Just saw this post on the FeverBee blog and I’d like to jump in. Hopefully this helps address some of your questions @richard_millington
I’m the Senior Community Manager for Bugcrowd, we’re a crowdsourced security community. Our community is made up of over 19,000 ethical hackers/security researchers.
In terms of finding freelancers or consultants, I’d suggest contacting your local OWASP group in your city and seeing if they can recommend anyone that’s local. I may also be able to help, since many folks in Bugcrowd’s community are security consultants and freelancers.
For pentesting programs, I’d suggest looking into something like a bug bounty program. It’s what we do at Bugcrowd and it gets great results for your money. We work with Pinterest, Tesla, Dropbox, Western Union, LastPass and many others.
For any kind of pentesting I’d expect your budget to start at 10k, but prepare to spend closer to 30-50k for one of your first engagements.
So some of my suggestions:
- Find the security person in your company and if you don’t have one, encourage your company to hire one.
- Use a Password Manager like LastPass to generate secure passwords and to share passwords with others in your organization
- Always, always, always update your software and make sure you’re using the latest security updates. If your forum or website is running on ancient stuff, you’re going to get owned.
- In terms of personal security, make sure that all of your devices are password protected and that your data/harddrives are encrypted. This is really easy with Mac Devices, make sure the firewall is enabled and that you’ve turned on harddrive encryption.