Hunting for Buried Treasure

In 1955, Teddy Tucker was treasure hunting off the coast of Bermuda. He’d brought up some interesting artifacts, but his instincts told him there was something big hiding below. It was hurricane season, and the weather was threatening to storm. Anxious about how much time he had left, he decided to make one more dive with a water hose. He turned on the jet to blast sand clear – what he discovered next forever changed his life.

After the debris settled, his eye caught a gold object lying face down in the sand. Turning it over, he discovered an emerald encrusted cross – a relic from the wreck of the San Pedro from 1596. In modern dollars worth 6 Million. This incredible find cemented Teddy’s place in history as a preeminent treasure hunter. The lesson Teddy learned that day is clear; you never know what you’ll find unless you search.

Uncovering opportunity takes patience, persistence and a plan. In the world of business, when you want to go hunting for buried treasure, you audit technology infrastructure. Given the trust of a client and your willingness to dig, there are more opportunities than you can possibly imagine.

In this article, we’ll explore one example of the low hanging fruit of technology audit options available to your practice – Network Vulnerability Testing. You’ll be surprised at the wealth of other opportunities that exist in your current customer base – opportunity to improve their operations and make them stronger, not to mention help your bottom line along the way.

First, some advice about performing technology audits for your client. The process is quite straight forward (once the client has agreed to the service).

  • You’ll want to collect all the information from the client. Print hard copy output, take screenshots, grab a copy of the various related configurations and log files. Repeated visits to collect information make the experience appear disorganized from the client’s perspective so try to collect everything you think might be relevant at one time.
  • Once back at your office, you’ll have time to organize and review the materials and piece together what you’ve uncovered. Take your time – the picture may require careful scrutiny to come into focus.
  • Finally, you’ll need to summarize the results into a cogent report. The report should provide enough details to support your conclusions. Keep the wording clear and conversational and explain what you’ve discovered in plain language.
  • Summarize your results and highlight the actionable details. The client will want to understand how you plan to help them resolve the issues you’ve uncovered.


Network Vulnerability Testing, suggested MSRP $1,200

Vulnerability testing is the process of checking every device connected to a network for potential weakness. Sometimes called penetration testing, it describes the process of identifying every networked device, determining the operating system its running and the network services it provides and then after consulting a master list of known exploits, attempting to determine if the exploit has been patched or is an active threat on the device. The result of the scan is a report that describes what was found and recommendations on mitigation.

Once the weaknesses are identified, you can build a plan to assist the client in remediating the issues identified. In some cases, the solution may be as simple as applying a software patch or in more complicated cases; it may require architecting a new system.

The benefit to the client is proactive identification of weaknesses in their network. They can then make the choice whether to fix the problem, to live with the risk or to decommission the service if its obsolete. Whatever the client chooses, they will have ability to make a choice – rather than becoming an unwitting victim of hacker attack.

There are several good tools to assist you in performing the Network Vulnerability Testing. The one we like the best is OpenVAS ( It’s an incredibly comprehensive testing platform, with over 33,000 tests included. It’s a fully automated tool, which gives you the ability to initiate the scan and then return to collect the results when its finished. In a large environment, the scan can take days to complete.

OpenVAS is intended to be run under Linux and if you have access to a Linux platform this is your best choice. But OpenVAS also comes with a virtual application deployment option. You can download a VirtualBox application that will run under Windows.

Once OpenVAS has completed it’s scanning activity, it will generate a comprehensive collection of reports. Each device it found along with what it discovered is meticulously described. You’ll find real gold in these reports.

We suggest you offer this service for small to medium networks starting at $1,200. Since the collection process is largely automated, the fee is primarily to cover your cost of generating your summarized plain language report to the client.

As an add-on, you could charge an additional $400 to perform an “external” Network Vulnerability Test. This test you would run from your office and scan the client’s network. In most cases, it will likely only be able to scan the client’s router – but you may be surprised to discover the client’s network has other openings they and you may not have been aware of. If you choose to add the “external” option, and the customer uses hosting services, be sure to add their Website and Mail server ip addresses to the scan targets.

A word of caution on external scanning. Your ISP may consider your scan of the client’s network to be a hostile action. It is worthwhile to contact your ISP before you begin the scan and discuss their policy in regards to penetration testing of your client’s network. Having a written letter of authorization from the client in advance can make this process go smoother.

Regarding pricing, you can easily justify charging more for this service. There are many firms that charge $3,000 for scanning 30 hosts in a network. Our suggestion is to lower your price. We suggest this because we assume the client will want you to fix the vulnerabilities you uncover. Our belief is the fee you’d collect for remediation would far exceed the scanning costs – but the choice is up to you and how you approach client relationships.