Billing Rate For Vulnerability Management

For the experienced consultants out there how much do you all typically bill for Vulnerability Management. VM typically includes vulnerability scanning, scheduling, vulnerability remediation, vulnerability reporting, etc. You can share specific rates or provide your rate as a percentage to the hourly wage of a fulltime employee (FTE)

Find more posts tagged with

consultant

IT Consulting Company

vulnerability management

billing

hourly rate

Comments

JDMurray

If you refer to it as Enterprise Vulnerability Management (EVM) you can charge a lot more!

egrizzly

Ok thanks, way to go with hacking the title. I wish I could get some type of market rate on it though.

JDMurray

The rate will vary considerably depending on the size, industry, and geographical location of the organizations that you are targeting as your customers. Medical, financial, and ICS customers will all expect to pay different rates, as would orgs in the US, LATAM, and India. You also have other factors which determine rate, such as Cloud vs on-prem systems, external VM hunting (bug bounties), and are you coordinating multiple org teams to perform the VM duties or are you supplying VM to the org yourself? It's quite a shopping list of service that you could offer in terms of planning, implementation, and day-to-day VM operations. Of course, most customers will want you to supply the best possible service for next to free.

UnixGuy

Pricing is a very tricky thing to get right. Someone will pay top dollars to a house hold name like Accenture or Deloitte to run Nessus scan but they'll pay half of that for a new consultancy using the same tool.

It's all about how you market yourself. Do market research in your area, suss out how much companies usually pay. Get quotation from several providers and price accordingly. Offer it as a package with something else so it's not just vulnerability scan and a report.

Don't undersell your services, as you're building your own brand so whatever you do, this will be what you'll be remembered for "The guy who charge less than market rate" or "the guy who provide high quality service".

I know this isn't the answer you're looking for but I don't have a specific number!

egrizzly

Thanks for the nuggets @UnixGuy ...you actually gave the perfect answer by providing a practical process to arrive at the solution.

bigdogz

I am a little older than Jesus, so my rates are higher than most but I am very good at what I do and follow through to assist customers.

JDMurray

I think the adage "You get what you pay for" is bubbling up in this discussion.