Use our contact form above to get started.
If you are looking for our price schedule for penetration testing, you can find it here: Cost Of Penetration Testing.
Link Mountain has no direct sales costs for our penetration testing services.
Yes, you get what you pay for, unless you are paying for your vendor's sales staff to go find and sell their next client. In that case, your vendor gets what you pay for.
Why Do We Publish Our Penetration Testing Prices When Others Don't?
The short answer:
When you have a price advantage, you are not afraid to discuss price. In that respect, penetration testing services are no different from other business to business services. We have a price advantage, so we are not afraid to publish our prices.
The long answer to the obvious question:
The obvious question is, why do we have that advantage? If the price advantage occurs because of low quality penetration testing, lack of knowledge, poor communication or some other shortfall in expected service, that would be a problem. So let's look at the old adage 'you get what you pay for'.
Does a lower price for penetration testing mean lower quality service?
It is certainly true that quality penetration testing takes time and effort, from highly skilled technical people who are not cheap. So the obvious answer is - yes, lower prices generally equate to lower quality, for the portion of what you pay that is actually going toward the penetration test. So what could you be paying a penetration testing vendor for, except penetration testing? Here are the cost factors in penetration testing that have a quality impact on you, the customer:
So, it is important to know how much of what you pay actually goes toward penetration testing, tools, training, client communication and reporting, all of which would impact quality, and how much goes toward covering other costs that do not benefit you, the purchaser, and therefor do not impact quality.
You get what you pay for, but what exactly are you really paying for?
With most penetration testing vendors, you pay more toward sales compensation than you do to the direct cost of penetration testing.
That's a pretty bold statement, but true. Before exploring it further, please know that we are not referring to client communication expenses. Solid client communication, before, during and after the penetration testing engagement is a critical quality component and we certainly consider it to be part of the direct cost of quality penetration testing. What we are talking about here is direct sales compensation, and the relationship it has, if any, to penetration testing quality.
You can easily find penetration testing vendors who have taken up the subject of price and quality. Many of these vendors list on their websites the factors that they consider important in penetration testing cost. Curiously, we have never seen 'cost of direct sales', or even 'overhead' listed as a cost factor on any vendor website that discusses the price of penetration testing, except this one.
If it seems to you that direct sales and other overhead probably is a cost factor, then you are close to understanding how we can offer lower prices with equal or better quality. Reason would suggest that companies who use direct sales (which is nearly all of them) must have some sales costs and everyone must have some overhead costs of some kind, but how much are we actually talking about? Is it actually significant, or are we just inflating the issue so we look better?
A 2013 report issued by Sageworks states that private firms offering professional, scientific and technical services had average overhead representing 51% of sales. In a similar report from Schonfeld & Associates, titled: 2013 SG&A Expense as a Percentage of Sales by Industry Sector, the Information Technology sector in general had SG&A (selling, general and administrative) expenses ranging from 14.13 % for the lowest 10th percentile, to 37.47 % for the median, and 71.27 % for the 90th percentile. Information technology is obviously a huge sector, of which information security is a small slice, and penetration testing even smaller. Nonetheless, the range reported by both firms is consistent with our own observations, with most penetration testing firms spending 50% or more on SG&A, the largest component of which is direct sales compensation.
Those reports only deal with overhead, the numbers do not include profit margin.
Here is an example to make this point as clear as possible: If you are paying $10,000 for a penetration test, and $6,000 of what you pay is covering sales overhead plus profit margins, then only $4,000 of what you are paying could actually have any impact on quality, because that is the only part of what you are paying that actually impacts what you are getting. The remainder is being spent by the vendor to attract more customers, or pay other indirect costs, or represents their profit, none of which gives you any better quality. In this example, only 40% of what you are paying could possibly impact quality. If another firm with the same direct cost of $4,000 publishes their price at $6,000, they may actually provide the same or better quality, and may even have a better profit margin, if they have substantially lower overhead.
So, yes, you get what you pay for. Unless you are paying for your vendor's sales staff to go find and sell the next client. In that case, your vendor gets what you pay for.
Link Mountain has no direct sales costs for our penetration testing services.
Link Mountain does not employ any direct sales staff. We don't have anything against direct sales, it serves a valuable purpose for many firms, but we have been successful without it. We are a team of certified information security geeks from the US, without a sales staff, with each of us responsible for quality client communication and service. One of our maxims at Link Mountain is "Focus on one thing and become very good at it". Another is, "Don't worry about slower growth than our competitors, worry about efficiency, quality and retention". We focus on service delivery and on building long term client relationships rather than direct sales, and let our prospective clients find us - as you just did. We are able to offer very reasonable prices for quality penetration testing because penetration testing is all we do and we have no sales cost overhead at all.
Still, you get what you pay for, right?
Yes, and you can find lower rates than we charge. There are vendors (some of them large and well known) who will charge substantially less than we do and give you a vetted (if you're lucky) automated vulnerability scan, after they transfer it to a 'penetration test' report. Others use off-shore or under qualified resources, or cut into quality service some other way. Sometimes that's all you want, just a 'check the boxes' type of engagement that 'proves' you were 'tested', and you're not too particular about reporting or results. We don't really object to that. Maybe you've been forced into doing something you didn't want to do, don't see the purpose of and you just want it over with as little attention as possible. There will always be clients who want or need that kind of service. If there are clients who want it then it should probably be available from someone, but we don't provide that type of 'testing'.
Link Mountain has conducted hundreds of quality penetration tests for banks and financial institutions, hospitals and clinics, law enforcement agencies, state and local governments, colleges and universities, defense contractors and merchants over the last decade. We have extensive experience and understand the complexities. Our standard testing includes full manual review of all applications and services in scope and extensive manual testing by our certified security professionals, all of whom are US citizens with background checks. In short, we have a lot of experience, hire quality people and provide quality service.
Our low prices are not an accident, and are not a reflection of lower quality. It is not a reflection of our generosity either: we can, should and do make a profit.
The reasons you pay less for quality penetration testing with Link Mountain are simple: we ask you to help us plan efficiently and pay on time, but we don't spend any of your money trying to find our next client. We are patient enough to allow our clients to find us, and your visit to this site is the best evidence we can give you that it works.
We have a price advantage, and it's a fully justified advantage stemming from our business model. That's why we are not afraid to publish our penetration testing prices while other vendors may be reluctant to do so.
More questions? Just contact us today, no pressure - just answers.
Use our contact form at the top of the page to get started.