Billing Rate For Vulnerability Management
egrizzly
Member Posts: 533 ■■■■■□□□□□
For the experienced consultants out there how much do you all typically bill for Vulnerability Management. VM typically includes vulnerability scanning, scheduling, vulnerability remediation, vulnerability reporting, etc. You can share specific rates or provide your rate as a percentage to the hourly wage of a fulltime employee (FTE)
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
Comments
-
JDMurray Admin Posts: 13,088 AdminIf you refer to it as Enterprise Vulnerability Management (EVM) you can charge a lot more!
-
egrizzly Member Posts: 533 ■■■■■□□□□□
Ok thanks, way to go with hacking the title. I wish I could get some type of market rate on it though.B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+ -
JDMurray Admin Posts: 13,088 AdminThe rate will vary considerably depending on the size, industry, and geographical location of the organizations that you are targeting as your customers. Medical, financial, and ICS customers will all expect to pay different rates, as would orgs in the US, LATAM, and India. You also have other factors which determine rate, such as Cloud vs on-prem systems, external VM hunting (bug bounties), and are you coordinating multiple org teams to perform the VM duties or are you supplying VM to the org yourself? It's quite a shopping list of service that you could offer in terms of planning, implementation, and day-to-day VM operations. Of course, most customers will want you to supply the best possible service for next to free.
-
UnixGuy Mod Posts: 4,570 ModPricing is a very tricky thing to get right. Someone will pay top dollars to a house hold name like Accenture or Deloitte to run Nessus scan but they'll pay half of that for a new consultancy using the same tool.It's all about how you market yourself. Do market research in your area, suss out how much companies usually pay. Get quotation from several providers and price accordingly. Offer it as a package with something else so it's not just vulnerability scan and a report.Don't undersell your services, as you're building your own brand so whatever you do, this will be what you'll be remembered for "The guy who charge less than market rate" or "the guy who provide high quality service".I know this isn't the answer you're looking for but I don't have a specific number!
-
bigdogz Member Posts: 881 ■■■■■■■■□□I am a little older than Jesus, so my rates are higher than most but I am very good at what I do and follow through to assist customers.
-
JDMurray Admin Posts: 13,088 AdminI think the adage "You get what you pay for" is bubbling up in this discussion.