Need an industry leader for a vulnerability assessment, training session, or speaking engagement?
- I need a web application security assessment
- Web Security Dojo: free training environment
- I need a bid or proposal
- I would like training or a speaker for an event
News & Events
- Software Test Professionals Fall 2012
- ISACA NJ Hands-On Training
- Web Security Dojo 2.0 Released
- Interop NY - Oct 2011
- ISACA NACACS - Las Vegas - May 2011
- OWASP Raleigh - Declaritive Web Security
Software Test Professionals -
Maven Security will be teaching a one day hands on web security assessment course on Oct. 15, 2012
Formal and Informal Requests Welcome
You don’t need a formal RFP in-hand to contact us. The fastest way to determine Maven Security’s suitability for your next security project is to call us. See the Contact Us page for the main corporate phone number. Tell the receptionist you want to speak with someone about your next security project. They will connect you to a senior security consultant, not a sales person. Of course, if you are more comfortable with mail, email, or fax, those avenues are also available.
A few of things we’ll ask about are:
- A brief description of the project (network penetration testing, web application security assessment, etc).
- Your time frame for starting and/or finishing the project.
- Is this remote work, or onsite work (i.e. travel requirements).
- Special requirements for remote testing, such as testing only during non-business hours and/or weekends.
Criteria to Consider
When deciding between service providers for your next security project, please consider the following:
Do they get kick-backs for making specific vendor recommendations? Are they VARs for particular vendors?
- Maven Security is not a reseller for any vendor, and makes recommendations based solely on own client’s needs. We don’t accept vendor kick-backs or referral fees.
Can they provide bios for the specific people that will work on your project?
- Beware of bait-and-switch – where senior staff are involved in pre-sales, but then once the contract is awarded your project is assigned to junior staff.
Are they willing to allow you to conduct a security background check for the staff assigned to your project?
- Sorry, Maven Security does not hire elite ex-criminals. Our client’s don’t want to take that risk, no matter how small it might be.
Are they incorporated? How much errors & omissions insurance do they have?
For on-site/internal security assessments, are they willing to let your staff observe?
- If not, perhaps they don’t want you to see their “proprietary” three-step methodology (point, click, and print).
Maven Security encourages its clients to observe (and even participate) in security assessments conducted at the client site. This ensures you see the quality of our staff and methodology, as well as transferring knowledge to your IT audit staff so they can do their jobs better.
For a more information see our presentation entitled, A CISO’s Guide to Ethical Hacking .