3 years’ experience
- Use graduates as consultants
- Expensive and not always available for the dates required
Use external third parties to fill contracts
Small Consultancies
It is very difficult for any small provider to win over new business because:
- Companies don’t want to take chances with unknown suppliers
- Small providers may not be able to scale to the size required
- Getting those small companies on the books is often a difficult process
Penetration Testing Services – Quality
This is not to say that those small (or as we prefer to call them) boutique companies are not good at what they do, they are often being better than the large consultancies because:
- Usually run by very experienced testers who have worked for the large consultancies – often with over 10 years’ experience.
- Are more passionate and eager to help new clients to build their companies – they care more.
- Provide a much cheaper price based on the simple fact you are not paying for all the overheads associated with a large consultancy.
AVORD Test Review
This is where AVORD comes in – we work closely with these small, professional and passionate testing providers to ensure they are vetted, have all the correct insurance and certification requirements and drive consistency of delivery and reporting through our automated reporting dashboard.
Penetration Testing Services – Supplier Review
We remove the headache for companies wishing to use smaller boutique testing companies by providing all the checks and guarantees they needs. Also, you only need to sign up to AVORD and can change your testing company as often as you like with our help. We take the hassle out of rotating your testing suppliers.
So, you can see, price does not always equate to quality when it comes to security testing.