Ah, some good and even great advices here.. I'll get back to it later when I have time.

Oh well. I guess I'll just keep my sure-fire method to create a successful business to myself.

No! No! It's too late now. The moment has passed.

DaShi,

Cort Haus, feel free to share advices if you have them though, just understand that I am unwilling to give out the business idea just yet. I will reveal it of course later on when it's going to be launched, but right now I'd rather keep it in smaller circles. There's no huge secrets in it, and there are businesses like that already but I still prefer not talking too much about it. It also saves me some embarrasment if I fail to launch it

BUt yes I need a programmer and yes, it's not software development or production. I am a software engineer myself so even though I'm not a know-it-all, I wouldn't ask general advices regarding that in here, even though there are more than qualified people to give great input in that sector as well.

It's business only advices I'm looking for, they can be very general and simple. Kid gave few and I gave him crap about it but he did answer my request so I was in the wrong for giving him hard time about it. Sorry about that Kid. But you did insult Trump so you did deserve it!

I will reveal what it is OK read on then!!...

There were many great advices so far though, thanks for your input.

OK but you are all so freaking.. I mean, fine, I'll give out the idea, it's not like there aren't any businesses like that already and it's not like you'd be stealing ideas or business. At most, only bring some competition and lose sadly to me

The idea is basically what I'm becoming an expert. Let me tell you what I do so you will know how I'm getting into it. I'm a software engineer, so I have an understanding about programming, software development etc etc.. It's what I do. I have, for a year now, concentrated on information systems more, as in designing them and all crap that comes along with it, evaluating, testing etc.. even though testing kind of goes off a bit from that. But I have some knowledge about IS's in general as well.

However, what I'm looking at is the security aspect, and what I see as the greatest gap so far in it is the human component. If users of the IS 'use it wrong', have bad policies, policies that they don't follow, all the security part of it goes to crappers. There's no need for fancy software and security systems, when the human factor is failing badly. HUmans will always be the failing component of security, so it's not miracles I'm expecting to see. Better policies, education, realizing what actually does happen etc is more about it.

However, I'm not looking into viruses so much or attacks that happen via the internet. I'm looking into social engineering. Hackers breaking into systems using social engineering.

What the business of mine would involve is first of all do security auditing, meaning that I (and my employees) will try to break into the systems using all means available, mostly social engineering. So why do I need a programmer? I need a talented programmer so he/she can create me things and tools I need, custom made, such as trojans etc. Trojans that I might be installing into computers in the actual location, physically doing it (not sending via the internet) etc. And for purposes such as that. Not necessarily breaking into systems but giving me the tools what I need for local action.

I need a person or two to do this with me, I'm not operating alone, meaning that we can strike different locations at once, we might have more than one customer, and also I might get caught so we need to continue with another person etc. And also they might be, and should be, more talented in it than myself. I can only do so much, having the knowledge adn techniques, but there's always those who are very talented and should be doing it instead of myself.

So, if I have a customer, I'd have different type of deals we could do, ideally I would have say few months to test the security, and we'd strike everywhere we can and choose, without their knowledge. When the time is up, we come back with a report, and see what we were able to do. And after that comes consulting, how can we make the security better (without creating obstacles to working etc), maybe educating key people of that environment etc etc..

So it's basically security auditing with a bit different methods than just hacking via networks. There's plenty we will do, dumpster diving, using phones, face to face, stolen identities, assumed identities, fake businesses (working as a subcontractor etc, reverse social engineering), faking to be doing security auditing when we actually are (but not getting carded or anything etc), stealing valuable information most likely with ease.

This is what we would do. How valuable is it? How valuable your information is. How valuable it is to you, your competitors, or say if it was public domain? The edge on market, maybe it's technological.. it might be your period information, quartal information, how much of a value it is to investors? etc etc etc... so there's lots of value in the work, depending of course how well you can shape the policies better and educate the staff.

This is the idea.

OK maybe you know enough now? What about them advices?!

If you want quick success then talk to a venture capital company and try to get them to invest in your product, whatever it might be. You will have to tell them what it is first though, but at least then you'd get money as well as advice.
But they will own a large chunk of your business, and in order to recoup their initial investment, then they'll want you to get to the stage of selling shares as soon as possible, because this is where the big money for them will come from.
If you don't want quick success, then built it up yourself. If you have a really good product then the big companies will come knocking on your door for licensing rights or takeovers. Trouble is, once you've cashed in on this then you'll need another good idea to start again, or to keep them interested.

Ha ha. Now I'm going to move to Finland and set up a security auditing service. No more advice for you, Pekka! Sucker!

Yookay's nearer! I'll race ya Kontiki!

Sorry, my earlier post was a cross-post before Pekka explained the nature of the beast.

Kontiki,

Someone stealing the idea isn't my worry, there are businesses like that already. However, about the methods we will actually use and the precise techniques are bit of a secret, but that's not important. The idea is to show how easy it is. You can't bunker your place of business, but just make it a bit more difficult for intruders plus be aware that these things can be done like this, so at least you learn to ask questions and realize there are no questions without agendas when dealing with certain type of people.

It's to break the false sense of security. And it's to teach how people can be manipulated. It's to show how important good screening for new employees is in some critical operations etc etc.

And it's to show that all the millions gone to security are pretty moot if you trust them blindly. It can't be bought, it has to be taught, security that is. There's always people who wont' take it seriously, and it's not the job of everyone to be paranoid, but the key people AT LEAST need to be humble and open minded.

Now, the reason I wasn't feeling good about telling about this is because even though I'm sure about my path, I don't want to start arguing with you guys about it. Because there's always one or two posters in every thread (in most, it's me!) that takes the focus on something that's not wanted and then it's all bollocks.

I don't have a problem with the content so much but how to build a succesful business around this action. That's the problem for now, because I'm pretty uneducated, inexperienced and stupid when it comes to business .

Stating the obvious, but if there are companies already doing a similar thing, then to begin with you have to undercut them to get customers interested. Then, once you have enough customers, you can start adding other "value-added" () services, and charge the earth for them. But to get noticed you either have to be totally unique, or pretty cheap.

Well, there are not tons of companies like this even though there are some, plus there are next to none in here. I'm actually not aware of a single company in here that really does it like we do.

There's room for more competition, definitely. That's not the question .

Honestly, the first thing that jumped out at me from that in regards to your initial questions is that you probably don't need much of a staff to begin with, and almost certainly not a dedicated office location. The biggest challenge with any type of "consulting" service is building a reputation for credibility. Everybody and their monkey can market themselves as a consultant, and I'd assume you're going to be competing with the IBMs and Deloittes of the world in this endeavor. On that note, you'd probably want to research what they do as best you can. Here's a start:

I take it that "without their knowledge" does not mean without their consent. They will be aware that an attack from you will occur, they just don't know how and when?

Well I'd assume that the management are aware of the attack, and when, but the employees will not be.
You'd better have some top-notch training plans lined up for the employees after you show how full of holes the company's systems are though.

Also, is there a company that someone you know runs at which you could safely test this idea?
I don't think that any company would let you run ragged over their data if you didn't have some kind of reference or proof of success.

I've been 'banned' from this thread, but my comments earlier about Reference Sites are still valid. It's hard enough breaking down the credibility barrier with a product, let alone persuading a corporate client to take a risk with their entire enterprise's data with a start-up security consultancy. Your best bet is to work for a rival for two years in a similar role that you invisage, and then take that experience with you to the new outfit.

I've seen a lot of startups, as my work has brought me into contact with consultants who've left a larger outfit to start on their own, but their credibility as a start-up comes from their track record of achievements for a previously-established organisation.

Despite my quip about blowjobs, I suspected that data security might be involved, as Pekka has posted on this subject before.

There is one huge security loophole that is rarely considered as such, and it has nothing to do with trojans, viruses, worms, malware or any technical hacking. It revolves around people who do a job such as I do, in fact, but I really wouldn't want the world to know too much about it. I'm an honest guy who would never abuse the data that comes into my hands, but a criminal in my position could make a killing. I was once offered £10,000 cash by one customer for a copy of a rivals data. I told him politely to get stuffed.

If my job was surrounded by heavy security, though, it would be impossible, and I wouldn't do it. In short, I wouldn't like my clients to be subject to Pekka's security screening, not because I'm a criminal, but because I don't want to operate in a tense security regime. Who does?

Anyway, Pekka, sorry for polluting your thread.

{edit - typo}