[bitexploder]

They perform incident response and forensics for organizations that are compromised. Incident response is the highest bill rate infosec consulting you can do. It requires travel (used to, still does some today) and decently high technical skills. They are big and can combine the data their consultants collect into an intelligence platform that they sell as well.

[OrvalWintermute]

> Incident response is the highest bill rate infosec consulting you can do. It requires travel (used to, still does some today) and decently high technical skills

I take a tiny bit of issue with that.

Cryptography consulting is a higher labor rate, and higher end pen-testing w TS SCI+full poly, and application security gurus are above, or equal to IR.

There are currently poaching wars going on around talented IR folks. A fortune 500 recently hired away an IR colleague with whom I collaborated around tap & agg with a FAANG type offer, RSUs, the whole shebang

[bitexploder]

By volume. Cryptography consulting is a very lucrative niche but there is an order of magnitude less of it happening based on my wild guesses. I have run a high end boutique for 9 years and been doing infosec consulting for 15 years tho, so my guess is somewhat informed, I hope.

Even high end appsec, seceng, and legit reversing pays below crypto and IR. We just can’t charge as much for it for all but the most niche and demanding environments, which is not the bulk of what’s out there.

I am thinking averages here. I know there is high paying work in each domain, but the skills used are also highly developed, etc. If you wanted to build a high end consultancy with a lot of work IR is a great choice. I know ToB has done awesome in crypto (blockchain/contracts) space, etc. but I think IR work is a little easier to get into and build a business on without having really advanced and niche skills.

[tptacek]

This is like saying that Walmart cashiers have a higher bill rate than M&A attorneys, because there are so many more of them --- they're higher "by volume".

[bitexploder]

That may be a bit reductive, but I take your point. The deepest skilled niches in our field always pay most in absolute terms.

[dogman144]

Ya would also add smart contract auditing as possibly the highest billing right now. Pushes $400/hr for freelancing and similar w2 comp.

[sumdude1847]

IR/forensics consulting is definitely more than $400/hr.

[dogman144]

Hm would like to see JDs for that, unless you're referring to the really white glove stuff (ex-whatever, no name consultancies with incredible reps).

[OrvalWintermute]

Nope.

Have seen labor rates across Fireye, and a host of others.

[sumdude1847]

Then the rates you have seen are incorrect, old, or the result of special circumstances.

[tptacek]

It is not my experience that IR people bill $3k days --- though Mandiant definitely has billed out projects that high.

[tptacek]

IR is nowhere close to the highest bill rate infosec consulting you can do. Not even in the ballpark of it.

[Jabbles]

Do you have a rough ranking? Nothing formal, just your best guess.

[tptacek]

Difficult or "gated" specialties (like automotive) command higher bill rates --- so hardware, automotive, cryptography, maybe some kernel work (I don't know anyone that has a formal specialty practice in "kernel", it bleeds into other stuff).

IR is a huge practice area, lots and lots of people do it, and the line-level consulting work here is stuff that isn't at all difficult or specialized (log file analysis, imaging). There's specialty work in IR too, of course (there are firms that specialize in memory forensics, for instance), and that bills higher.

Mandiant is like the PwC of IR firms; Mandiant can get contracts that bill basic log file analysis out at $3k/day, because they're Mandiant. That doesn't mean the person doing that work is seeing proportionally more income themselves, or that a team of people striking out on their own from Mandiant are going to be able to bill comparably.

On the other hand, a team of cryptographers or hardware reversers at a big firm probably could expect to see comparable bill rates after starting up their own firm.