tech-company
, customer-development
, service
I’ve been developing some pen testing software on and off for almost a year now as I have time. My question is, once I’ve finished building a basic model, how do I find people to offer my services?
To be clear, I would essentially show them potential security breaches in their web site, and offer to help them fix it. I have already looked extensively into legal issues, and have multiple levels of tests. The initial test is simple, and can be done legally, then I would show them results, and offer to do some deeper testing, and help them to overcome the potential security breaches.
I pretty much have the technical side down, I just need to know where to start. I thought about doing this test on various sites, and emailing the owners, but I feel like they would see that as spam. Any ideas on how to appear professional while soliciting a service?
Become known in the industry by connecting with companies who are your potential clients.
Talk to other pen testing researchers how they approach getting work.
Your basic idea is a good one. Run your initial test against a bunch of websites, choose the ones where you have important insights to offer and get in touch. Think of this as a learning experience - an opportunity to engage potential users - rather than an all-or-nothing sales drive.
(Don't get me wrong. I'm not saying, "don't get out there and sell." But selling isn't your forte, so you need to tilt the field in your favor. Which means you need to discover the way to tell a prospective customer the news of their problem, in such a way that they'll want to hire you to solve it.)
So is email the right channel for this? Probably not. I think you want to speak to someone. So ask yourself whose job it might be to worry about website vulnerabilities. Aim higher in the organisation than your comfort zone wants you to. Then you need to think of ways to get their attention.
How do you do that? Well, you could do a lot worse than listen to Seth Godin's Startup School. There's lots in there - drawing on his books, of course - that will help. For instance, how to tell a story, and how to reach out to senior executives - Making Ideas Travel has lots on this, but treat yourself, listen to every episode!
A lot depends on the volume of sales you expect to need to reach where you want to be. To start, I'd look into how a service link PhishMe lands clients, though I'm pretty sure most of their sales come from doing PR, SME placements, or public speaking. I'd just generate a list of possible sales & marketing channels, prioritize them, then do mini tests of each to see how the approach works with the skills that you have and the traction it gets.
Might also be worth getting an opinion on Security.SE too; though just don't repost the exact same question, phrase more like "If pentester contacted you, what would likely be the most professional way to do so?"
All content is licensed under CC BY-SA 3.0.