Tuesday, December 4, 2007

4 comments:

PaulM said...

So you're "reviewing" security consultancies by looking at their web sites?

Aside from the obvious explanation - that you're not serious, you're broke, or both - why wouldn't you at least evaluate their actual work and deliverable?

Hell, if you can get any of these companies' sales guys out to lunch, you can usually see staff resumes and sample deliverables for free (plus free lunch!) If you're going to call out security companies for being half-assed, the least you could do is not be half-assed in calling them out.

secreview said...

Incorrect, the website is only a small aspect of what we review. Our standard practice is to read the website, research any names that might exist on the website, call the business and speak with sales or account managers, examine network addresses, search for posts from the companies domains, etc, etc. If we only read the website then we wouldn't be doing much justice.

On the other hand, if you actually read this blog you wouldn't have asked us this question. The answers are in previous posts.

Anonymous said...

acquirers is Payment Card Industry (PCI) talk for acquiring banks.

secreview said...

Anonymous, thank you for the clarification. We'll make sure to modify the blog post with your comments. Very much appreciated!