Information Security/Penetration testing companies?

I would love to get some sort of experience like this in my area, but there are no companies like this around here, within two hours at least. Which brings me to a question. Do most companies even perform regular security audits? If so, who performs them if there is no local company which specializes in the field?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

Webmaster

LostInSpace wrote:

Do most companies even perform regular security audits? If so, who performs them if there is no local company which specializes in the field?

I don't know how it is in the states, and if the situation improved any in the last two years, but I've worked at many large companies as well as small ones, and only one of them attempted to perform a security audit. The companies network specialist/designer performed the audit. But like I said, it was an attempt... hardly anything like what a CEH supposedly does...

Now that I mention CEH... If you, like me, got enthusiastic by reading their brochure about job opportunities for a CEH, I think we'll both get dissapointed

I might be wrong though, but I don't think 'most companies even perform regular security audits'.

/usr

I did, but I'm also generally interested in network security. Though I would love to get into security auditing, I know I would love any field associated with information security.

I think it's something most companies just don't consider, but most likely should. Of course, if you have the necessary skill level to perform or participate in an audit, then perhaps if you approach them with the proposition, maybe they would listen.

garv221

Webmaster wrote:

[I might be wrong though, but I don't think 'most companies even perform regular security audits'.

True. I think most companies, besides the Gov. don't really deal with network intrusion until an actual pentration occurs. Then they have an in house guy fix it. Because according to the rest of the company, IT can fix anything.

Webmaster

LostInSpace wrote:

I did, but I'm also generally interested in network security. Though I would love to get into security auditing, I know I would love any field associated with information security.

Same here, it would be ideal for me to combine with what I do now. I have a lot of security related experience, but all as part of a sys/net admin/designer job role, which is just not good enough for the kind of job I'd like to have (penetration testing, although I think the forensics is darn interesting too).

I think, apart from certs like the CEH, firewall and IDS certs (Cisco IDS, Cisco Pix, CCSA/E) may be a good step towards a penetration testing/sec auditing job.