Home IT Security Business

[therealcrazy8]

I'll try to keep a long story short, but after spending 4 years at ITT (huge mistake) and getting my Bachelors in Information System Security/Cyber Security degree (the only blessing from that mistake) and have had some struggle with getting even an entry level position. I have all sorts of IT experience and security is what I really want to be doing. This has lead me to think about some things considering where I am in life (I'm 36) and doing helpdesk work. Not where I was hoping to be after all of my experience and schooling.


Anyway, enough of that. My idea is looking into IT security for home users. With the number of users at home (young and old) who are unaware of the threats out there, or at least how to protect themselves from them, especially when considering things like identity theft, phishing scams, or the teenage punk next door. I see a need here and quite honestly these people deserve better than the clowns at Geek Squad. Here are some of my ideas with this possible endeavor.



* Install new wireless routers (with security in mind)

- change SSID or don't broadcast

- change default password

- review security options

- limit number of devices / MAC filtering



* setup/install firewalls (software and hardware options)

* install antivirus software

* new network installs

* running cable


* backup solution

- Not sure what this would look like but I have 4 years experience of Symantec Backup Exec experience and even though that may not come into play as far as that software, I would like to offer an affordable backup solution, perhaps even free that i could even apply a monthly charge to if I house the backups. I do have my own web server that backups could somehow be stored on, or I could come up with something else, but either way, I think an affordable backup solution would be nice. The capability of doing a full system backup would be nice, but maybe just file backups is a bit more obtainable for now?

* Perform virus/malware/spyware scans

* Network upgrades (routers, switches, cables, NIC's, etc.)

* Firmware updates


Later down the road:

- maybe offer different (3) security "packages" (from users who do little to nothing on their computers, to the user who maybe works from home and needs some additional layers of security)

- Home network pen-testing (of sorts)

A few things I am trying to figure out is:

- If I were to do a backup solution, as far as being able to do full system restores, what are some good options for that?

- As far as hardware (routers, switches, NIC's etc.) can the "little guy" have opportunity to get hardware from certain brands to install and turn a small profit off as a opposed to going to Best Buy or something? Not a big deal, just curious about that.

- Kind of also looking for some constructive criticism / reinforcement on my idea with all of this. I am not looking to try to sell corporate solutions to home users. Just wanting to apply my knowledge and experience to help the home users protect themselves better than what they may be.

- Im thinking I should add the usual PC repair services also.

- What are some programs would you guys recommend as far as ticketing, remote access, backups, and anything else I may need to get started and make life easier for me? I don't know how to get all of this started but I am excited and passionate about doing this and seeing how it all goes.

Any help or constructive criticism on this would be very much appreciated. I have been doing a lot of reading in here and their is a tremendous wealth of information I am learning about. I look forward to future discussions with you guys.

Thanks

 

[altrenda]

While it seems like security and protection would be an easy sell, it's harder than it looks. No one really wants to pay for this unless they or someone REALLY close to them has already been compromised. And few want to pay for good, real backups until they have lost precious files. And even then, they rarely want to pay to get that data back unless it's mission critical.

In my experience, whether it's business or residential, it's a good upsell to compliment other, basic services, but hard to use as a stand alone. It can be a door opener, though.

There certainly is the opportunity to buy and resell good quality equipment plus your expertise, at a profit, but like the rest of this job, finding enough paying customers is the key and I haven't seen a sure fire method for that yet.

Others may have different experiences.

 

[therealcrazy8]

While it seems like security and protection would be an easy sell, it's harder than it looks. No one really wants to pay for this unless they or someone REALLY close to them has already been compromised. And few want to pay for good, real backups until they have lost precious files. And even then, they rarely want to pay to get that data back unless it's mission critical.

In my experience, whether it's business or residential, it's a good upsell to compliment other, basic services, but hard to use as a stand alone. It can be a door opener, though.

There certainly is the opportunity to buy and resell good quality equipment plus your expertise, at a profit, but like the rest of this job, finding enough paying customers is the key and I haven't seen a sure fire method for that yet.

Others may have different experiences.

Well I would have no objection to doing computer repair and maintenance stuff. I have more than plenty of experience to be able to do those things. Maybe, down the road if/when I get some businesses into my list of clients, I could offer security services of some sort, perhaps even writing Disaster Recover Plans and stuff like that.

Thanks for you comments on all of this, I really do appreciate it.

 

[Knightsman]

you will by far, make a lot more money doing business work than residential. Sounds great, but apply it to local businesses.

 

[Markverhyden]

Most consumers could care less about the whole IT security thing. I've only had a handful who were truly concerned enough that they implemented great security measures based on my recommendations. Even businesses can be a tough sell. Of course a lot depends on where you are located but, as mentioned, business support is where the money still is.

 

[therealcrazy8]

you will by far, make a lot more money doing business work than residential. Sounds great, but apply it to local businesses.

That's good to know. Thanks for sharing that. On a business perspective, do you think it would be a good, bad, or maybe even best, to form a customer base of home users and then once I have developed my operation and all of that, then move into getting some businesses on board? It just so happens that I have a very good friend who owns a machine shop that her grandfather started many years ago. She could be a great "in" to get me out to other businesses that she works with. But as it is right now, I have a good number of people who ask for my help with everything from driver upgrades, virus issues, data recovery, and building custom systems.

 

[sapphirescales]

I'm sorry but your experience will probably turn out to be useless when it comes to home users and even business users will be a really hard sell. You can make this part of your business, but don't make it your main focus. In order to succeed nowadays, you have to be a master at virtually everything. If you specialize too much, you'll end up screwing yourself.

Also, network security is going to go the way of the Do Do in the near future. With 20GB+ of bandwidth with totally wireless and independent services like Clear Channel and even Verizon, it won't be long until most home users won't even have routers or a wired fiber optic connection at home. Businesses will soon follow. The only ones that will be able to make money in this game will be the big players. At best, maybe you can work for one of them and get little better than minimum wage. It sucks, but that's the way it's going. Less than 2% of our business is networking and security for home users, and I don't see that increasing anytime soon.

 

[Knightsman]

That's good to know. Thanks for sharing that. On a business perspective, do you think it would be a good, bad, or maybe even best, to form a customer base of home users and then once I have developed my operation and all of that, then move into getting some businesses on board? It just so happens that I have a very good friend who owns a machine shop that her grandfather started many years ago. She could be a great "in" to get me out to other businesses that she works with. But as it is right now, I have a good number of people who ask for my help with everything from driver upgrades, virus issues, data recovery, and building custom systems.

if your able to build up residential work, do it, its a good way to gain experience, but its hassle getting paid well, and you will deal with a lot more bs than business. If your really good at something, then sell that, I dotn see any reason to not make it a prime focus. You just have to be able to provide a service better than anyone else, sell it, and make money doing it.

 

[LABFE]

I had a similar experience and idea a few years ago and acted upon it. Got the degree in IT security and had trouble getting off to a good start in the corporate world so I decided to launch "WhiteHat Computer Services" because I too thought there was a need in this area. It was a good learning experience, but I lost money. Essentially because it is basically overkill. For instance, MAC filtering for a home or small business would be an issue each time someone needed to connect a new device. Most small business and home users wouldn't want to learn how to mess with it and the risk of being a victim of wardriving is pretty low. Not broadcasting the SSID would also be confusing to users. You may have some opportunities to install some hardware firewalls for small businesses if you can sell the idea. Any appropriate security would be implemented by any good technician in the process of performing regular computer services. Such as installing wireless router and changing admin password and setting a network/SSID password with encryption. But not broadcasting or MAC filtering is more suitable to corporate computing. Pen-testing would also be overkill for home users or even small businesses unless you had someone who was really intrigued and concerned. Also, malware scans and installing antivirus and updating operating system and applications are all just part of general computer services and repair.

To get to my point, if you really want to do security I would stay in the corporate world and add Security+ to your degree and then start working on other security certifications such as SSCP, CISSP, etc. (there are numerous ones to pursue). Eventually by adding to your education, experience (even if it's IT support), and certifications you can work your way into a security position. Believe it or not a lot of people in IT security roles don't even have education in security. It's because there is a shortage of these folks so they end up hiring people with business degrees or just education in other areas. I worked with a business major and a meteorology major to name a few. It's just about applying for the right job at the right time.

(Or) start a business doing regular ole computer services (Geek Squad type business model to give you an idea) and just practice good security measures that are reasonable for your respective customer. The fewer security problems they encounter using your services the more they'll associate you with providing a quality service; although you can't protect them from everything. You probably wouldn't want to house backups yourself, but rather sell an online backup service such as Gillware or Carbonite, etc. They use elaborate data centers with ridiculous redundancy. Security won't be your bread and butter in the home and small business area, but the security knowledge will come in handy and help you succeed. RepairShopr is very popular for ticketing/invoicing and you can learn about a lot of popular tools/utilities used by other techs on Technibble by reading here. Get a Zalman "Hard Drive Enclosure" for all your Windows ISO's and other ISO's you may use such as Parted Magic. Many techs are now using RepairTech's TechWARU and TechUSB as well.

 

[therealcrazy8]

I have been thinking A LOT about all of this and I am quite excited to get started. I was looking at the Business Kit v3 and I am thinking that would be a worth while investment. I'm also going through different software and services that I may need to help me and my future clients out.

I will be (prefer to be) working as much as possible out of my home. At least for now. I am also thinking about how to get advertising, especially for just starting out. Luckily I have a church with a congregation of about 300 that may be a great start. So this got me thinking... What were those first days or weeks like when you first got started? What types of things did you make sure you had right off the bat (ie hardware, software, services, legal documents, contracts, etc.)?

I thank you all again for all of the great and valuable info you have already provided.

 

[YeOldeStonecat]

Good luck selling those kind of bundles to home users.

Just some feedback on the wireless steps...you know hiding the SSID isn't any measure of security. Only keeps grandma from next door from accidentally seeing it. Any kid that wants to screw with a neighbors wireless system will be using wireless hacking tools that see the SSID anyways.
And MAC filtering is useless with todays hacking kits also.
Just keep it updated with the latest encryption (currently WPA2 AES).

But any kid 4 years old or above will be using wireless hacking software that will see right into hidden SSID and blow right past MAC filtering within seconds. Literally.

 

[goldmercury]

I've got a friend that's fresh faced and just out of Uni. He to was doing some sort of security type degree. He's making a killing with solicitors & accounts. They've got real money to spend compared to home users. He offers security audits and consultancy. They are crying out for this type of things just now in the UK. Hacks like the TalkTalk scenario make this an easy sell.

Not sure why you want to go after home users? That seems short sighted.

 

[Moltuae]

I agree with the other comments; selling IT security services to residential aint gonna be easy. I think it's probably wrong to say that most don't care about security, rather they don't know about security. I think ignorance is the reason for their apparent apathy.


@therealcrazy8: Have you considered advertising and running local computer security training events?

If you keep the cost reasonably low (say £20/$30 per head or less) there's a good chance you'll fill a classroom, make a few hundred pounds/dollars for just a few hours work AND I think it's quite likely (once you've educated a few people on the importance of computer security) that you'll acquire some spin-off work.

 

[therealcrazy8]

I agree with the other comments; selling IT security services to residential aint gonna be easy. I think it's probably wrong to say that most don't care about security, rather they don't know about security. I think ignorance is the reason for their apparent apathy.


@therealcrazy8: Have you considered advertising and running local computer security training events?

If you keep the cost reasonably low (say £20/$30 per head or less) there's a good chance you'll fill a classroom, make a few hundred pounds/dollars for just a few hours work AND I think it's quite likely (once you've educated a few people on the importance of computer security) that you'll acquire some spin-off work.

This is actually something I have been thinking about lately. I think what I'm going to do is focus on starting the business and getting a good customer base established and get an idea on what workflow, scheduling, and all of that will be like. I have also decided to focus my efforts on doing more computer services now and running with that. It's kind of something I have done for many people in the past, so now I am going to do it for more people and start charging for it now...lol