Risky Business #278 -- Pentest revenue figures puzzling

Just like the Chewbacca defence, market figures do not make sense...
19 Apr 2013 » Risky Business

This week's show is jam packed. We'll be hearing from our favourite firmware hacker, sneaky Snare, all about the leak of AMI's UEFI implementation source code and firmware signing key. What will it mean for firmware research?

We'll also be chatting with Nick Ellsmore. Nick founded a company here in Australia called SIFT, which eventually merged with Stratsec, which was then bought by BAE. These days, apart from being ridiculously wealthy, Nick has put together Delling Advisory, a consultancy focussing on mergers and acquisitions in information security.

And he's been writing some very interesting blog posts about the Australian information security market. He might be focussing on things downunder, but I'm pretty sure what we're talking about today applies everywhere -- penetration testing revenue estimates just don't add up. Nick believes a lot of mandated pentesting work in Australia is actually being done by IT systems integrators that don't actually have appropriate skills, or isn't being done at all.

This week's show is brought to you by Senetas, an absolutely awesome company that makes layer two crypto gear. You should go to Senetas.com and buy all their things. In this week's sponsor interview we're chatting with Senetas CTO Julian Fay about a proposed extension to BitCoin called Zerocoin. The extension is designed to make Bitcoin anonymous.

As always, Adam Boileau joins us for the week's news headlines. Show notes are here.