[Dshield] Re: Security Consulting question

Brenden Walker BKWalker at DRBSystems.com
Thu Aug 14 15:00:27 GMT 2003

Well, the good thing about just 'trying to make a few extra bucks' is you
can go in and make a proper estimate, attempt to account for all the 'crud'
that might pop up and make it clear what you will and will not do.  If they
balk at the price, oh well.

> -----Original Message-----
> From: Richard Roy [mailto:RoyR at justicetrax.com] 
> Sent: Thursday, August 14, 2003 10:47 AM
> To: General DShield Discussion List
> Subject: RE: [Dshield] Re: Security Consulting question
> ROTFLMAO!!!!!!!!!!!!!
> That was a stellar reply probably an all too true real life 
> experience.
> I appreciate the insight.   I don't want to make a living at it, I do
> that already and I'm happily employed.  I was thinking about 
> a few extra bucks, but boy that makes me wonder if they are worth it.
> Rich
> -----Original Message-----
> From: Kenneth Coney [mailto:superc at visuallink.com] 
> Sent: Wednesday, August 13, 2003 8:00 PM
> To: list at dshield.org
> Subject: [Dshield] Re: Security Consulting question
> I have been playing with this one for at least 4 years.  I 
> have not been
> able to find a way to do this profitably for small ma and pa 
> businesses.
> Consider a backwater realty office I know with a small LAN 
> and maybe 6 
> stations and remote access for the out of the office types.  
> After four 
> years of neglect and half installations of different sound cards and 
> printer types something goes wrong enough to bring it all to 
> a stop and 
> they call you in at $40 - $60 per hour.  The owner is 
> thinking in terms of 
> one or two hours tops.  You arrive and find everything from 
> Kaaza to Doom, 
> and half a dozen viruses in the different client files.  Lots 
> of past and 
> present temporary employees with access with varied skill 
> levels. Homework 
> assignments of the owner's kid on one drive.  A contract that 
> has to be 
> printed now, but won't, no firewall, and C drive is 
> accessible via the fax, 
> etc.  Every port you can imagine wide open and bots and worms 
> everywhere. 
> What's a backup and how do we do that?  Windows update, never 
> heard of it, 
> how do I do that?  The system software is long lost along with 
> authentication codes.  A mother board with a picture of Felix 
> the cat and a 
> Taiwan stamp.  A soundblaster card and thin screen monitor 
> here, and an 
> Amber VGA with an actual XT with real 5" floppy drives over 
> there. Wires 
> that go upstairs then stop.  They think you will wave a magic 
> wand and it 
> will be ready in an hour, two at most.  If you did a flat 
> rate contract 
> with them a few months ago you are in big trouble.  Who pays 
> for the new
> software to replace or update the old (let's not forget their 
> leaving the 
> CD on the dashboard of a car in the summertime so it warped)? 
>  Is that cost 
> in the contract?   You going to install a firewall?  Which 
> one, and who 
> pays for it?  A custom customer data base, but they think 
> Elvis took the
> custom installation disk when he quit and moved to Tennessee. 
>  Hey they 
> have Norton AV 2!  Didn't I see that on the Antiques Road 
> Show?  Is that
> 3.1?  DOS 6?  The 6 month renewable contract should have some 
> kind of ball 
> park price for new updated replacement software in it, based on an 
> assessment of what they have at the time you wrote the 
> contract.  That 
> means you have to talk them into letting a stranger, you, 
> explore their 
> system before you even have the maintenance contract.  Don't 
> mention the
> porn files to the owner's wife.  Bet you never saw a LAN with a 386 
> workstation before.  I know, Fdisk, format and new 
> everything, let them 
> pay.  I sure hope they gave you a liability release for the 
> customer files 
> you erased.  Fifty hours later you are done and give them the 
> bill. Guess 
> what?  They can't afford it.  Take it back?
> It's a problem.  I would love to find a Q & A site by someone 
> who found a 
> way to make it work with the small 3 to 9 station customer 
> base.  The mom 
> and pop businesses can't afford a techie at much more than $8 
> an hour. You 
> can't afford to work for less than $32 an hour.  Half their 
> software has
> lost installation disks, there are few backups of anything, 
> they never 
> heard of patches, and the other half of their software is 
> hacked unlicensed 
> copies.  Don't go there.  Most have long expired anti virus 
> software that 
> wasn't replaced because they couldn't afford the $30 bucks.  
> Now you want 
> them to pay you $80 an hour?
> From:
> "Richard Roy" <RoyR at justicetrax.com>
> Date:
> Wed, 13 Aug 2003 12:47:24 -0700
> To:
> "General DShield Discussion List" <list at dshield.org>
> Thanks for all the replies and advice.  I'm not looking to do 
> it full time or anything, but a few extra bucks will help 
> when the baby arrives!
> -----Original Message-----
> From: Richard Roy
> Sent: Wednesday, August 13, 2003 9:30 AM
> To: list at dshield.org
> Subject: [Dshield] Security consulting question
> I just helped out another nearby small office identify that 
> they have the latest worm and it is spreading.  They wanted 
> to know how much I'd charge to fix it.  While there another 
> fella from another office also said he'd need some help.  
> I've never done any consulting work, so I'm curious, what 
> would some of you consultants on the list get for this type 
> of work?  If you don't feel comfortable giving #'s what about 
> a site that might have that sort of info.  I'm wondering if 
> it might turn into something nice on the side for a while.
> Thanks.
> Richard Roy
> _______________________________________________
> list mailing list
> list at dshield.org
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list