Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Education & Development
Jobs and Careers
Billing Rate For Vulnerability Management
egrizzly
For the experienced consultants out there how much do you all typically bill for Vulnerability Management. VM typically includes vulnerability scanning, scheduling, vulnerability remediation, vulnerability reporting, etc. You can share specific rates or provide your rate as a percentage to the hourly wage of a fulltime employee (FTE)
Find more posts tagged with
consultant
IT Consulting Company
vulnerability management
billing
hourly rate
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
JDMurray
If you refer to it as
Enterprise Vulnerability Management
(EVM) you can charge a lot more!
egrizzly
Ok thanks, way to go with hacking the title. I wish I could get some type of market rate on it though.
JDMurray
The rate will vary considerably depending on the size, industry, and geographical location of the organizations that you are targeting as your customers. Medical, financial, and ICS customers will all expect to pay different rates, as would orgs in the US, LATAM, and India. You also have other factors which determine rate, such as Cloud vs on-prem systems, external VM hunting (bug bounties), and are you coordinating multiple org teams to perform the VM duties or are you supplying VM to the org yourself? It's quite a shopping list of service that you could offer in terms of planning, implementation, and day-to-day VM operations. Of course, most customers will want you to supply the best possible service for next to free.
UnixGuy
Pricing is a very tricky thing to get right. Someone will pay top dollars to a house hold name like Accenture or Deloitte to run Nessus scan but they'll pay half of that for a new consultancy using the same tool.
It's all about how you market yourself. Do market research in your area, suss out how much companies usually pay. Get quotation from several providers and price accordingly. Offer it as a package with something else so it's not just vulnerability scan and a report.
Don't undersell your services, as you're building your own brand so whatever you do, this will be what you'll be remembered for "The guy who charge less than market rate" or "the guy who provide high quality service".
I know this isn't the answer you're looking for but I don't have a specific number!
egrizzly
Thanks for the nuggets
@UnixGuy
...you actually gave the perfect answer by providing a practical process to arrive at the solution.
bigdogz
I am a little older than Jesus, so my rates are higher than most but I am very good at what I do and follow through to assist customers.
JDMurray
I think the adage "You get what you pay for" is bubbling up in this discussion.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
